ConfigMgr SwitchMP

SwitchMP for System Center 2012 Configuration Manager R2 allows you to view the list of Known Management Points that a ConfigMgr Client stores on contact with its Assigned Management Point for the first time, and to restrict access to them temporarily while triggering a Managem
5 Star
1,308 times
Add to favorites
System Center
E-mail Twitter Digg Facebook
  • You mentioned commandline as future option?
    3 Posts | Last post July 16, 2014
    • Hi Robert, Nice utility!  We have a great need for being able to perform this through command-line - would you happen to have this available?
      Thank you,
    • Hello Shelley,
      SwitchMP was a one on one tool, to manage a single Client here or there, to manage many Clients I wrote this:
    • "Hi Robert, Nice utility!"
  • Is this tool compatible to SCCM 2012 SP1?
    2 Posts | Last post June 06, 2014
    • Hi Robert, 
      Is this tool compatible to SCCM 2012 SP1? 
    • Hi SDSCCM,
      It should work, try it, I didn't have SP1 stood up at the time I uploaded the tool here hence why I didn't tick the box saying SP1 is supported. I do believe it will work, as SP1 has the MP Rotation feature and an associated WMI Class that this tool leverages. Try it, let me know your experience and I'll tick the supported box if it works.
  • Can i run this tool to the Client or the SCCM Server?
    2 Posts | Last post June 06, 2014
    • Hi Robert, 
      Addtional question, Can i run this tool to the Client or the SCCM Server? Do you have any guide for this tool? 
    • Hello, the tool is designed for Clients, therefore you run it on anything with a Client installed.
  • More details
    9 Posts | Last post March 04, 2014
    • Hi Rob ! - Many thanks for the tool !!!I've some queries, please have a look.
      1. I've 3 MPs in my MP list. How did you sort the MP list ? I can see untrusted forest MP is listed in the first position and trusted MP in 3rd position. Any preference given here.
      2. Can you please elaborate the following point ?
      "Communication with the Current Management Point is triggered five times to induce Management Point Rotation, depending on if the Current Management Point is being Ignored or Blocked"
      3. Is there any way to copy the logs from the tool?
      4. I'm getting following error/warning or just a message.. Do you know 
      MP rotation did not happen, try again, use a longer timer (I tried 120 seconds also,  no luck)
      cleaning temporary hosts entries
      cleaned temporary host entries 
      5. What is expected entries in clientlocation.log and locationservices.log ? Any sample entries ?
      I can see following entry in clientlocation.log but before running this tool. Will this rotation stop when tool runs properly ?
      Rotating assigned management point, new management point [1] is: (7958) with capabilities: <Capabilities SchemaVersion="1.0"><Property Name="SSLState" Value="0"/></Capabilities>
      Thank You
    • Hi Anoop, glad you like the tool.
      Here's some answers:
      1. The list is formed by iterating through all instances in the SMS_LookupMP class in the CCM Namespace. I read in the instances and populate the list, no post-sorting done by SwitchMP. WMI is not told to sort either.
      2. Via calls to the ConfigMgr Client via WMI, I invoke the TriggerSchedule method from the SMS_CLIENT class in the CCM Namespace. This triggers the Machine Policy Retrieval, I do this five times which in turn triggers Management Point Rotation.
      3. I noticed this yesterday and wanted a copy of the text too. I'll look into this.
      4. Yes, the ConfigMgr Client may ignore the requests for Machine Policy Retrieval and throttle back, entirely undocumented, but through observation you can tell something is happening to restrict Management Point communications. Maybe a cool-off period has to expire if you switch MP's too much. I noticed this in my lab, also made a note in the About box that if you try to switch MP's in succession too quickly the ConfigMgr Client will throttle back. Out of my control. It's not SwitchMP failing, it really has done it's job, the ConfigMgr Client is just not responding, thus my assertion that there is a cool-off period ticking down before it'll respond again. Leave the Client alone for a few minutes then try again.
      5. Observe atypical ConfigMgr Client activity in these logs. ClientLocation shows you Management Point rotation taking place, and SmsClientMethodProvider shows you the five requests for Machine Policy, activity in the Control Panel Applet will show in this log as well as any automation attempts via the SDK. Your looking at these for activity at the time you are using the SwitchMP tool. You don't really need to look at these logs, but handy to know that you can peek behind the scenes and see what ConfigMgr thinks is happening.
      6. No, rotation evaluation will continue to occur by design, have a look at the date stamps. I added Permanent blocks because of this.
    • Many Thanks Rob for the details! 
      Yes, we're struggling with rotation issues. MP in local forest is not getting any preference. 
      For example:-  we've 3 MPs under a primary server. Each MP is under a untrusted forest. The client has access to contact "the MP in it's local forest". However, because of MP rotation, the TS is getting timed out. 
      Do you think, in our scenario (client has access only to one MP), SwitchMP will help   outside TS? Because, our clients don't have access to contact another MPs in the list.
      Thank you
    • I haven't tested this in a Task Sequence. At best you could try to run SwitchMP after the Client has been installed and is running, but that's too late.
      I'll produce a command-line based SwitchMP so that it can be integrated into a Task Sequence allowing you to control flow to a chosen MP very early on in the build process.
      You could test this yourself, WINPE will have a hosts file, just add in the MP's you want to block and MP rotation during OSD should occur quickly.
    • I tested blocking MP's very early on in OSD and it is possible using dynamic bootable media and a prestart command to access hosts file. I'll write a tool to make it easier to do, and blog it shortly.
    • Blogged:
    • Hi Rob ! - Many thanks again. That is pretty fast. Again a cool idea to block MPs.
      The following line is promising for our scenario ...
      "I let the boot image present a list of task sequence which it can only have got from one of the unblocked Management Points so as to prove that you can ignore a specific Management Point"
      Just wanted be bit clearer. Are you still able to see both of your MPs listed in locationservices.log? I think, both the MPs(blocked and unblocked) should be there in the list.
    • Question:  Are you still able to see both of your MPs listed in locationservices.log? I think, both the MPs(blocked and unblocked) should be there in the list.
      Answer: If the Client has received a list of Management Points from it's Assigned Management Point then yes they will show up in LocationServices.
      NOTE: I do not interfere with Client activities or meta data that it stores, therefore assume the Client is fully functional and has not been tampered with by SwitchMP.
      This is a very clean hands-off ConfigMgr solution. I make changes to an OS element only, the OS's hosts file, after which I just ask the ConfigMgr Client to do Machine Policy Retrieval Requests using the well known WMI TriggerSchedule method.
    • Thank You Rob !
  • MP selection
    3 Posts | Last post March 04, 2014
    • Hi Rob ! - Am I correct in assuming that this tool is applicable for the scenario : 
       The client has access to more than one MP and we want to give preference to one MP. 
      I'm not able to assess whether SwitchMP will be useful, when we've more than one MP. But client has access to only one MP other MPs are ALREADY blocked or restricted to the client via FW rules and domain authentication etc...
    • Preference means force assignment? Then yes. As for value proposition, if your Clients are not having a hard time, getting stuck on the wrong MP, then there is none as long as infrastructure fabric is blocking communications appropriately.
      I imagine SwitchMP will be used to tell a small bunch of Clients to specifically use a Management Point local to them to overcome any issues from residing in a DMZ and not being able to reach other Management Points. I doubt that there are more than a handful of customers who will need to handle incorrect Management Point selection but it seems to be happening now and then, not sure of the circumstances that induce it. Essentially if you are having major problems with Management Point Selection then SwitchMP will be stand right out as being useful, with its temporary and permanent Management point bans.
    • Thank you Rob !!