Configure SUP location for IBCM (Internet Only) Clients

Similar Messages

• Configuring SUP address for IBCM Clients

  I have a question about how to configure SUP address for clients that will be roaming from Intranet to the Internet (aka VPN Users)
  Currently I have IBCM up and running.  Clients report in and are able to download and install software from the IBCM DP.  Currently we have group policy's configured to point clients to the correct internal WSUS/SUP servers. 
  For clients to use IBCM and Internet based SUP is a Windows Update group policy not possible at all?  For example is the only way for clients use the IBCM SUP to have absolutely no WSUS Group Policy configured?  Is configuring a Domain Group
  Policy to have clients point to the Internet Based IBCM SUP not possible? 
  SCCM 2012 R2
  Thank you. 

  You can create a group policy to point to your SUP.  Configure the policy, Specify Intranet Microsoft Update Service Location.  Its located in Computer Configuration - Administrative Templates - Windows Components - Windows Update.  Note
  that the local group policy will be created regardless of using the domain group policy.  So, its just a redundant effort. 
  Best, Jacob I'm a PC.

• Scripting active configuration deployment location for an oracle module

  Hi,
  Does anyone know how to script the setting of the active configuration deployment location for an oracle module?
  I have executed the following which works fine but I can't figure out how to make it active so the module shows up in the control center to allow deployment.
  I can of course do it manually in the design center by right clicking on the module in the design center, selecting 'Configure' and then (strangely) just selecting the location property which then automatically sets the active location and then it shows up in the control center.
  OMBALTER ORACLE_MODULE 'MOD_EXT' ADD REFERENCE LOCATION 'MIG_EXT_LOCATION' SET AS DEFAULT
  Oracle module MOD_EXT altered.
  OMBALTER ORACLE_MODULE 'MOD_EXT' SET REFERENCE METADATA_LOCATION 'MIG_EXT_LOCATION'
  Oracle module MOD_EXT altered.
  Any ideas?
  Regards,
  Brad

  Hi Brad,
  before you set the location you have to set the correct configuration (in case you use more configurations than the default "DEFAULT_CONFIGURATION") as active configuration:
  OMBCAC 'MY_CONFIGURATION'
  Regards,
  Carsten.

• JSF, ADF BC, 11g - Configure default location for pageDefs

  Hi all,
  As the title suggests, I was wondering if there is anyway to configure the default location for pageDefs.
  I've been having some issues when creating a page through faces-config.xml.
  If I don't put a folder before the jsp name when declaring the page in the faces-config - eg. /Home.jsp - then the pageDef is created in the correct place - eg. /adfmsrc/com/delexian/app/pageDefs
  However if I do put a folder before the jsp name - eg. /app/Home.jsp - then it puts the pageDef in /adfmsrc/app
  Anyone know of a workaround?
  Cheers,
  -chris

  Hi Chris,
  not that I know
  In case you have access to Metalink, I logged Bug 7502373 - PAGEDEF FILES NOT CREATED UNDER PAGEDEFS PATH FOR JSPX CREATED IN SUB-DIRECTORY
  a few days agi.
  See also Note 744764.1 - PageDef Files Not Created Under PageDefs Path For JSPX Created In Sub-Directory
  For now, I only see Refactoring as workaround.
  Regards,
  Didier.

• Configuring log location for Adobe Document Services specific log

  Hi All,
  Interesting one for you. I am currently helping to resolve a PDF rendering issue which is intermittent. I have sent the default trace logs to SAP, however, there is an additional adobe specific log which should be written to /usr/sap/<SID>/SYS/global/AdobeDocumentServices/renderErrorLog/errorFiles. However, my default trace is saying that they are written to the the wrong SID and also puts a double // between gloab and AdobeDocumentServices, which of course is never going to work.
  The system in question is a fully supported system copy of our Production environment, created using SAP sapinst tools.
  If anyone can point me in the right direction to edit/configure the renderErrorLog location I would be most relieved as there does not appear to be anything in the Visual Administrator or Config tool.
  many thanks

  Hi,
  All the form-related services have to be started first: the IIOP on dispatcher and server, all the Document Services *, PDF manupulation and XML form module.
  Then you should be able to register your credential.
  Francois

