Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 996
  • Last Modified:

SCCM Branched DP

I have an SCCM server on a 192.x.x.x address.
I have setup a branched DP on a machine on a 10.137.65.x address.
I have replicated all my packages to the new DP.

When I put a client PC on a 10.137.65.x address (the same subnet as the DP) and run a task sequence, the network on the DP machine stays at 0% utilisation. Am I correct in expecting the client to pull the data from the DP.

I would appreciate any advice on how I can ensure clients run from the branched DP and also how to check which machine the client is pulling the files from.

Thanks.
0
IM&T SRFT
Asked:
IM&T SRFT
  • 2
1 Solution
 
fswilliamsCommented:
Use protected dustribution points to ensure clients are only allowed to download from a specific DP.

Checking the client ContentTransferManager.log for client downloading package from the correct distribution point:

Checking the contenttransfermanager.log for a specific job ID:

Starting CTM job {xxx-xxxxx-xxxxxxxxxxx-xxxxxxxx-xxxxxxxxxxx}
Created CTM job {xxx-xxxxx-xxxxxxxxxxx-xxxxxxxx-xxxxxxxxxxx}
[LOG[CTM job {xxx-xxxxx-xxxxxxxxxxx-xxxxxxxx-xxxxxxxxxxx} entered phase CCM_DOWNLOADSTATUS_DOWNLOADING_DATA]
Queued location request '{yyyy-yyyyyyy-yyyyyyyyyy-yyyyyyyyyyy-yyyyy}' for CTM job '{xxx-xxxxx-xxxxxxxxxxx-xxxxxxxx-xxxxxxxxxxx}
Persisted locations for CTM job {xxx-xxxxx-xxxxxxxxxxx-xxxxxxxx-xxxxxxxxxxx}
Persisted locations for CTM job {xxx-xxxxx-xxxxxxxxxxx-xxxxxxxx-xxxxxxxxxxx}
CTM job {xxx-xxxxx-xxxxxxxxxxx-xxxxxxxx-xxxxxxxxxxx} (corresponding DTS job {xxx-xxxxx-xxxxxxxxxxx-xxxxxxxx-xxxxxxxxxxx}) started download from 'http://DISTRIBUTION POINT NAME/SMS_DP_SMSPKGD$/OTL00018/zzz-zzzzzzzzzz-zzzzzzzzzzz-zzzzzzzzzzz-zzz
CTM job {xxx-xxxxx-xxxxxxxxxxx-xxxxxxxx-xxxxxxxxxxx} entered phase CCM_DOWNLOADSTATUS_DOWNLOADING_DATA
CTM job {xxx-xxxxx-xxxxxxxxxxx-xxxxxxxx-xxxxxxxxxxx} successfully processed download completion.

Checking the security event log of the distribution point will show logon and log off events from clients to the distribution point after successful software deployment. Below an example from a Windows 2008 server:

Authentication from client host to to distribution point event logs:

An account was successfully logged on.
Logon Type: 3
New Logon:
Security ID: domain\clientname
Account Name: clientname
Account Domain: domain
Logon ID: 0x55e3b48d
Logon GUID: {xxx-xxxx-xxxx-xxxxx-xxxxx-xxxx}
Network Information:
Workstation Name:
Source Network Address: 169.254.10.10
Source Port: 1274
Detailed Authentication Information:
Logon Process: Kerberos
Authentication Package: Kerberos
Key Length: 0

Corresponds with application system logs on client event logs:

Log Name: Application
Source: SmsClient
Date: Somedate
Event ID: 10024
Task Category: None
Level: Information
Keywords: Classic
User: N/A
Computer: clientname.domain.com
Description:
Download of the content "aaa-bbbbb-cccccccccc-bbbbb-aaaaaaaa" - "1" has completed successfully.
0
 
kevinh52Commented:
Others need to chime in but.

If i remember correctly,  They pull from the local DP that has been protected.
So it needs protected.
If not if fails back to one that is protected.

and the Task sequence's smsts.log should tell you what DP it picked.
It is usually on the client the task sequence was run on.
0
 
kevinh52Commented:
Sorry was late submitting
0

Featured Post

NFR key for Veeam Backup for Microsoft Office 365

Veeam is happy to provide a free NFR license (for 1 year, up to 10 users). This license allows for the non‑production use of Veeam Backup for Microsoft Office 365 in your home lab without any feature limitations.

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now