Configuring Failover Cluster Server Share as a Distribution Point

Similar Messages

• Failover cluster server - File Server role is clustered - Shadow copies do not seem to travel to other node when failing over

  Hi,
  New to 2012 and implementing a clustered environment for our File Services role.  Have got to a point where I have successfully configured the Shadow copy settings.
  Have a large (15tb) disk.  S:
  Have a VSS drive (volume shadow copy drive) V:
  Have successfully configured through Windows Explorer the Shadow copy settings.
  Created dependencies in Failcover Cluster Server console whereby S: depends on V:
  However, when I failover the resource and browse the Client Access Point share there are no entries under the "Previous Versions" tab. 
  When I visit the S: drive in windows explorer and open the Shadow copy dialogue box, there are entries showing the times and dates of the shadow copies ran when on the original node.  So the disk knows about the shadow copies that were ran on the
  original node but the "previous versions" tab has no entries to display.
  This is in a 2012 server (NOT R2 version).
  Can anyone explain what might be the reason?  Do I have an "issue" or is this by design?
  All help apprecieated!
  Kathy
  Kathleen Hayhurst Senior IT Support Analyst

  Hi,
  Please first check the requirements in following article:
  Using Shadow Copies of Shared Folders in a server cluster
  http://technet.microsoft.com/en-us/library/cc779378(v=ws.10).aspx
  Cluster-managed shadow copies can only be created in a single quorum device cluster on a disk with a Physical Disk resource. In a single node cluster or majority node set cluster without a shared cluster disk, shadow copies can only be created and managed
  locally.
  You cannot enable Shadow Copies of Shared Folders for the quorum resource, although you can enable Shadow Copies of Shared Folders for a File Share resource.
  The recurring scheduled task that generates volume shadow copies must run on the same node that currently owns the storage volume.
  The cluster resource that manages the scheduled task must be able to fail over with the Physical Disk resource that manages the storage volume.
  If you have any feedback on our support, please send to [email protected]

• SSL Cert for 2008 R2 Reporting Services that is installed on a Failover Cluster - server address mismatch?

  I utilized the idea from
  http://www.mssqltips.com/sqlservertip/2778/how-to-add-reporting-services-to-an-existing-sql-server-clustered-instance/ to install 2008 R2 Reporting Services on a new Clustered SQL instance.  In short, create the new Clustered SQL instance on Node1,
  installing Reporting Services with it.  Then on Node2, Add a Failover Cluster Node (without choosing Reporting Services); following that up with starting the SQL setup.exe with a cmd to bypass a check so that I can then install the Reporting Services
  feature on Node2.  It points out using the SQL Cluster Network name for connecting to Reporting Services.
  I verified upon failover that I could still access the Reports and ReportServer URLs.  However, when wanting to add an SSL certificate to the RS configuration, I run into the warning of "mismatched address - the security certificate presented by
  this website was issued for a different website's address", where I can continue and get to the Reports or ReportManager URLs.
  I played with different certs (internal CA created) and SANs and other things, but I still get this error with the cert.  The Reports URL, for example, is <a href="https:///Reports">https://<SQLClusterNetworkName>/Reports, and the
  cert has a CN and Friendly Name of SQLClusterNetworkName (with SAN of DNS: SQLClusterNetworkName.<domain>), but the error still happens.
  What am I missing to eliminate the mismatched address warning when using the SQLClusterNetworkName as the base of the URLs?

  I got it working by using the FQDN as the common name on the SSL cert, with FQDN in RS URLs.

• Failover cluster server

  We have a 2 node cluster both on 2012, they were both working fine until a restart where one of servers started becoming unresponsive, when connected remotely or directly on the server you could use PowerShell from the server manager window, if you attempted
  to press start or click on a desktop icon the system came completely unresponsive, from PowerShell you can open control panel and task manager, and a few other things. eventually we rebuilt the server to save on troubleshooting time. but unfortunately yesterday
  we had a power cut and to save UPS power we moved the roles on to one node and powered one off, upon the restart it has the exact same issues. this is the Server that was rebuilt only 3 weeks ago, no updates were done, the node will not
  take any roles when using failover cluster manager from the other server which has the accept same configuration.
  any ideas? i'm happy to rebuild again but not sure its solving the issue.
   

