How to Join Primary site to CAS server

Similar Messages

• How to evict a primary site from CAS

  Hi All,
  I have a SCCM hierarchy with a CAS and 2 Primary sites, We have planned to remove the first primary site, is there a process to evict the site directly.
  Please suggest !!
  Thanks,
  Pranay.

  You can't detach a primary site from a CAS. The only workaround would be to set-up a new standalone primary site and migrate all the required objects to the new site and reassign all the required clients.
  My Blog: http://www.petervanderwoude.nl/
  Follow me on twitter: pvanderwoude

• How to join local computer to virtual server domain ?

  Hi everyone,
  I am new to Window Azure cloud computing. I found many articles and tutorials available online but I am kind of lost because I don't what I need to do to achieve my scenario.
  Scenario: I want to migrate my servers to cloud and retire all local servers such as DC and file server. At the same time, I wish to control the network traffic to limit the clients access to Internet resources. I am not sure retiring the
  all local servers is something right to do and how to do.
  What I have done:
  1. Site-to-Site VPN connection with Dell Sonicwall TZ205 to VNet. (I followed the route-based VPN in this document -> https://www.google.com/url?sa=t&rct=j&q=&esrc=s&source=web&cd=1&ved=0CB0QFjAA&url=https%3A%2F%2Fsupport.software.dell.com%2Fdownload%2Fdownloads%3Fid%3D5343958&ei=ykGhVIK6GISWuASU6oHQBw&usg=AFQjCNGGS6fsuK6IHAWyQgZi5fey4xhfKg&bvm=bv.82001339,d.c2E&cad=rja)
  2. Created a VM in the VNet. (I can ping the VM from computers connected to TZ205)
  3. Installed active directory and configured the domain forest.
  What I need to do:
  1. How to join the local computers to the virtual server domain controller with S2S and P2S VPN. (Some Internet resources mentioned I need to install Connect agent in order to do this)
  Extra questions:
  1. Is it possible to request the clients to provide account credentials before the point-to-site VPN to VNet is established ?
  2. How do I configure the TZ205 VPN router to send all the Internet traffic to the VNet instead of the ISP gateway? The computers connected to TZ205 firewall router public IP address doesn't change to the VNet gateway IP.
  Thanks for your time reading my questions. It will be helpful if you can provide me some useful links or ideas.
  Sincerely,
  Chee-Kian

  Greetings!
  I assume there is connectivity between on-prem device and DC on Azure VM.
  You can set the Internal IP of the DC as DNS on the on-prem device and trying joining it to the existing domain. Please note to use S2S VPN.
  It is not possible to provide user credentials while connecting to vNet via P2S VPN. It's a certificate based authentication (which is so by design).
  With regards to your query to send all internet traffic to vNet instead of ISP gateway. Please refer to Forced Tunneling:
  http://msdn.microsoft.com/en-us/library/azure/dn835140.aspx
  Hope this helps.
  Thank you,
  Arvind

• Single Primary Site with CAS

  Hello,
  I have a client with a single primary site server and a CAS. It was installed for some reason, doesn't really matter now why.
  They have two options, leave it up or migrate to a new Primary Site server.
  The questions is, if they leave it up (It's not needed or used), what harm will it do?
  Yes, I know it will make the site simpler to manage but other than that? What would compel them to go through the hassle of a migration to a new server?
  Thanks!
  John

