This is a fantastic guide. I was really struggling for clarity on these exact scenarios. We have internal PKI but no public CRL. This cleared up a lot for me as we are looking into implementing CMG. Thank you so much for what you provide for the MEMCM community.
hi Justin thanks for this informative Video I have a question regarding CMG clients I found that internet clients can communicate to internal MP through CMG and get policies and download apps, but the status of the device is always offline on sccm console. once it reverts back to on prims, the device shows as online. what could cause this issue and from where I can start my troubleshooting
Excellent session as always. Quick question: If I have IBCM and and CMG (as we have), I understand clients will switch between the two. What if I turn off / decomission the IBCM server.. Will clients that were connected to it automatically failover to the CMG? Will this only occur if clients are connected back onto the Intranet to pick up a new policy (that suggests the IBCM MP has been removed)??
What are the Pros and Cons of using Enhanced HTTPS over regular HTTPS using certs from internal PKI. How do we decide on which process to use. Is it easier to just use enhanced HTTPS even if you have an internal PKI?
Enhanced HTTPS: Con: - It's self-signed Pro: - It encrypts traffic - It's easy Actually, our blog about the WSUS Signing Certificate is pretty relevant in your question about HTTPS vs E-HTTP patchmypc.com/wsus-signing-certificate-options-for-third-party-updates-in-configuration-manager
Hello Justin, Thank you for Wonderful videos. I didn't get that much deep info even during my sccm training. I have a small question hope you can help me. I was able to successfully configure CMG , internal clients are able to connect to CMG over internet. But the Azure joined machines are not able to connect CMG.
We are planning to implement the CMG for new domain, All users are On-Premise users. Any idea how to push the client policy(or Certificates), once the CMG is setup as all users are connected to internet from last few months and will not connect to VPN/Domain
Hi Justin, Want to say Thank you for the best videos and explanations around different topics. I have a question here: Is there a way to identify or validate if my CMG clients have picked up all the CMG address ?
Hi Justin - For co-management WSUS to work correctly, do we require a CMG? We are in the progress of enabling co-management and seemed to have found an issue whereby WSUS won't work correctly unless we are either connected to our VPN or in office. I'd love to chat with your team regarding this issue.
Hello Team, thanks for this great content! I have a question around VMScale set and geolocation scaling availability. Do we know if using a VMScale set with cloud dp, is content pulled from the blob storage of the vmscale set region? Or is content distributed globally in Azure cloud? I ask this as we have a global organization and would hate to experience download latency for certain location
Can you make a new Guide for people with Classic who have to upgrade. It would be for people who can't use the tool. This is where I am stuck right now I can use the same EHTTP cert and keep the same host name correct
Hope you figured this one out. Sorry for the delay this is a little but to complex to try to resolve on comments. The Microsoft docs for ConfigMgr can often be a great resource.
Hi Justin, Your videos are very helpfull. I have test lab hence I was trying to setup CMG however I don't have the public dna name. My internal domain name is ***.local. CMG was setup successfully however service connection point shows disconnected. Is there any way CMG to work without public dns name?
Patch My PC - the absolute *definitive* source for all things MECM. Thank you for all your contributions to the community.
Thanks for watching
This is a fantastic guide. I was really struggling for clarity on these exact scenarios. We have internal PKI but no public CRL. This cleared up a lot for me as we are looking into implementing CMG. Thank you so much for what you provide for the MEMCM community.
Thanks for watching! - Justin
Thank you Justin for such a great session😊. Hope there will be more coming soon
Thanks, I think we will do more soon!
this video SERIOUSLY saved me :)
Thanks for watching
Thank u so much for detailed explanation. It helped me a lot
You're welcome!
hi Justin
thanks for this informative Video
I have a question regarding CMG clients
I found that internet clients can communicate to internal MP through CMG and get policies and download apps, but the status of the device is always offline on sccm console.
once it reverts back to on prims, the device shows as online.
what could cause this issue and from where I can start my troubleshooting
That's interesting that shouldn't be the case. I'm not sure without knowing more info.
What was the cause??
Excellent session as always. Quick question: If I have IBCM and and CMG (as we have), I understand clients will switch between the two. What if I turn off / decomission the IBCM server.. Will clients that were connected to it automatically failover to the CMG? Will this only occur if clients are connected back onto the Intranet to pick up a new policy (that suggests the IBCM MP has been removed)??
Clients should be able to use the CMG sup if the IBCM is removed.
What are the Pros and Cons of using Enhanced HTTPS over regular HTTPS using certs from internal PKI. How do we decide on which process to use. Is it easier to just use enhanced HTTPS even if you have an internal PKI?
Enhanced HTTPS:
Con:
- It's self-signed
Pro:
- It encrypts traffic
- It's easy
Actually, our blog about the WSUS Signing Certificate is pretty relevant in your question about HTTPS vs E-HTTP patchmypc.com/wsus-signing-certificate-options-for-third-party-updates-in-configuration-manager
Hello Justin, Thank you for Wonderful videos. I didn't get that much deep info even during my sccm training. I have a small question hope you can help me. I was able to successfully configure CMG , internal clients are able to connect to CMG over internet. But the Azure joined machines are not able to connect CMG.
Hopefully, some of the client side logs will help you troubleshoot!
What was the issue? What troubleshooting did you do? Any article or links?
We are planning to implement the CMG for new domain, All users are On-Premise users. Any idea how to push the client policy(or Certificates), once the CMG is setup as all users are connected to internet from last few months and will not connect to VPN/Domain
Are you good to go here?
How did you do? Any article or help?
Hi Justin, Want to say Thank you for the best videos and explanations around different topics. I have a question here: Is there a way to identify or validate if my CMG clients have picked up all the CMG address ?
You can look in the ConfigMgr control panel applet.
Hi Justin - For co-management WSUS to work correctly, do we require a CMG? We are in the progress of enabling co-management and seemed to have found an issue whereby WSUS won't work correctly unless we are either connected to our VPN or in office. I'd love to chat with your team regarding this issue.
Yeah, you will need CMG for Internet clients on co-management to scan.
Could You please provide session about Desktop Analytics
It's on the list for a future session
Is it mandatory to install CMG connection point ,HTTPS MP /SUP on same server ?
No
Is it mandatory???
Hello Team, thanks for this great content! I have a question around VMScale set and geolocation scaling availability. Do we know if using a VMScale set with cloud dp, is content pulled from the blob storage of the vmscale set region? Or is content distributed globally in Azure cloud? I ask this as we have a global organization and would hate to experience download latency for certain location
Last time I checked the docs it is random for CMG-based DPs.
Can you also show us how to configure CMG using VMSS from MECM version 2107
I don't have any current plans to cover this specific topic.
Any idea how to do this?
Can you make a new Guide for people with Classic who have to upgrade. It would be for people who can't use the tool. This is where I am stuck right now I can use the same EHTTP cert and keep the same host name correct
Hope you figured this one out. Sorry for the delay this is a little but to complex to try to resolve on comments. The Microsoft docs for ConfigMgr can often be a great resource.
How did you do? Any article or links to help me?
Hi Justin,
Your videos are very helpfull.
I have test lab hence I was trying to setup CMG however I don't have the public dna name. My internal domain name is ***.local. CMG was setup successfully however service connection point shows disconnected.
Is there any way CMG to work without public dns name?
No, you need a public DNS name, I believe it may be possible to use the .onmicrosoft.com domain though although I haven't done this.
How did you solve this? Any article or help?
Hi please upload it in 1080p then i'll subscribe
Thanks for the feedback