  Hi,
  Above all we recommended to patch your new cluster and see if issue could be fixed.
  Here are some recommended updates:
  Recommended hotfixes and updates for Windows Server 2012-based failover clusters
  http://support.microsoft.com/kb/2784261
  See if the issue still exists after applying all these updates - we will need to monitor for some time as the issue may not reoccur immediately when you restart or shutdown a node. 
  If you have any feedback on our support, please send to [email protected]

• Quorum location for Failover cluster file share witness

  So, I've done quite a bit of searching for what I'm about to propose and I've been able to find nothing.
  I currently have a multi site failover cluster hosting separate 2-node SQL clusters at each site connected through an Availability Group.  For the failover cluster I am using a file share witness hosted on a server at the primary site.  Both sites
  are built entirely on vSphere 5.5 and have full replication for the production servers.  If the primary site goes down (disaster), I'll need to force quorum in the secondary site to a new file share witness.
  Well, I got to thinking...
  Why not just replicate the server hosting the file share?  I completely understand the reasoning behind not putting the file share witness on DFS, but a replicated virtual server, why not?  If the primary site fails, the replicated server hosting
  the file share witness is brought online with the rest of the production servers in the DR site.  In that case, the only thing that changes is the server IP address, but ultimately, the server name and share where quorum is hosted all stays the same.
  Ultimately this prevents needing to find a 3rd geographical/cloud location to host a quorum/witness at.  I can't imagine it's this "simple", but maybe it is.  If this is possible, and there's not something I'm missing, this essentially
  makes the quorum file share witness site agnostic, meaning it could live or be moved anywhere that replication is allowed.
  Ideas, thoughts?  Am I missing something?
  Thanks!
  Chris Miller

  Most likely it would be better to put this question to the High Availability forum -
  https://social.technet.microsoft.com/Forums/en-US/home?forum=winserverClustering
  But, might need a more complete definition of your environment.  Are you saying that you have multiple 2-node clusters, each with one node in the primary and the second node in the DR site?  And you have a single file share server located in primary that
  is used to host the file share witnesses for all these clusters?  You want to use VMware to replicate the file share server to the DR site so that it can be made available should the primary site fail?
  It should work, but it will not be automatic.  After all, the replicated VM will need to be brought online at the DR site so the SQL cluster will recognize it.  That is not an automatic process.  So the cluster will be down until
  you bring the file share server online so it can be recognized.  Not a whole lot different that simply forcing the DR SQL host to run without quorum.
  . : | : . : | : . tim

• Destroying/Re-creating a Failover Cluster - Server 2012

  Hi all,
  Some background:
  We have a 4-node cluster hosting our Hyper-V environment, and for some or other reason we keep having issues where nodes will just become unresponsive, with the logs indicating an issue on the cluster.
  Short of destroying the cluster, we've tried everything to resolve this, i.e. remove and re-install Hyper-V and Failover Clustering, checked Windows updates, double-checked the configuration on the hardware, etc.
  Now, my question:
  If I destroy a cluster through cluster manager, and then re-create it, adding back the CSV storage, will the "new" cluster pick up that there are Hyper-V servers in those CSVs and recover those roles? Is there a way to back up and restore the existing
  roles prior to destroying the cluster?
  Thanks in advance for any guidance.
  Sebastian

  Hi,
  Base on my experience, if you want to remove the cluster you must remove all the cluster resource first, for Hyper-V roles you must export all the vm to the new location then
  do the cluster remove action.
  The similar thread:
  Does the destroy cluster option affect the guests running on the hyper-v hosts?
  http://social.technet.microsoft.com/Forums/windowsserver/en-US/aab6d54c-1220-42fb-b4f6-c0b6b1583730/does-the-destroy-cluster-option-affect-the-guests-running-on-the-hyperv-hosts?forum=winserverhyperv
  More information:
  Deleting a Cluster resource? Do it the supported way
  http://blogs.technet.com/b/askcore/archive/2010/01/11/deleting-a-cluster-resource-do-it-the-supported-way.aspx
  Remove-Cluster
  http://technet.microsoft.com/en-us/library/hh847273.aspx
  Hope this helps.
  We
  are trying to better understand customer views on social support experience, so your participation in this
  interview project would be greatly appreciated if you have time.
  Thanks for helping make community forums a great place.