  Short answer:  get rid of it.
  There are a host of complications introduced by having a CAS and it should really only be done if the environment demands it (massive device management count for example).
  In addition to patching complication increase and SQL replication monitoring you now have to do:
  1.  Many roles will need to be installed multiple times.  Example WSUS will be required to be installed on the CAS with a secondary on the Primary for proper functionality.
  2.  Some roles will be required on the CAS, some will be required on the Primary site.  If you aren't well-versed in your SCCM this can be a frustrating path of discovery.
  3.  Then there are roles that _can_ be installed in both locations but don't have to be ... like the reporting server.  This one comes down to login policies and if people will ever log directly into the PRI or just CAS box.
  All these architectural complications come before the "why" is asked ... which is usually driven by one of two things:
  1.  In SCCM 2012 RTM, the CAS had to be installed first or you could never use it.  Some clients did this to avoid potential problems.  This requirement has sense changed.
  2.  In 2007, people used to use multiple primaries as security boundaries.  With SQL replication, collections being uniform across all sites, and the general inclusion of RBAC .... this is now moot.
  Basically don't use CAS unless it absolutely fits the company.  It's a lot more pain than just "one more VM".

• How to block Torrent sites in isa server

  how to block Torrent sites in isa server

  Hi,
  hth:
  http://social.technet.microsoft.com/Forums/forefront/en-US/a1a19e8b-c60e-4fcf-afa3-cf52cfc88f23/how-to-detectblock-peertopeer-activity-in-isatmg
  regards Marc Grote aka Jens Baier - www.it-training-grote.de - www.forefront-tmg.de - www.galileocomputing.de/3276?GPP=MarcGrote

• How do upload a site to a server and make it work

  i designed a site using dreamweaver cs3 and uploaded it to a remote  server, but when i tried to test it i couldnt see the flash elements i  had embeded this happens with pictures too. is there anyone who can help  me?

  So, what you are saying is that when you view your site locally in the browser everything is looking and working as expected, but when you upload the site then view it in the browser on the web images and flash elements are not showing up, correct?
  What are yopu seeing?  Is there a little red x for your images?  Do you have a URL we can look at?
  It is possible that Dreamweaver didn't upload everything correctly - it does this some times.  Did you upload your entire site using an actual FTP program? This is often a good failsafe to be sure everything is there.
  Hope this helps - please do share the URL so we can be of more help.
  Lawrence Carmer - *Adobe Community Professional*
  http://www.Cartweaver.com
  Complete Shopping Cart Application for
  Dreamweaver, available in PHP and ColdFusion
  Stay updated - http://blog.cartweaver.com

• Does anyone know how to publish a site using Lion server.

  I have made a web site using I web and was trying to publish it using FTP and lion server but was quite sure were to find the server address and other required info.
  If anyone can help it'd be greatly appreciated.
  Thanks

  You shouldn't need to use ftp to publish a site when using a server, this is the whole point, that you are not uploading anywhere external, but are hosting yourself on a dedicated computer running a server.
  This is not really the place to ask.  There should be more forums here that are specially dedicated to Lion server issues.
  Try looking at the pages on the Apple site under info on Lion server and there should be a user manual for you to look at for Lion sever.  Try looking at this.
  This is an iWeb forum so not really the right place to ask questions regarding server issues.

• How to join srever osx to windows server 2008

  Hi
  Can any one advise me on the best way to join OS X Server to Windows server 2008 DC.
  My ultimate aim is to manage ipads using OS X server by pulling users from Active Directory within Server 2008.
  Thanks    

  You need to join the OS X Server to Active Directory just like any other Mac. This is done usually using Directory Utlity but can also be done via the command line.
  Once you have joined it to AD, you then in Server.app switch to showing Network Accounts. These accounts can then be used to authenticate services in Server.app

• One primary site with a remote DP/MP, or two with a CAS server?

  Hi
  For a new SCCM 2012 environment, we have the following setup:
  - HQ site with 1500 PCs/users
  - Branch office in a separate AD site, slow WAN link, 120 PCs/users
  Now, I'd like to keep the setup simple so my first instinct is to deploy one primary site with a server in the branch office fulfilling the MP/DP/PXE/Update Point roles.
  However, the site has a local technician who needs the ability to deploy images to the local machines. Running the console from the branch office to the HQ site is not an option, since consoles (such as ADUC) have very poor performance over the WAN.
  This brings me to the option of either a primary HQ site with a branch secondary site (something I'd like to stay away from, since it requires SQL and the technician would still need to connect the console to the primary site anyway!), or 2 primary sites both
  connected by a CAS server. For what the technician needs, I think this is overkill, and I don't like the idea of the added complexity, or keeping both sites in-step as far as replication is concerned.
  Im leaning towards the 1 primary site, remote MP/DP option, but Im not sure how the technician would image machines without the console. I thought perhaps creating an optional advertisement to a dynamic collection that he could control another way (e.g.
  using a registry key), giving him the option to trigger deployments.
  Thoughts?

