Multiple Primary Sites connected to a CAS

Similar Messages

• Collection Evaluation - multiple primary sites

  Hello: 
  If I have a CAS and multiple primary sites and have a set of collections all created on the CAS, where is the collection evaluation done (I believe coll eval is done only on primary sites)?  Is it done on each primary site independent of others?  
  And then they replicate to CAS and CAS sorts out possible conflicts/discrepancies?   
  So if I set the collection evaluation schedule, is that based on the local time of that particular primary site?  
  Thank you, 
  Mustafa Hamid, System Center Consultant

  Thank you Jason, 
  I think I understand your comment about the managed systems - the systems that are assigned to that primary site.  To take a simple case to help me understand - So if I have a device collection that has a query based on OU name=Dallas and that collection
  evaluates on PS1 and also on PS2.   Both will send their results to the CAS.  Generally they should both evaluate to same result (maybe sometimes a bit different based on the DC they connect to).  It seems in this case they are repeating the
  same work since its all global data?  
  Thank you
  Mustafa Hamid, System Center Consultant

• Do I need multiple primary sites? Some design questions..

  I have about a thousand users & devices, across two sites.   Setting up SCCM 2012 R2 and wondering if I need to have multiple primary sites?
  From everything I've read so far, it seems that a single standalone site will handle tens of thousands of users/devices or some very large number, so I'm not sure if I'd ever need a secondary site or what it's function would be - failover, backup, or is
  it just best practice to have different roles spread across multiple servers?
  I was originally thinking of just doing a single primary site on a single server.  But then I'm not sure if my DP should be separate.
  Can someone point me the the right direction to a high level planning document or blog?
  Thanks
  Nathan

  How many clients are there in total? How many at each location? What's the WAN speed in between?
  Multiple primaries are only needed for scale out purposes (>100k clients)!
  Torsten Meringer | http://www.mssccmfaq.de
  About 500 at each, T1 speeds connect the sites, so I want to enable software metering I think.
  Also - if I have a single server with DP role installed, what kind of RAM/HD requirements are needed?  I know this probably varies with the install/features, but are there any ballpark estimates/starting points posted?  Sorry I know this is probably
  on the MS site somewhere, the the volume of information is hard to weed through.   Update, I found some good guidelines here:
  http://myitforum.com/myitforumwp/2012/06/27/sccm-2012-site-hardware-requirements/
  For 1000 or less users, is a single Gb NIC sufficient?  Sounds like it might be?   Also, when using a virtual machine, do you need to still somehow separate SQL logs & data from OS?
  Update #2, looks like that above post answered that question too:
  If you’re in a VM, it’s not sufficient to have a single VHD file, and having the roles split among 4 virtual drives inside that file.  It’s not sufficient to have that single file on a shared set of remote disks.  It’s not sufficient to have that
  single file on a dedicated set of disks, regardless of the number and size of those disks.  Any VM should be configured to only run the OS, and the 3 other spindles should be dedicated sets of disks, attached to the VM.  Otherwise, it’s like painting
  with watercolors in a hurricane…you’re spending a lot of time, looking creative, with zero value.
  But I'll take any follow up comments or recommendations if you have them on proper VM setup.
  Thanks
  Nathan

• Unknown Computer collection with multiple Primary sites

  Hi All,
  We have a SCCM 2012 SP1 envionment with a CAS and 2 Primary sites in seperate countries. Last week the primary site server in site B was down, this affected PXE boot deployments to the Unknown Computers group across the whole environment eg: site A. PXE
  booting to existing collections worked fine but PXE booting to unknown computers would time out, like the deployment server was waiting for a response from both Site A and Site B site servers.
  Now my question is this expected behaviour? Do the primary site servers across the whole environment need to be up for the Unknown Computers collection to work properly?
  Another thing I noticed is that the admins for Site B have created their own site specific Unknown Computers collection so i'm wondering if this is getting referenced when Unknown Computers PXE boot in Site A.