• SQL Server Failover Cluster Questions

  Dear All,
              I am building a two-node failover cluster on SQL Server 2012 SP1 (inside Hyper-V as a Guest Cluster) and want clarification on few things that I am facing.
  1.  I am receiving MSDTC Warning.  I can go ahead and create the cluster, but want to understand whether this MSDTC is to be configured as a role on the cluster or not.  I plan to run SCVMM, SCOM, Orchestrator and Windows Azure Pack Databases
  and Reports through it so in such a scenario, do I need MSDTC? If yes, how much should be the size of the MSDTC Drive? Is following process correct?
  http://www.sqlnotebook.info/configure-msdtc-on-windows-cluster-2012/
  2.  During First Node configuration, one needs to provide the "SQL CLUSTER RESEOURCE GROUP NAME".  Does it have any bearing on how it will be accessed by other servers for databases and logs? or is it just how the cluster resource group
  would be named? would it be required for every instance that is created inside the cluster? Just to be clear, so one can name it according to the instance name.
  3.  During the instance creation, one needs to provide "SQL Server Network Name".  As stated above, I plan to run SCVMM, SCOM, Orchestrator and Windows Azure Pack Databases and Reports through it, so would I be required to provide this
  for all instances that I create or this is only required once in the cluster:
  4.  During the instance creation, one needs to provide the features required for installation i.e. instance features and shared features.  As stated above, I plan to run SCVMM, SCOM, Orchestrator and Windows Azure Pack Databases and Reports through
  it, so which features should be selected? so that there is less workload on the server.
  5.  All the instances use TempDB for databases that are present inside it.  What would be the best practice with respect to TempDB.  One TempDB for all instance on the servers on a separate LUN or all instance having their own TempDB LUN?  What
  should be the ideal size of the TempDB LUN?
  6.  Should all the disks required for DBs and Logs be added to Cluster?  Should they be added normal disks or CSV Volumes?
  Thanks in advance. 

  Hello,
   1.You can run the Microsoft Distributed Transaction Coordinator service (MSDTC) as a clustered resource on a failover cluster server for increased reliability, based on the failover capabilities of the clustered servers. You can
  refer to the MSDTC section of the following blog about determine whether the Microsoft Distributed Transaction Coordinator (MSDTC) cluster resource must be created.
  Reference:http://msdn.microsoft.com/en-us/library/ms189910.aspx#MSDTC
  2. The Cluster Resource Group is where SQL Server failover cluster resource will be placed. Each clustered SQL Server will belong to a Failover
  Cluster Resource Group. For example, if you had configure a two node SQL Server Cluster, each clustered instance on the two node belong to a same Cluster Resource Group.
  You can change the Cluster Resource Group name, but notes the following name is reserved and already used as Resource Group names: Available Storage, Cluster Group.
  3. Each SQL Server cluster is assigned a virtual Network name and IP address, which client applications use to connect to the clustered SQL Server.
  4. Not familiar with SCVMM, SCOM, Orchestrator, but you should install the Database Engine Services and SQL Server Management tools.If you want to use SQL Server Reporting Services, you can install Reporting Servers, but Report Server service cannot participate
  in a failover cluster.
  5. You can use isolated disk for user database and temp DB of each SQL Server Cluster
  6. Yes. You should use Cluster Disks which add to Clustered Shared Volumes to host the data file and log of databases.
  http://www.pythian.com/blog/how-to-install-a-clustered-sql-server-2012-instance-step-by-step-part-1/
  Regards,
  Fanny Liu
  Fanny Liu
  TechNet Community Support