  Having a local DP will ensure that all deployments are made locally if the content is distributed.
  You'll have to get your content there first, if possible build your DP in your main office and ship it to the remote location after. Otherwise use prestage content. Getting GB of stuff throught that link will otherwise take days.
  For your deployment, why does the technician need access to the console  ? Could you deploy to "unknown computers" ?
  Benoit Lecours | Blog: System Center Dudes

• CAS server in the same Site Ex2013

  As per google search, You don't need to have CAS server in the same site as the mailbox then How outlook will connect to Exchange.

  Hi,
  Agree with the above suggestion, there should be both CAS role and mailbox role in one site. CAS server provides authentication and proxy/redirection logic, supporting the client Internet protocols, transport, and Unified Messaging. Proxy and redirection
  also need CAS server.
  If you have any question, please feel free to let me know.
  Best regards,
  Angela Shi
  TechNet Community Support

• SCCM 2012 hierarchy CAS is down will primary sites work

  hi all
  SCCM 2012 hierarchy CAS is down will primary sites work and if primary site down will secondary sites work
  can anyone explain this, how CAS Down will affect the functionality of other primary sites or we can still manage the clients with primary site without any problem.

  Hi,
  if your CAS is down, you can still work with your primary site. You will get into replication trouble and even loose data after an offline time longer than 14 days. If you know that your offline time will be shorter than those 14 days, you will not get into
  trouble. This 14 day duration needs to be configured, I think the default value was 5 days.
  if you have a secondary sites and loose the connection to the primary, you are not able to manage the secondary sites since the SCCM console is only connectable to primary sites and CAS. The MP on your secondary will still collect client data which will
  be transmitted to the primary after an reconnect.
  Regards
  Thomas

• Configure SUSDB_log.ldf Autogrowth Size on SCCM 2012 Standalone Primary Site Server

  I have configured the rest of my .ldf log files for SCCM use according to best practices by SCCM MVPs, but I have not read anywhere that states how I should go about configuring the auto growth for the WSUS database log file (susdb_log.ldf) itself.
  If someone can offer some guidance here, I would greatly appreciate it.
  Thanks

  Thanks Torsten. 
  So after I run the first full sync, I can just use that value to set the initial size like you stated and then use some other value to set the growth rate? There is only about 1,000 clients in this organization and I want to get this WSUS db log file configured
  prior to installing the SCCM primary site on the server. I have used Kent Agerlund's instructions on pre-configuring the SCCM 2012 R2 database and everything looks good there, but just wanted to know how to go about NOT using that 2TB default limit on the
  SUSDB_log. What is a good rule of thumb to use to determine the file growth value? Like 2x or 3x the initial value size? 
  Thanks