• Pre-configure save location for converting files to PDF from shell context menu

  Hi all,
  I like Acrobat's integration into the Windows Explorer through the shell context menu command "Convert to PDF", which allows me to drag select a number of files (word documents et cetera) to batch convert them into PDF. It beats doing batch processing fr the Acrobat interface.
  However, it asks me for the save location of each file individually. I would like to have them saved in the same directory as the original file, as the default option so I won't have to attend to the conversion. I can't find such an option in Acrobat's preferences menu though
  Any gurus or users here know of a way around that?
  Regards,
  Jay

  Does your user have custom add-ons besides the Acrobat PDFMaker add-on?  If so, try disabling the other add-ons as a test to see if you get the same results.
  Does your user have a custom template?  Try moving it out and using the standard MS Word template as test?
  Did your user have a previous installation of Adobe Acrobat??  If so, check the Add-ons to see if an older version is still registered with MS Word.

• Deploying 2012 Client to 2007 R3 Internet Only clients

  I am looking for some recommendation.
  My initial though is to package the new client with AdminStudio and distribute to the clients with the current 2007, so I am hoping someone can provide some hands on exeprience.
  TIA

  That doesn't change my question at all. If these systems can already be managed, why do you want to wrap the ConfigMgr 2012 setup using AdminStudio? There's no need to do this at all.
  Jason | http://blog.configmgrftw.com

• Change default location for purchased movies ONLY in itunes

  I need to know if there is a way to have purchased movies and TV shows strictly download to an external hard drive or do you have to move the entire itunes directory. This is for a client and they do not want to have to move each movie or TV show manually to the external drive and then re-import (understandable).

  I haven't tried this but may do so soon. How about setting up symbolic links?
  Close iTunes. Use Finder to make an iTunes director on the external drive. Let's say the drive is called "storage" and your music is in your home directory. In your main iTunes Music folder, move (not copy) the "Movies" and "TV Shows" folders to the external drive. In Teminal, create two symbolic links:
  $ ln -s /volumes/storage/iTunes/Movies "~/Music/iTunes Music/Movies"
  $ ln -s "/volumes/storage/iTunes/TV Shows" "~/Music/iTunes Music/TV Shows"
  You may want to test this first on one of your CD are artist folders before moving a large directory. If the pathname has a space characters, you need to put quotes around the full path. The ~ refers to your home directory.
  To anyone, please correct me if the path syntax is wrong for Mac OS X.
  Hope this helps,
  Steven
  Message was edited by: Steven Whatley
  Message was edited by: Steven Whatley
  Message was edited by: Steven Whatley

• Manage System Center Endpoint Protection (SCEP) policies for Internet-based clients

  Hi,
  I've recently change my SCCM configuration in order to allow internet-based clients registered in our domain to communicate with our primary site server. The objectives were to let us manage the SCEP policies of these clients and receive alerts
  when they're infected even when they are on the road, so not connected to the local network.
  Now, everything seems to be in place; PKI certificates for server and client, the DNS is configured, firewall route too...but I still cannot update the policies of my client when it's not connected to the local network.
  I'm able to reach my primary site from my client when connected outside the network, but the policies won't update until I connect to the local network.
  Is it actually possible to manage the policies and receive alerts from internet-based clients like I'm trying to do?
  Thank you very much for your help

  It's going to come down to log checking at this point to find where the failure is happening or the connection is not happening.
  Initiate a machine policy refresh and watch the two logs noted above.
  CAS.log may also be helpful as well as locationservices.log and clientlocation.log.
  Try deploying an app as well and watch the logs.
  Also, if the client is not properly getting policy, there's no way for it to know that you disabled client CRL checking on the site.
  Jason | http://blog.configmgrftw.com
  Ok so now I see an error in clientlocation.log that might be the cause of my problem.
  [Domain joined client is in Internet]
  [Rotating internet management point, new management point is : SERVER.DOMAIN.COM ...
  [Unable to retrieve AD forest + domain membership] <- Pretty sure this is related to my issue
  I guess it's because my AD schema is not extended, is that right?
  EDIT: I thought this was the issue, but the AD schema seems to be extended already. Any idea of what could cause this error?
  EDIT: Do I need to open ports in order for my client to be able to reach the AD or something? I thought that was the MP's job once we granted him full control access on the AD. Am I wrong?