• "Enable distribution-point sharing for this source site" did not showing SCCM 2007 DPs as SCCM 2012 content shares for CM12 clients

  Hi
  We have one central site server and three primary site servers in SCCM 2007 and completed the SCCM 2012 migration as single hierarchy.
  During the migration, We have configured SCCM 2007 Central site server as source hierarchy for data gathering process and configured the "Enable distribution-point sharing for this source site" to make SCCM 2007 distribution points
  as SCCM 2012 content shares to serve SCCM 2012 migrated clients. Now we are facing a problem that one of the primary site server's data gathering process did not gather SCCM 2007 DPs even though we configured "Enable distribution-point sharing for this
  source site" but data gathering process is completing successfully.
  Is anyone have idea, why these SCCM 2007 DPs did not appearing as SCCM 2012 content shares under "Shared Distribution Points"
  Thanks in Advance
  srkr

   Now we are facing a problem that one of the primary site server's data gathering process did not gather SCCM 2007 DPs even though we configured "Enable distribution-point sharing for this source
  site" but data gathering process is completing successfully.
  Earlier all the shared DPs are showing under  Shared Distribution Points ? Or since starting itself these DPs are not showing down? Have you checked migmctrl.log for some clue?
  Anoop C Nair (My Blog www.AnoopCNair.com)
  - Twitter @anoopmannur -
  FaceBook Forum For SCCM

• Hyper-v Failover Cluster management via powershell

  Hi
      We are looking at having a management server act as proxy for managing couple of hyper-v clusters using CSV. We plan to do management using powershell commands.
      We create a session one of the host in the cluster  and execute commands using invoke-command. The cluster verbs seems to fail with the following warning. 
  WARNING: If you are running Windows PowerShell remotely, note that some failover clustering cmdlets do not
  work remotely. When possible, run the cmdlet locally and specify a remote computer as the target. To run the
   cmdlet remotely, try using the Credential Security Service Provider (CredSSP). All additional errors or
  warnings from this cmdlet might be caused by running it remotely.
    What is the recommended way to do setup for using FailoverCluster ? We want to have a single management server that act proxy for all servers clustered or not.
    Also, is there a document that describe various operations done via Failover Cluster Manager and corresponding powershell commands (or set of commands).
  Thanks
  /Jd

  Regarding the Stop action from Failover Cluster Manager, Eric, I understand your point. But when I do shutdown from Failover Cluster Manager, the VM shuts down as expected even when the setting is set to Save.
  I was very specifically talking about the Stop-ClusterGroup cmdlet, not any command issued in Failover Cluster Manager. But, well, yeah, if you tell a VM to shut down, it shuts down. I don't know why you'd expect anything different to happen. If you're looking
  for the equivalent to Stop-ClusterGroup inside Failover Cluster Manager, it's not called "Shut Down". You can use "Stop Role" on the "More Actions" menu for the VM. You can also find the configuration object (usually named in the format of "Virtual Machine
  Configuration XXX") and take it offline.
  I tested a number of times after your first post, and Stop-ClusterGroup does what the Cluster-Controlled Action is set to every single time for me.
  I could only make educated guesses at the underlying mechanics of FCM and PowerShell's cluster cmdlets, but the stand-out difference is that FCM has no method to operate in a double-hop situation at all, while PowerShell does. You only encounter these difficulties
  with PowerShell in that second hop. The question you're asking: "it would be great to know how Failover Cluster Manager works without this setup ?" is an apples-to-oranges comparison.
  This particular sentence of yours sort of changes the overall parameter of your question:
  "... so our automation works..."
  I was under the impression you were setting up this double-hop because you wanted admins to manually execute PowerShell cmdlets against your cluster from a single controlled location.
  If automation is your goal, do it right from the cluster. I obviously don't know your entire wishlist and it's none of my business, but this double-hop situation may not be ideal.
  Eric Siron Altaro Hyper-V Blog
  I am an independent blog contributor, not an Altaro employee. I am solely responsible for the content of my posts.
  "Every relationship you have is in worse shape than you think."