  I doubt that there's something happening cross-sites, but - as Jason said - logs would be helpful.
  Torsten Meringer | http://www.mssccmfaq.de

• Multiple primary site - Discovery issue

  Hi,
  I am working on a scenario where there is 1 CAS and 3 Primary sites(PS1,PS2,PS3). At PS1 site, Active directory system Discovery is only configured and all the OU for all the sites are added. On the other two Primary sites this discovery was not configured.
  Now I wanted to ask is there any issue due to this , or should I have to configure this discovery on both sites??
  Thanks
  Pallavi

  no, you can still control that. Site Assignment is either based on an AD Query or you hard coding the site code during the install process. Client deployment depends on the method, in this process content boundary Groups and DP's are being used.
  Kent Agerlund | My blogs: blog.coretech.dk/kea and
  SCUG.dk/ | Twitter:
  @Agerlund | Linkedin: Kent Agerlund |
  Mastering ConfigMgr 2012 The Fundamentals

• Solaris 8: Multiple primary interfaces connected to the same network

  I have a machine with Solaris 8, and it has multiple interfaces that are connected to the same network which means they all have metric 0 (1 hop) to the default gateway.
  assume:
  e1000g0: 192.168.30.70
  e1000g2: 192.168.30.72
  e1000g4: 192.168.30.74
  e1000g5: 192.168.30.76
  gateway: 192.168.30.65 (Cisco Router)
  However, it seems like despite the fact that they have a direct connection, they seem to be using e1000g0 to access the 192.168.30.0 network to get to the default gateway and then to anywhere else.
  When I send a ping to say, 192.168.30.74 (IP of e1000g4) and capture packets on e1000g0, I see the "echo reply" messages going out of it as opposed to e1000g4 even though e1000g4 is the one receiving the "echo request". This should not happen and these should be completely independent as they should all be advertising a 1 hop to that network
  The outputs from netstat -rn and ifconfig -a are shown in the picture on the link below
  [http://img836.imageshack.us/img836/7308/ifconfignetstathiddenip.jpg]
  This gets even more confusing when I go into the Cisco router and run the command: "show mac address-table" where only the MAC address of e1000g0 is shown for the switch port it's connected to, but not for the other interfaces which are connected to the switch. Yes, all ports are active (no shut) and are pingable.
  Also, the odd thing is that ALL of these individual MACs show up in the router ARP table when the machine comes up, however after sending a ping to one of them, after a certain expiry or whatever period, the MACs disappear from the router ARP table and only the MAC for e1000g0 shows up. The arp table of the solaris machine however shows all the relevant MACs of each port of the router that it's physically connected to (This is actually a Cisco Switch with the advanced IP services imagine and L3 routing turned on)
  Before anyone asks: The setting local-mac-address? setting does NOT exist in my machine and it never has, but it used to work fine. Also, from the ifconfig command, once can tell that all the MAC addresses are fine.
  I need to somehow assign all these interfaces equal priority and make them understand that they're physically connected to the 192.168.30.0 network and there's no need to go through e1000g0 to get to it.
  This is causing a lot of problems as eventually all traffic will end up going through the e1000g0 interface and that will become a bottle neck.
  Please help Thanks in advance

  Ok thanks. That was a useful response.
  I did think about the trunking software that is claimed to be available for Solaris 8, but it's only available if you've got paid support contract. Oracle came and ruined everything re: Sun support which is so expensive now.
  The other confusion is, we never had that OR needed to configure trunking/link aggregation on this machine, so why now?
  Lastly, by your explanation, this should be expected and is "normal" behaviour, which would mean that this machine was always doing this and I only just noticed it this time? I thought if you turn off ipv4 forwarding and router function in the machine, it's every interface for itself. But it's not doing that :(
  So then the question is, Can I force it? I've tried a bunch of things by manipulating the tables and it seems to mess things up where nothing is getting through or it now shifts all the traffic to some other port make the problem no different
  Is there a way to give equal weight to all interfaces for the traffic to go directly through them that is originating at those ports?