• Internet Based Client Management Design Question

  Hi,
  I read many articles and many forum posts about IBCM design possibilities. I want to make sure I am on the right path, so I would like to mention about what I have currently in my environment and how I will change it. Please let me know if something is wrong
  with my plannings for IBCM.
  Currently I have one SCCM2012 R2 primary site server and one database server. We dont have
  public key infrastructure at the moment , so communication is via HTTP. We dont have DMZ either. I would like to make my internal SCCM site server reachable from intranet and internet
  without installing any other site server or MP,DP,SUP point. The article below says that is possible. I will implement the scenario1 in that article.
  http://blogs.technet.com/b/configmgrteam/archive/2012/05/25/system-center-2012-configuration-manager-r-i-p-native-mode.aspx
  So, I guess
  1.I need to create
  public key infrastructure.
  2.Public DNS registration for site server's internet FQDN
  3.Firewall Settings from internet to site server
  After those 3 steps, my client will connect from intranet when they are in the office and they will also be able to connect from internet when they are outside of our network. Can you please verify whether this planning is correct or not? If you know any
  step by step IBCM implementation article that I can use , can you please give me the link?
  Yavuz Selim Atmaca

  Very high level those are indeed the right steps at this moment. Just keep in mind that this definitely is not the most secure solution.
  I created a blog post about some important configuration steps:
  http://www.petervanderwoude.nl/post/five-key-configuration-steps-for-implementing-internet-based-clients-in-configmgr-2012/
  On a side-note, if your going to build a PKI anyway, you might want to think about DirectAccess instead of Internet clients.
  My Blog: http://www.petervanderwoude.nl/
  Follow me on twitter: pvanderwoude

• SCCM 2012 R2 Internet Based client management (ICMB)

  Hi All
  We want to use internet based client management in our environment ,can we use same FQDN for both 
  internet and Intranet ,what settings need to be done and which ports needs to be open for them,is it required to put 
  SUP site syatem in DMZ or it can download updates directly from internet by getting policy from MP.
  which is the best security practice ,putting MP DP SUP servers in DMZ or opening pots in firewall is there any third way?. 

  The most important thing is that the Internet FQDN can be solved from a public DNS (usually you don't want any of your internal names to be that).
  Also, yes your clients can download straight from Microsoft Update, but they would still require access to a SUP to scan for available updates.
  For some more information see the following:
  http://technet.microsoft.com/en-us/library/gg712701.aspx#Support_Internet_Clients
  http://www.petervanderwoude.nl/post/five-key-configuration-steps-for-implementing-internet-based-clients-in-configmgr-2012/
  My Blog: http://www.petervanderwoude.nl/
  Follow me on twitter: pvanderwoude

• 250 location for Callmanager 5.1(2b)

  Hello,
  I have configured 300 location in one cluster with CKM 5.1.2b, when i try to configure the location for one gateway, in the location option i am only allowed to selec from the first 250 and i dont have the fin option to select the other 50.
  Does any one have the same problem?
  Thanks

  I think max 250 location are allowed in CCM 5.1.
  Be aware that the release of Cisco IP telephony products does not always coincide with Cisco Unified CallManager releases. If a product does not meet the compatibility testing requirements with Cisco Unified CallManager, you need to wait until a compatible version of the product becomes available before you can upgrade to Cisco Unified CallManager release 5.1(1x). For the most current compatibility combinations and defects that are associated with other Cisco Unified Communications products, refer to the documentation that is associated with those products.

• Internet Based Client Management - upgrade clients

  Hi.
  I have a customer, who wants to deploy an SCCM site and Internet Based clients. Main purpose is to patch manage the clients.
  I have one concern though - the certificate and client deployment AND the ongoing upgrade of clients.
  I believe, we will have to deploy certificates from the internal PKI and install the clients manually/scripted - right?
  How about upgrading clients when a CU is installed on the SCCM-server? Can Internet Based clients automatically upgrade or will we have to manually install every time a new client is available?
  Thanks in advance!
  /Michael

  The certificate doesn't have to be of the internal PKI it can come from anywhere as long as it can be used to authenticate the client.
  When you're dealing with Internet-only clients then yes the client needs to be manually/ scripted installed to specifically provide the client with the right information.
  Once the client is installed the normal CU packages can be used to upgrade the clients.
  My Blog: http://www.petervanderwoude.nl/
  Follow me on twitter: pvanderwoude

• Ever since upgrading to Yosemite on my Mac, I can only configure my time capsule via iPhone.  My Mac cannot locate for backup, but CAN find as my internet router.  I have followed all suggestions I can locate and have upgraded to newest version.