• Is there a way to avoid having a content library on a site server when the Distribution Point role is not installed on that server (disk cost issue)?

  Hello,
  I don't think it is possible, but my goal is to start a discussion about content libraries and maybe suggest something for a future release or version of Configuration Manager.
  Actually, based on Configuration Manager Technet documentation, Configuration Manager creates a content library on each site server and on each distribution point.
  Often, when designing the architecture, people will offload the distribution point role from the site server to an external server (and add the role to other servers too for redundancy). They could also do the same for the Management Point role, but this
  is not related to content library. The idea is to save the site server from having to deal with clients for software distribution (applications, software updates, OS, etc.), this is especially true for organizations having a large number of clients and/or
  primary site servers involved in a hierarchy. Doing so will allow more resources on the site server to deal with the database and also replication in the case of a hierarchy.
  When doing that, you still have to maintain a content library on the site server and the thing is this library will usually become huge, especially for organizations having more than 1000 applications (add also OS images to this). Will the content library
  on the site server become as huge as the one for a distribution point having a copy of all content? I guess the answer is yes.
  I know that Pull distribution points will help offloading the task from the site server to distribute content to distribution points, but, correct me if I'm wrong, you still have to maintain a content library on the site server when using them, and they
  will not make the content library smaller on the site server. Also, I don't like the fact that you lose the rate limits feature with Pull DPs, but this is another story.
  Storage cost is high and in this scenario, it hurts to have to pay this cost for a content library not used by the clients, but only to distribute content to DPs.
  Correct me if I'm wrong, but the key component here is Distribution Manager on the site server; this is the one which has to maintain a content library to do its job.
  It would be nice if we could have a way to elect a specific distribution point (not on the site server) as the Distribution Manager for a site, that main DP would hold a copy of all content by default, but would be used to distribute content to other DPs
  and avoid the content library on the site server. Said differently, the Distribution Manager component would become a site system role that could be transferred outside the site server.
  Tnx for comments, answers or suggestions.
  Patrick

  There is no way to avoid that the contentlib will be placed on the site server.
  I don‘t agree that storage cost is high. It might be true for fast storage, but that‘s not needed for it.
  Torsten Meringer | http://www.mssccmfaq.de

• SCCM 2012: failed to connect to distribution point

  Hi folks,
  I have an intermittent issue and can't figure out the reason so far.
  I have a primary server and multiple distribution points. The primary does not have a DP configured. When I deploy a new distribution point, I have the following messages:
  Distribution Manager failed to connect to the distribution point. Check your network and firewall settings.
  and
  Distribution Manager failed to find or create the defined share or volume on distribution point.
  DistMgr.log shows the following:
  CWmi::Connect() failed to connect to \\AMB-SCCM-E.domain.name\root\CIMv2. Error = 0x800706BA
  STATMSG: ID=2391 SEV=E LEV=M SOURCE="SMS Server" COMP="SMS_DISTRIBUTION_MANAGER" SYS=BBD-SCCM-E.domain.name SITE=IDC PID=2120 TID=3376 GMTDATE=do jun 28 07:24:17.463 2012 ISTR0="["Display=\\AMB-SCCM-E.domain.name\"]MSWNET:["SMS_SITE=IDC"]\\AMB-SCCM-E.domain.name\"
  ISTR1="" ISTR2="" ISTR3="" ISTR4="" ISTR5="" ISTR6="" ISTR7="" ISTR8="" ISTR9="" NUMATTRS=1 AID0=404 AVAL0="["Display=\\AMB-SCCM-E.domain.name\"]MSWNET:["SMS_SITE=IDC"]\\AMB-SCCM-E.domain.name\"
  ERROR DPConnection::ConnectWMI() - Failed to connect to  AMB-SCCM-E.domain.name. error = 0x800706ba
  Failed to find a valid drive on the distribution point ["Display=\\AMB-SCCM-E.domain.name\"]MSWNET:["SMS_SITE=IDC"]\\AMB-SCCM-E.domain.name\
  Cannot find or create the package share.
  Error occurred. Performing error cleanup prior to returning.
  However, after a while (couple of hours), it looks like everything is distributed on the DP. But this message keeps on coming back during the course of the day and every time a new DP is deployed.
  I checked permissions, IIS, WMI, but I can't find out the cause of this behavior. I have events about WMI (id 5605) but I can connect to the WMI workspace (root\MicrosoftIISv2) with no issues.
  Can anyone shed some light on this please? It would be greatly appreciated.
  Cheers,
  Safdar.

