Configuration Manager and Service Location (Site Information and Management Points)

Topic last updated -- August 2007

Service location in Configuration Manager 2007 refers to the requirement of clients to dynamically locate site information and management points. This information is needed for clients when they assign to a site, and when they download client policy and send client information back to the site.

Service location is independent from name resolution, which maps a computer name to an IP address. Name resolution is performed by WINS and DNS. However, WINS and DNS can also be used for service location. For more information about name resolution in Configuration Manager, see Configuration Manager and Name Resolution.

Note
Configuration Manager clients that are configured for Internet-based client management do not need to locate site information from Active Directory Domain Services or server locator points, and do not need to locate their Internet-based management points. For more information about Internet-based client management, see Deploying Configuration Manager Sites to Support Internet-Based Clients.

All Configuration Manager 2007 clients that are not configured for Internet-based client management need to locate site information when they are assigned to a site, and they need to locate management points when they are first installed and on a regular basis.

Site Information: Active Directory Domain Services

Intranet clients use Active Directory Domain Services as their primary method of service location for both site information, and management points. Configuration Manager 2007 clients can use Active Directory Domain Services for service location if all the following conditions are met:

The Active Directory schema is extended for Configuration Manager 2007
All sites in the hierarchy are published to Active Directory Domain Services
Clients belong to the same Active Directory forest as the site server's forest

If any of these conditions cannot be met, clients must have an alternative method of service location. For site information, the only alternative is to use a server locator point. For management points, alternatives include DNS, a server locator point, or WINS.

Important
If clients fail to locate site information during site assignment, they will be unmanaged. Make sure that clients can access site information from Active Directory Domain Services, or a server locator point.

Site Information: Server Locator Point

A server locator point in a Configuration Manager 2007 hierarchy is used for two purposes when Active Directory Domain Services cannot be used:

Site assignment for clients
Locating default management points for clients

If clients cannot locate site information when they are installed and are either directly assigned to a site or configured to automatically locate a site (auto-site assignment), assignment will fail. Although the client might be installed, it cannot complete site assignment, and in this scenario it will be unmanaged.

If the Active Directory schema has not been extended for Configuration Manager 2007, site information required to complete client site assignment cannot be published to Active Directory Domain Services and clients must have an alternative mechanism to complete site assignment. Additionally, if you have clients that are not in the same Active Directory forest as the site servers (such as workgroup clients or clients from a different Active Directory forest), these clients will not be able to locate the site information they require to complete site assignment, and they must have an alternative mechanism to locate this site information. In either of these scenarios, a server locator point is required.

A server locator point is also required if clients cannot locate the default management point from Active Directory Domain Services, DNS, or WINS.

How Clients Find a Server Locator Point

If clients require a server locator point, this site system's IP address, short name, or fully qualified domain name (FQDN) can be specified when the client is installed using the client.msi property SMSSLP=<server locator point name>. Make sure that a specified short name or FQDN can be resolved using WINS or DNS. For more information about client installation command line options, see About Configuration Manager Client Installation Properties.

If the server locator point is not directly assigned during client installation, clients can locate it through Active Directory Domain Services or WINS:

Clients can automatically find a server locator point through Active Directory publishing if they are in the same Active Directory forest as the site server. This scenario applies if the Active Directory schema has been extended for SMS 2003 but not extended for Configuration Manager 2007. When these conditions apply, there is no requirement to specify the server locator point during installation or manually publish it in WINS.

If you have not extended the Active Directory schema for either SMS 2003 or Configuration Manager 2007, clients can automatically find a server locator point if it is manually published in WINS and if clients have not been installed with the SMDDIRECTORYLOOKUP installation property. For more information about manually publishing the server locator point in WINS, see How to Manually Add Configuration Manager Site Information to WINS.

Note
Although native mode clients cannot locate management points through WINS, they can locate server locator points through WINS. Clients cannot locate server locator points using DNS publishing.

Clients first try to use the server locator point if it is specified on the command line, and if this fails they then try to locate a server locator point from Active Directory Domain Services, and if this fails they then try WINS.

Native Mode Clients Need Additional Configuration to Use Server Locator Points

Server locator points use HTTP as their client communication method even when the site is configured for native mode.

If native mode clients must use a server locator point for site assignment or for locating their default management point, clients must also be configured for HTTP communication for roaming and site assignment.

For more information about this configuration, see the following topics:

Management Points

Configuration Manager clients need to find their assigned site's default management point when they are first installed and assigned to a site. If they cannot find their site's default management point, they cannot be managed.

After clients find their site's default management point, it then becomes their assigned management point. This assignment is always made by the client as a result of finding its assigned site's default management point; administrators cannot assign a specific management point to a client to use as its default management point.

When Clients Find Their Default Management Point

Even after clients have an assigned management point, they periodically perform the same service location request for their site's default management point in case it has changed.

This service location request for a default management point also happens in the following scenarios:

When the client starts up or the service SMS Agent Host is restarted.
When the client detects a network change:
- If the client gets a new or renewed IP address (for example, through DHCP).
- If the network adapter is disconnected and reconnected.
If you specify a new site code, or click Discover on the Advanced tab of Configuration Manager in the client computer's Control Panel, and then click OK or Apply.