• Can we assign 2 IPs for a SCCM 2012 primary site server and use 1 IP for communicating with its 2 DPs and 2nd one for communicating with its upper hierarchy CAS which is in a different .Domain

  Hi,
  Can we assign 2 IPs for a SCCM 2012 primary site server and use 1 Ip for communicating with its 2 DPs and 2nd one for communicating with its upper hierarchy CAS . ?
  Scenario: We are building 1 SCCM 2012 primary site and 2 DPs in one domain . In future this will attach to a CAS server which is in different domain. Can we assign  2 IPs in Primary site server , one IP will use to communicate with its 2 DPs and second
  IP for communicating with the CAS server which is in a different domain.? 
  Details: 
  1)Server : Windows 2012 R2 Std , VM environment .2) SCCM : SCCM 2012 R2 .3)SQL: SQL 2012 Std
  Thanks
  Rajesh Vasudevan

  First, it's not possible. You cannot attach a primary site to an existing CAS.
  Primary sites in 2012 are *not* the same as primary sites in 2007 and a CAS is 2012 is completely different from a central primary site in 2007.
  CASes cannot manage clients. Also, primary sites are *not* used for delegation in 2012. As Torsten points out, multiple primary sites are used for scale-out (in terms of client count) only. Placing primary sites for different organizational units provides
  no functional differences but does add complexity, latency, and additional failure points.
  Thus, as the others have pointed out, your premise for doing this is completely incorrect. What are your actual business goals?
  As for the IP Addressing, that depends upon your networking infrastructure. There is no way to configure ConfigMgr to use different interfaces for different types of traffic. You could potentially manipulate the routing tables in Windows but that's asking
  for trouble IMO.
  Jason | http://blog.configmgrftw.com | @jasonsandys

• Single Primary Site with CAS

  Hello,
  I have a client with a single primary site server and a CAS. It was installed for some reason, doesn't really matter now why.
  They have two options, leave it up or migrate to a new Primary Site server.
  The questions is, if they leave it up (It's not needed or used), what harm will it do?
  Yes, I know it will make the site simpler to manage but other than that? What would compel them to go through the hassle of a migration to a new server?
  Thanks!
  John

  Short answer:  get rid of it.
  There are a host of complications introduced by having a CAS and it should really only be done if the environment demands it (massive device management count for example).
  In addition to patching complication increase and SQL replication monitoring you now have to do:
  1.  Many roles will need to be installed multiple times.  Example WSUS will be required to be installed on the CAS with a secondary on the Primary for proper functionality.
  2.  Some roles will be required on the CAS, some will be required on the Primary site.  If you aren't well-versed in your SCCM this can be a frustrating path of discovery.
  3.  Then there are roles that _can_ be installed in both locations but don't have to be ... like the reporting server.  This one comes down to login policies and if people will ever log directly into the PRI or just CAS box.
  All these architectural complications come before the "why" is asked ... which is usually driven by one of two things:
  1.  In SCCM 2012 RTM, the CAS had to be installed first or you could never use it.  Some clients did this to avoid potential problems.  This requirement has sense changed.
  2.  In 2007, people used to use multiple primaries as security boundaries.  With SQL replication, collections being uniform across all sites, and the general inclusion of RBAC .... this is now moot.
  Basically don't use CAS unless it absolutely fits the company.  It's a lot more pain than just "one more VM".

• Primary site server a single point of failure?

  I'm installing ConfigMgr 2012 R2, and employing a redundant design as much as possible. I have 2 servers, call them CM01,CM02, in a single primary site, and on each server I have installed the following roles: Management Point, Distribution Point, Software
  Update Point, as well as the installing the SMS Provider on both servers. SQL is on a 3rd box.
  I am now testing failover from a client perspective by powering down CM01 and querying the current management point on the client: (get-wmiobject -namespace root\ccm -class ccm_authority).CurrentManagementPoint . The management point assigned to
  the client flips to the the 2nd server, CM02, as expected. However, when I try to open the CM management console, I cannot connect to the Site, and reading SMSAdminUI log reveals this error: "Provider machine not found". 
  Is the Primary site server a single point of failure? 
  Why can't I point the console to a secondary SMS provider?
  If this just isn't possible, what is the course of action to restore console access once the Primary Site server is down?
  Many Thanks

  Yes, that is a completely false statement. Using a CAS and multiple primaries in fact will introduce multiple single points of failure. The only technical Eason for a CAD a multiple primary sites is for scale out; i.e., supporting 100,000+ managed systems.
  HA is achieved from a client perspective by adding multiple site systems hosting the client facing roles: MP, DP, SUP, App Catalog.
  Beyond that, all other roles are non-critical to client operations and thus have no built-in HA mechanism. This includes the site server itself also.
  The real question is what service that ConfigMgr provides do you need HA for?
  Jason | http://blog.configmgrftw.com