  To clarify: it's not enough to tick "Windows Authentication" in Add Roles/Features - it actually has to be enabled in IIS configuration. 
  There are also suggestions to run mofcomp.exe smsdpprov.mof
  Tip of me hat:
  http://weikingteh.wordpress.com/2013/12/03/failed-to-install-a-new-distribution-point-error-0x800706ba/

• Distribution Point Migration

  Hello,
  I have 1 primary and 100 secondary site (each secondary having MP and DP role installed). I want to migrate CM2012 share distribution point for 100 secondary site. I have few question in that.
  1.Currently all the secondary contain : more than 250 packages in SMSPKG$ folder and DATAACCESS shared folder. If I convert to shared DP and attach cm2012..How distribution point works. Should I need to distribute 250 package to the shared one or it will
  copy the package from SMSPKG$ folder and store in content lib, or should I redistribute the package to shared DP's? 
  2.Once I convert the share DP it losses 2007 primary communication?
  3.what about the DATAACCESS folder once migrate share DP.. still use old one?

  Hi,
  1. The conversion process will convert all Migrated packages to the new contentlibrary no need to redistribute them.
  2. Yes
  3. From TechNet :
  http://technet.microsoft.com/en-us/library/gg712275.aspx
  "The upgrade process creates a copy of the migrated content that is stored on the distribution point, and then converts this copy to the single instance content store. When Configuration Manager converts a package to the single instance content store, it
  deletes that package from the SMSPKG share on the distribution point computer unless the package has one or more advertisements that are configured to
  Run program from distribution point. "
  Regards,
  Jörgen 
  -- My System Center blog ccmexec.com -- Twitter
  @ccmexec

• Distribution point shows 0 items.

  SCCM 2012 SP1 with 6 DPs.
  We had 6 distribution points. The Primary Site server D drive got full while installing new DP. We reboot the server and now Administration->Distribution Points show 0 items.
  Distribution point shows 0 items.
  Distribution Point group shows ALLDPGroup however members show 0 items.
  Content Status shows 0 items
  Distribution Point Group Status 0 items
  Distribution Point Configuration Status 0 items
  MP could not complete a task when processing Relay.
  Check the logs for clues. Possible cause: Out of disk space.
  Solution: Increase the disk space, remove unprocessable files.

  If you can get into the Console do you have maintenance task set-up to clean up and delete old records?  if so do that. 
  Why should that help in that case?
  @Parvinder_Randev: were you able to free up some disk space? Have you already examined the site and component status? Are there other errors? Site systems should not vanish just because of the disk being full.
  Torsten Meringer | http://www.mssccmfaq.de

• Distribution manager failed to connect to the distribution point

  After upgrading my distribution point to windows server 2012 standard I can't distribute content to my distribution point.
  I see the following error.
  source: SMS Server
  Component: SMS_DISTRIBUTION_MANAGER
  message id 2391
  Distribution Manager failed to connect to the distribution point Check your network and firewall settings.
  The firewall is not enabled. 
  wbemtest is able to connect to the remote server that has the distribution point role installed.
  The network access account is working.
  How do I fix this?

  but why does it most of the time work? I did inplace upgrade at least 6 times from 2008 R2 to 2012 R2 and every DP except one works fine.
  I'm not completely sure, but I think, my faulty one, that I'm trying to get working, was working correctly after the inplace upgrade. But as I said, that is only a theory, I'm just curious if that's possible.
  I have the same issue as described above.
  The IT guys from LukOIL