How Clients Find Their Site's Default Management Point

Clients locate their default management point using the following mechanisms in the order specified:

Active Directory Domain Services
DNS
Server locator point
WINS

Active Directory Domain Services

When the Active Directory schema has been extended for Configuration Manager 2007 and all sites in the Configuration Manager hierarchy are configured to publish to Active Directory Domain Services, the default management point for each site is published to Active Directory.

In this scenario, Configuration Manager clients that belong to the same Active Directory forest as the site systems will automatically find their default management point through Active Directory publishing using an LDAP query to a global catalog server, and they will not use the other mechanisms to find their default management point. However, if this service location fails (for example, because of unreliable network connectivity), clients will automatically try the next service location method.

If the Active Directory schema has not been extended for Configuration Manager 2007, management points cannot be published to Active Directory Domain Services and clients must have an alternative mechanism to locate their default management point.

Additionally, if you have clients that are not in the same Active Directory forest as the site servers (such as workgroup clients or clients from untrusted domains), these clients will not be able to locate the published management points and must use one of the following alternative mechanisms to locate their default management points.

DNS Publishing

Clients can find their default management point in DNS if the following two conditions are met:

The DNS zone that contains the management point entry (SRV record) must contain a host record for the computer assigned with the management point role. This record can be entered manually, or automatically if the site is configured to automatically publish the default management point in DNS.

For more information, see How to Automatically Publish the Default Management Point to DNS and How to Manually Publish the Default Management Point to DNS.
Clients must be configured with a DNS suffix for site assignment.

For more information, see How to Configure Configuration Manager Clients to Find their Management Point using DNS Publishing.

DNS is the preferred method by which clients locate their default management point if they cannot locate it using Active Directory, and so is suitable for the following clients:

Workgroup clients and clients from another forest
All clients if the Active Directory schema is not extended for Configuration Manager 2007 and the site is not publishing to Active Directory Domain Services.

Using DNS publishing for service location of the default management point is more reliable and scalable than using the next service location methods of WINS or a server locator point. However, if the three conditions for DNS publishing cannot be met, you can use WINS as the mechanism by which clients locate their default management points if the Configuration Manager site is operating in mixed mode.

Server Locator Point

If clients cannot locate management points through Active Directory Domain Services or DNS, they next attempt to locate their default management point with a server locator point.

If you have assigned a server locator point role to a site system in the Configuration Manager hierarchy, management points are automatically published to this server locator point when they are in the same site as the server locator point, or lower in the same branch of the hierarchy. Clients in these sites can use the server locator point to find their default management point.

Server locator points can be assigned to clients by short name or IP address using CCMSetup installation properties. If a server locator point is not directly assigned to clients, clients can locate it, using WINS if the client has not been installed with the SMSDIRECTORYLOOKUP installation property.

WINS

When a site system computer assigned the management point role is configured to use WINS through its TCP/IP configuration, it will automatically publish the management point to WINS, which clients can then use if all other mechanisms to locate their site's default management point has failed.

However, if the site is operating in native mode, clients cannot use WINS to locate management points.

Note
Because WINS does not provide a secure method of storing management point information, a CCMSetup command line property can be used to prevent clients from using WINS for locating management points, even in mixed mode. More information about this SMSDIRECTORYLOOKUP property can be found in the topic About Configuration Manager Client Installation Properties.

Important
An exception to the default management point location mechanism is if you are using a network load balanced (NLB) management point on the intranet. An NLB management point automatically publishes to Active Directory Domain Services and a server locator point, but it must be manually published to WINS. An NLB management point does not publish to DNS. For more information about manually publishing an NLB management point in WINS, see How to Manually Add Configuration Manager Site Information to WINS

Important

An exception to the default management point location mechanism is if you are using a network load balanced (NLB) management point on the intranet. An NLB management point automatically publishes to Active Directory Domain Services and a server locator point, but it must be manually published to WINS. An NLB management point does not publish to DNS. For more information about manually publishing an NLB management point in WINS, see How to Manually Add Configuration Manager Site Information to WINS

How Clients Find Resident Management Points When Roaming

When roaming to other sites, Configuration Manager clients find resident management points from Active Directory Domain Services if both of the following conditions are met:

Active Directory has been extended for Configuration Manager 2007 and the site the client roams into is published to Active Directory Domain Services.
Clients are in the same forest as the site server's forest.

If either of these two conditions does not apply, clients do not contact management points outside their own site. For more information about roaming, see About Client Roaming in Configuration Manager and Example Roaming Scenarios for Configuration Manager: Simple.

Proxy Management Points

If a client's IP address falls within the boundaries of a secondary site that is attached to their assigned site, and it contains a proxy management point, a client can locate this proxy management point in Active Directory Domain Services if both of the following conditions are met:

Active Directory has been extended for Configuration Manager 2007 and the site is publishing to Active Directory.
Clients are in the same forest as the site server's forest.

If either of these two conditions does not apply, clients ask their assigned management point if the secondary site has a proxy management point that they should use.

When clients are using a proxy management point from one of their assigned site's secondary sites, this effectively becomes their resident management point and clients contact it to request client policy, upload inventory data, request content location, and upload status messages. For more information, see Determine Whether a Proxy Management Point is Needed at a Secondary Site.

When clients roam into a secondary site that is not attached to their assigned site, and has a proxy management point, clients do not use the proxy management point as a resident management point to request client policy, upload inventory data, and upload status messages. For more information about this scenario, see Example Roaming Scenarios for Configuration Manager: Simple.