  Time Capsule in Yosemite can be used for router/internet but Mac cannot locate for backups.

  Please read this whole message before doing anything.
  This procedure is a test, not a solution. Don’t be disappointed when you find that nothing has changed after you complete it.
  Step 1
  The purpose of this step is to determine whether the problem is localized to your user account.
  Enable guest logins* and log in as Guest. Don't use the Safari-only “Guest User” login created by “Find My Mac.”
  While logged in as Guest, you won’t have access to any of your documents or settings. Applications will behave as if you were running them for the first time. Don’t be alarmed by this behavior; it’s normal. If you need any passwords or other personal data in order to complete the test, memorize, print, or write them down before you begin.
  Test while logged in as Guest. Same problem?
  After testing, log out of the guest account and, in your own account, disable it if you wish. Any files you created in the guest account will be deleted automatically when you log out of it.
  *Note: If you’ve activated “Find My Mac” or FileVault, then you can’t enable the Guest account. The “Guest User” login created by “Find My Mac” is not the same. Create a new account in which to test, and delete it, including its home folder, after testing.
  Step 2
  The purpose of this step is to determine whether the problem is caused by third-party system modifications that load automatically at startup or login, by a peripheral device, by a font conflict, or by corruption of the file system or of certain system caches.
  Please take this step regardless of the results of Step 1.
  Disconnect all wired peripherals except those needed for the test, and remove all aftermarket expansion cards, if applicable. Start up in safe mode and log in to the account with the problem. You must hold down the shift key twice: once when you turn on the computer, and again when you log in.
  Note: If FileVault is enabled in OS X 10.9 or earlier, or if a firmware password is set, or if the startup volume is a software RAID, you can’t do this. Ask for further instructions.
  Safe mode is much slower to start up and run than normal, with limited graphics performance, and some things won’t work at all, including sound output and Wi-Fi on certain models. The next normal startup may also be somewhat slow.
  The login screen appears even if you usually log in automatically. You must know your login password in order to log in. If you’ve forgotten the password, you will need to reset it before you begin.
  Test while in safe mode. Same problem?
  After testing, restart as usual (not in safe mode) and verify that you still have the problem. Post the results of Steps 1 and 2.

• How to enable for Internet-Based Client Management existing "intranet" clients

  Hello,
  Step #1
  I have an existing "intranet-only" SCCM 2012 SP1 CU1 environment. It is made of HTTP Intranet-Only MP.
  All clients are properly communicated with one of the intranet MP
  All clients are leveraging auto-enrollment of our AD PKI and have a working client certificate recognized by SCCM client
  Step #2
  I expanded the above infrastructure to support IBCM clients. Basically I want the existing intranet clients still be managed when they are outside our network
  I added MP, DP, SUP, FSP on dedicated DMZ servers. It has been published on Internet, and properly declared with public DNS
  The DMZ MP has been configured for HTTPS / Internet client only
  When I tested first this setup in my lab, it was working fine, and my "intranet" client moving to Internet was properly detecting this configuration, and was starting to contact the "DMZ/Internet MP" without any problem
  I did the same on my production environment but this time, my client moving to "internet" detectes it is connected on Internet but does not have any clue about the DMZ/Internet MP to contact. According to logfile, it is trying to check on DNS,
  WINS, etc. but obviously it is already too late when in Internet, this information is no longer available.
  I guess I did something in my lab environment to make it work but I don't what. Any idea how to tell to existing clients they should use a new "Internet-Only" MP when they are on Internet ?
  Regards.

  Basically I found my problem...
  In my lab, I manually configured the SCCM client option Internet-based management point (FQDN) to use the public DNS address of my Internet/DMZ MP.
  If I do the same for my production sample client, it works fine now.
  Question: how can I enforce this change on all my existing clients ?