• SCCM Primary Site installation fails

  Hello!
  In my organization we have two domain/forests. DomainA.local and DomainB.local
  in one forest (DomainA.local) we have sccm 2012 sp1 CAS site. with dedicated database server on sql 2012 sp1 cu5
  in other forest (DomainB.local) we want to setup primary site on sccm 2012 sp1 with dedicated database server on sql 2012 sp1 cu5
  forests have trust both sided.
  all installation accounts have administrative rights on all SC servers. in both domains.
  when i try to install SCCM 2012 primary site in the hierarchy,
  i receiving the errors:
  INFO: Created SQL Server machine certificate for Server [S-SCDB-02.DomainB.local] successfully.
    ERROR: Failed to open certificate store (HRESULT=0x35)    Configuration Manager Setup    9/3/2013 11:56:19 AM    3268 (0x0CC4)
  ERROR: Failed to write S-SCDB-02.DomainB.local SQL Server certificate to store (TrustedPeople) on site server (S-SCDB-01.DomainA.local).
  ERROR: Failed to write certificate of primary site's SQL Server [S-SCDB-02.DomainB.local] to CAS SQL Server [S-SCDB-01.DomainA.local].
  Install user from domainB.local has administrative rights on S-SCDB-01.DomainA.local and sysadmin rights in sql server.
  Also, it has full administrator role on CAS.Of course, it has administrative rights on primary site server and sql server S-SCDB-02.DomainB.local and sysadmin rights.
  WHY????

  >Taking a step back: why? Are you using a CAS and multiple primary sites at all? Do you have 100,000+ clients to manage?
  we need CAS due to our network infrastructure.
  thank you for you help.
  we solved problem today.
  it was need to open "windows" ports on the firewall between SCCM Primary Site server and CAS SQL server to give SCCM
  primary site installation process the ability to install the primary site's sql-server's self-signed certificate to CAS sql-server trusted people local store.
  i did not remember this point in deploying documentation((((

• Is 100K devices a hard cap for a Primary Site (or a guideline)?

  Hi,
  I'd like to know if the 'supports up to 100,000 devices' per Primary Site is a hard cap on the number of devices that SCCM 2012 R2 can handle or if it is a recommendation?
  We are using SCCM 2012 R2 and currently have a single Primary Site with about 90K devices.  Very soon, we will be looking at adding a CAS (with multiple Primary Sites) to support our ever growing number of devices.
  Until we get there with the CAS, I'd like to know what to expect if we get over 100K devices.
  Will we break SCCM?
  Will any devices over 100K not be added (and therefore not be managed)?
  Nothing much, but the system may perform more slowly?
  Results will be unpredictable?
  Something else?
  Thanks, Joe.

  Actually, it's not really a guideline either, it's an official statement of support from Microsoft meaning that if you go over this number, you may have issues that Microsoft will not provide support for.
  This is officially documented at https://technet.microsoft.com/en-us/library/gg682077.aspx under the Clients per Hierarchy section.
  Is your org simply close to this number or fearful of going over in the future?
  Remember that a primary site can be expanded into a CAS with multiple primary sites under it if need be in the future.
  Also note that the although the 100,000 client limit has been there since the launch of 2012, that was over three years ago and there are some upcoming releases.
  Jason | http://blog.configmgrftw.com | @jasonsandys

• SCCM 2012 hierarchy CAS is down will primary sites work

  hi all
  SCCM 2012 hierarchy CAS is down will primary sites work and if primary site down will secondary sites work
  can anyone explain this, how CAS Down will affect the functionality of other primary sites or we can still manage the clients with primary site without any problem.

  Hi,
  if your CAS is down, you can still work with your primary site. You will get into replication trouble and even loose data after an offline time longer than 14 days. If you know that your offline time will be shorter than those 14 days, you will not get into
  trouble. This 14 day duration needs to be configured, I think the default value was 5 days.
  if you have a secondary sites and loose the connection to the primary, you are not able to manage the secondary sites since the SCCM console is only connectable to primary sites and CAS. The MP on your secondary will still collect client data which will
  be transmitted to the primary after an reconnect.
  Regards
  Thomas

• One primary site with a remote DP/MP, or two with a CAS server?