• SCCM Primary Site installation fails

  Hello!
  In my organization we have two domain/forests. DomainA.local and DomainB.local
  in one forest (DomainA.local) we have sccm 2012 sp1 CAS site. with dedicated database server on sql 2012 sp1 cu5
  in other forest (DomainB.local) we want to setup primary site on sccm 2012 sp1 with dedicated database server on sql 2012 sp1 cu5
  forests have trust both sided.
  all installation accounts have administrative rights on all SC servers. in both domains.
  when i try to install SCCM 2012 primary site in the hierarchy,
  i receiving the errors:
  INFO: Created SQL Server machine certificate for Server [S-SCDB-02.DomainB.local] successfully.
    ERROR: Failed to open certificate store (HRESULT=0x35)    Configuration Manager Setup    9/3/2013 11:56:19 AM    3268 (0x0CC4)
  ERROR: Failed to write S-SCDB-02.DomainB.local SQL Server certificate to store (TrustedPeople) on site server (S-SCDB-01.DomainA.local).
  ERROR: Failed to write certificate of primary site's SQL Server [S-SCDB-02.DomainB.local] to CAS SQL Server [S-SCDB-01.DomainA.local].
  Install user from domainB.local has administrative rights on S-SCDB-01.DomainA.local and sysadmin rights in sql server.
  Also, it has full administrator role on CAS.Of course, it has administrative rights on primary site server and sql server S-SCDB-02.DomainB.local and sysadmin rights.
  WHY????

  >Taking a step back: why? Are you using a CAS and multiple primary sites at all? Do you have 100,000+ clients to manage?
  we need CAS due to our network infrastructure.
  thank you for you help.
  we solved problem today.
  it was need to open "windows" ports on the firewall between SCCM Primary Site server and CAS SQL server to give SCCM
  primary site installation process the ability to install the primary site's sql-server's self-signed certificate to CAS sql-server trusted people local store.
  i did not remember this point in deploying documentation((((

• CAS server placement

  Is it mandatory to have CAS server in each AD site where mailbox server is present, can we have following setup in exchange 2013.
  AD Site A
  Mailbox server
  CAS Server
  AD Site B
  Mailbox Server
  All Client request for the mailbox hosted on AD Site B mailbox server will be redirected by Site A CAS server to Site B mailbox server

  Yes.
  http://technet.microsoft.com/en-us/library/aa997281(v=exchg.150).aspx
  Each organization requires at a minimum one Client Access server and one Mailbox server in the Active Directory forest. Additionally, each Active Directory site that contains a Mailbox server must also contain at least one Client Access server. If you're
  separating your server roles, we recommend installing the Mailbox server role first.
  Why not simply make the SiteB mailbox server multi-role? That is recommended.
  Twitter!: Please Note: My Posts are provided “AS IS” without warranty of any kind, either expressed or implied.

• Can we assign 2 IPs for a SCCM 2012 primary site server and use 1 IP for communicating with its 2 DPs and 2nd one for communicating with its upper hierarchy CAS which is in a different .Domain

  Hi,
  Can we assign 2 IPs for a SCCM 2012 primary site server and use 1 Ip for communicating with its 2 DPs and 2nd one for communicating with its upper hierarchy CAS . ?
  Scenario: We are building 1 SCCM 2012 primary site and 2 DPs in one domain . In future this will attach to a CAS server which is in different domain. Can we assign  2 IPs in Primary site server , one IP will use to communicate with its 2 DPs and second
  IP for communicating with the CAS server which is in a different domain.? 
  Details: 
  1)Server : Windows 2012 R2 Std , VM environment .2) SCCM : SCCM 2012 R2 .3)SQL: SQL 2012 Std
  Thanks
  Rajesh Vasudevan

  First, it's not possible. You cannot attach a primary site to an existing CAS.
  Primary sites in 2012 are *not* the same as primary sites in 2007 and a CAS is 2012 is completely different from a central primary site in 2007.
  CASes cannot manage clients. Also, primary sites are *not* used for delegation in 2012. As Torsten points out, multiple primary sites are used for scale-out (in terms of client count) only. Placing primary sites for different organizational units provides
  no functional differences but does add complexity, latency, and additional failure points.
  Thus, as the others have pointed out, your premise for doing this is completely incorrect. What are your actual business goals?
  As for the IP Addressing, that depends upon your networking infrastructure. There is no way to configure ConfigMgr to use different interfaces for different types of traffic. You could potentially manipulate the routing tables in Windows but that's asking
  for trouble IMO.
  Jason | http://blog.configmgrftw.com | @jasonsandys