VPN Clients do not use a certain DP point

Saxe 326 Reputation points
2021-08-24T05:52:05.143+00:00

We implemented AOVPN with 2 tunnels, one for device and one for user. Via device tunnel access is only allowed to a DP point inside the VPN net, only user tunnels allows access to our domain and internal things like MP and DP. So if a user is connected and user tunnel works it can download all software via software center but its not using the DP inside VPN net, its using a DP inside domain net.

If client is connected to VPN device tunnel i can ping the DP inside VPN net.

I created two boundaries with type VPN (one for device and one for user) and added those two boundaries to a boundary group, in this group i added the vpn DP as site system server.

If i check Windows Firewall log on the vpn DP i cant see any connections made to it.

What can i do to troubleshoot?

Microsoft Configuration Manager
0 comments
Accepted answer
  1. Saxe 326 Reputation points
    2021-09-13T09:00:35.04+00:00

    I installed this server completely new and made it a domain member and now it works as MP and DP. Thanks for your help.

    one more questions, may you can help, may not :)

    i created two boundaries for vpn tunnels, one for device and one for user and that they should use the server in VPN network.
    but is this setting checking only for existing VPN connection name or is is really checking if the connection is also active?

    If any of the VPN devices is coming back to on-prem then the vpn connection is still present (but not active) and then it should not use
    the MP/DP in VPN network but MP/DP in domain network.

    0 comments

3 additional answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Saxe 326 Reputation points
    2021-09-14T06:51:06.577+00:00

    If any of the VPN devices is coming back to on-prem then the vpn connection is still present (but not active) and then it should not use
    the MP/DP in VPN network but MP/DP in domain network.

    looks like that it works as expected... on prem the default MP is in use

    1 person found this answer helpful.
    0 comments
  2. AllenLiu-MSFT 40,316 Reputation points Microsoft Vendor
    2021-08-25T06:41:42.663+00:00

    Hi, @Saxe
    Thank you for posting in Microsoft Q&A forum.

    We may try to start from checking LocationServices.log on client, LocationServices.log records the client activity for locating management points, software update points, and distribution points.

    If the response is helpful, please click "Accept Answer" and upvote it.
    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

  3. Saxe 326 Reputation points
    2021-09-01T14:36:08.12+00:00

    there seems no way to install the MP role on a non domain member server