  Hi
  For a new SCCM 2012 environment, we have the following setup:
  - HQ site with 1500 PCs/users
  - Branch office in a separate AD site, slow WAN link, 120 PCs/users
  Now, I'd like to keep the setup simple so my first instinct is to deploy one primary site with a server in the branch office fulfilling the MP/DP/PXE/Update Point roles.
  However, the site has a local technician who needs the ability to deploy images to the local machines. Running the console from the branch office to the HQ site is not an option, since consoles (such as ADUC) have very poor performance over the WAN.
  This brings me to the option of either a primary HQ site with a branch secondary site (something I'd like to stay away from, since it requires SQL and the technician would still need to connect the console to the primary site anyway!), or 2 primary sites both
  connected by a CAS server. For what the technician needs, I think this is overkill, and I don't like the idea of the added complexity, or keeping both sites in-step as far as replication is concerned.
  Im leaning towards the 1 primary site, remote MP/DP option, but Im not sure how the technician would image machines without the console. I thought perhaps creating an optional advertisement to a dynamic collection that he could control another way (e.g.
  using a registry key), giving him the option to trigger deployments.
  Thoughts?

  Having a local DP will ensure that all deployments are made locally if the content is distributed.
  You'll have to get your content there first, if possible build your DP in your main office and ship it to the remote location after. Otherwise use prestage content. Getting GB of stuff throught that link will otherwise take days.
  For your deployment, why does the technician need access to the console  ? Could you deploy to "unknown computers" ?
  Benoit Lecours | Blog: System Center Dudes

• Exchange 2013 - Prevent Outlook Clients From Connecting To A CAS Server In A Different AD Site

  Hi all,
  I could really do with your help!
  We have 3 physical sites, A, B & C, with sites A & B having a really fast low latency links between them, so from an AD point of view they are 1 site.  Site C has links to both sites A & B, but the link is a lot slower.
  We have an exchange design with 3 servers (one located at each physical site) that will form a DAG spread over the 3 physical sites.  Ideally we will separate the CAS and mailbox server roles out and have them controlled by a hardware load balancer,
  however we can have both roles on the same server if required.
  What we want, is to prevent is a situation where an outlook client in site C connects to a CAS server in site A/B with the mail being hosted on a mailbox server in site C therefore traversing the network twice to get its mail.
  From doing the Microsoft training course, my understanding is that in Exchange 2013, the CAS server only proxy's the request on to the mailbox server and does not redirect the request to the CAS server in the site where the mailbox server resides.
  I have seen information online stating that a single namespace is the way to go as long as your site links/network bandwidth is good, but nothing to help with our scenario.
  Has anyone else come across this situation and how did you get round it?
  Thanks in advance :)

  Hi Johnson,
  Based on my knowledge, Outlook Client will connect to the CAS server which in local first.
  Please check whether the CAS server that in site C is healthy.
  If the CAS server in site C is healthy, please disable the CAS Load Balance for testing.
  Also found a useful blog for your reference:
  Exchange 2013 Client Access Server Role
  http://blogs.technet.com/b/exchange/archive/2013/01/25/exchange-2013-client-access-server-role.aspx
  Thanks
  Mavis
  Mavis Huang
  TechNet Community Support

• Connect a primary site as a ditribution point to another primary site

  Hi @ all,
  I have a Central site and a primary site server running - all is working fine. Now I have to provide another primary site server. I setuo the server and connected the new site to the Central site - all is working fine.
  But on my forst primary site (P1) are some (many) software packages which I would like to deploy on the new primary site server (P2). Is it possible to establich a connection from P1 to P2 so that I can handle P2 as a distribution point from P1.
  On the other site the only way I see is to copy all software packgaes from P1 to the Central Site and ditribute the packages to the P1 and P2.
  Maybe there is a way which I don't see. Every help is very apreciated.
  Many thanks for your attention.
  Rolf

  Hi Jason,
  thanky for your reply. This way to is not the way I would like to go.
  I'll be able to make a decision, if I sent the package from P1 to P2. I'm sorry, but I did not explain that the P1 and P2 will work in parallel - because the servers are for two different branches. But the P1 server contains software which can be used in
  the other branch offfice. We are using SCCM 2007 R3 - I forgot in my first post.
  I hope this helps to understand which problem I have to solve.
  Regards
  Rofl