Ocelaris Posted August 15, 2012 Report post Posted August 15, 2012 So I'm building out a test environment at my house to migrate our 2007 environment to 2012. I want to set up a DMZ server so our SCUP, FEP, software goes out over the internet. I have walked through all the PKI stuff, set up a server on the DMZ, installed a management point the certificate works, but just trying to figure out how clients which once were on the INTRANET discover the management points on the INTERNET... I've gotten the client to go back and forth between "internet" and "Intranet-only" (sorry no screen grab of the intranet only), but I have a cisco vpn to connect, and I installed the client from the console, it shows up fine. But it looks like the client doesn't know where to reach out to internet facing MP ? I scribbled out the actual internet facing FQDN, but basically I have it working, the cert is installed for *.ocelaris.corp, my FQDN is something.com but I am not sure that the internet facing client is able to reach back to that site. Even though I put in the DMZ facing server publish "something.com"... Does this look right? I'm not able to publish apps to the "Software center" yet... Quote Share this post Link to post Share on other sites More sharing options...
Ocelaris Posted August 18, 2012 Report post Posted August 18, 2012 Ok, so I've gotten further, I redid the certificate, although pretty sure I had it right the first time. I discovered that you should test the management point by exporting the computer's personal ConfigMgr client certificate (including private key!) and import it into IE to test. I did that, and it looks somewhat ok. But on the internet client, it only lists the primary site, not the distribution point in the DMZ. This site explained very well how to test... http://technet.microsoft.com/en-us/library/bb932118(TechNet.10).aspx Testing shows I get the certificate fine but the mplist only gives me the list of the Internal Management point, not the Internet point which is called "cmsec.external.com" (not really external.com, I just am blanking it out). Any ideas? http://<ServerName>/sms_mp/.sms_aut?mpcert http://<ServerName>/sms_mp/.sms_aut?mplist Quote Share this post Link to post Share on other sites More sharing options...
