SCCM Client : Connection Type = Intranet / Internet

Question

Team,

A Quick Question…

On what basis a ConfigMgr client decide to be in Intranet or on Internet.

I have read the docs which state that “If client is able to contact domain controller or on-prime MP , it remains as “Currently Intranet” & vice versa.”

I am able to ping Active Directory Server IP & SCCM server IP from this client.

Still it is showing ” Currently Internet” .

Technically , how client perform a lookup , whether to be on Internet or Intranet.

Thanks.

solved 1
Deepak Verma 2021-08-27T16:11:59+05:30 3 Answers 2379 views Beginner
0

Answers ( 3 )

  2. Jitesh Kumar
    0
    2021-08-29T12:00:06+05:30
    Reply

    Hello Deepak, The Configuration Manager client automatically determines whether it’s on the intranet or the internet. If the client can contact a domain controller or an on-premises management point, it sets its connection type to “Currently intranet”. Otherwise, it switches to “Currently internet”, and communicates with the site systems assigned to its site.

    More you can check Microsoft Posts on details – https://docs.microsoft.com/en-us/mem/configmgr/core/clients/manage/plan-internet-based-client-management

    • Deepak Verma
      0
      2021-08-31T20:50:31+05:30
      Reply

      Hi Jitesh,

      I have gone through the document. I would like to know deep inside , how ConfigMgr agent query Domain Controller & set itself on Intranet/Internet.
      Thanks

      • Deepak Rai
        0
        2021-09-22T03:25:22+05:30
        Reply

        Good Question, What Jitesh gave you it has deep dive actually.

        Technically it’s not depending only on few things. There are several components.

        1. First thing first. You can control this behavior and direct clients to internet
        Reg add “HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CCM\Security” /v ClientAlwaysOnInternet /t reg_dword /d 1 /f

        2. Next one comes into picture is Network Location Awareness. Check HKLM\System\CurrentControlSet\Services\NlaSvc\Parameters\Internet\EnableActiveProbing

        3. This registry value can be controlled with group policy:
        Computer Configuration\Administrative Templates\System\Internet Communication Management\Internet Communication Settings\Turn off Windows Network Connectivity Status Indicator active tests (you would disable this setting to change EnableActiveProbing from 0 to 1)

        4. Boundary groups are also responsible.
        5. VPN connection.
        6. Proxy or Direct Access.
        7. AD Schema and SCCM servers container in AD.
        8. MP. eHTTP option too.

        Anoop Sir wrote few about it.

        https://www.anoopcnair.com/sccm-architecture-diagrams-decision-making-guid/

        Another one by him

        https://www.anoopcnair.com/more-flatter-hierarchy-with-sccm-configmgr-cb-and-some-smart-decisions/

        This will help you.

        If anymore questions then happy to explain.

        Best answer

Leave an answer

Sorry, you do not have permission to answer to this question .