• SCCM 2012 - Pull distribution point and target PKI or HTTPS DPs

  I have spent several days researching this and so far have found only a single page that even takes a stab at offering a solution.
  Problem:
  Trying to target an HTTPS DP when creating a pull distribution point in SCCM 2012 R2. The link that I'm referring to that does offer a workaround is here(guess I can't post a link, but it ends with the following, how-to-set-an-https-distribution-point-as-a-source-dp-for-pull-dps)
  I have several problems with the proposed solution.
  Is a script really the only way to proceed with something that has up till now been a built in feature with the rest of the product.
  You have to provision the DP to use a self signed cert initially for it to even work, then supposedly you can add the private key to the DP later.
  Does that mean I have to unbind the cert from both the pull and target/source push DP in IIS?
  Powershell which would be a logical way to go, doesn't seem to make any head way(Mr. Snover I know you don't oversee configman but please push for more documentation, you've taught me to live and die by get-help. A single example for a command as large
  as set-cmdistributionpoint or add-cmdistributionpoint is a shame. Perhaps my update help just didn't finish properly and I'm talking prematurely. If that is the case then I apologize!)
  Is there no other solution other than build the DP with a self signed cert then run this VB script and then switch the private key later? I have read through a lot of the pull DP documentation and it makes mention of leveraging the SDK but I haven't seen
  anything definitive. I would like to at the very least convert this from VB to powershell(if that script is the only option) and I know how to convert the portions where it's interacting with the site's WMI namespace (smsprovider if I'm not mistaken).
  What I don't know how to do, rather don't have the chops for is what comes after. The site control file piece, I see it's also WMI and I could spend the time stepping through the different piece and just might to learn more about SCCM in the lab anyhow. I've
  spent the last year getting to know powershell and have spent next to no time with VB. I know enough to recognize what a script is doing.
  The environment:
  The reason this is important for me is I'm about to start the production build(been all lab up till now) that is going to have just under 300 DPs in the field connected via T1 lines. They were all 07 secondary sites. I was thinking about migrating them using
  the migration tool but considering the amount of work its going to take if that link is the ONLY path to target a HTTPS DP then I might as well just spend the time and manually uninstall and reinstall the field DPs. The client count in the field is an average
  of 50 machines per site where there are on-prem devices... Total client count is around 25k. The primary site in the datacenter will house the majority of the site roles unless I start running into resource issues, at which time I will begin offloading site
  roles to one of two more servers that I have slated for the project. No CAS, no Secondaries. SQL is co-located on the primary.
  Ramblings:
  I'm sure there are more people out there using PKI, and using pull DPs. How have you managed to target your HTTPS enabled DPs? Security wants this to be a HTTPS only environment, and up until now I have successfully done that. If someone could please point
  me in the direction of some more thorough documentation I would be very grateful. I understand that this is a somewhat new feature, but there has to be an easier way. Perhaps powershell can cleanly do it with the set-cmdistribution point...but when I update
  help and do showwindow for the command I only get one example and so far haven't found any other stories like mine with the exception of the link I posted in the beginning.
  While I'm rambling, Wally there are a lot of us in the community that are going to miss your presence at Microsoft and should you read this I wish you luck with your new position. But that is a whole different topic. Thanks in advance for any links or help
  you can provide. -K.R.

  Yes, this is the only way, from
  http://technet.microsoft.com/en-us/library/gg712321.aspx#BKMK_PlanPullDps: "However, you can use the Configuration Manager SDK to specify a source distribution point that is configured for HTTPS. To use a source distribution point that is configured
  for HTTPS, the pull-distribution point must be co-located on a computer that runs the Configuration Manager client. "
  Does "why" really matter , who cares? It just is. Whether it was an oversight, a coding bug, or an act of God doesn't change anything. Why does there "have to be" an easier way? And what's wrong with using the VBScripts others have
  written? A script is a script is a script particularly if you've been given it already. Just because the hammer is pink doesn't mean it can't hammer the nail in.
  Jason | http://blog.configmgrftw.com | @jasonsandys