question

pasha-mayerov avatar image
0 Votes"
pasha-mayerov asked pasha-mayerov answered

SCCM VPN Client update

Hello.
Structure: SCCM 2010
Primary site (local client) Management point, Distribution point
Site system server: Data base
Site system server(vpn client):Management point, Distribution point, Software update point.

In vpn boundaries, the range of vpn clients is specified.+ vpn border group.

Boundary groups setting:
References: site system server- Site system server(vpn client)
Relationship: Default-Site-Boundary-Group - DP - 120(install app, no updates uploaded to DP), SUP - Never
Options - enabled Prefer cloud based sources over on-premises sources

Client log:
CAS.log no data available
ContentTransferManager.log no data available
how can I force updates via MS servers?

mem-cm-updates
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

pasha-mayerov avatar image
0 Votes"
pasha-mayerov answered

The new creation of border groups and changing the WSUS configuration file helped.

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

RahulJindal-2267 avatar image
0 Votes"
RahulJindal-2267 answered pasha-mayerov commented

Are you looking to use MS CDN servers to provide patch content for MS products? If yes, then just ensure you only select ‘Install over internet using Microsoft Update’ in your deployment assignments and don’t allow download of content from your local DPs. Your boundary group config seems to be accurate for this to work.

· 5
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

I don't have a goal to use Azure. The goal is to use SCCM, but the updates were downloaded via the client's Internet. without loading the VPN tunnel.

0 Votes 0 ·

So you want to ensure that updates don’t get downloaded from internet, is that it? If so, then you just need to make sure that your vpn boundaries are set to use your on-prem site servers, content is on the local DPs and the deployments are configured to download content from local DPs. Remove the option of ‘Prefer could resources over on-prem servers’ from boundary group.

0 Votes 0 ·

My english is bad.
There are users who work from home and they connect via vpn to the work network. I want to update them using SCCM. The task comes from the SCCM website, the client downloads updates from microsoft.
I tried this way:
https://www.terminalworks.com/blog/post/2020/05/17/deploy-windows-updates-through-internet-using-sccm-work-from-home-scenario

https://miketerrill.net/2020/03/18/forcing-configuration-manager-vpn-clients-to-get-patches-from-microsoft-update/

0 Votes 0 ·
Show more comments
Amandayou-MSFT avatar image
0 Votes"
Amandayou-MSFT answered Amandayou-MSFT edited

Hi @pasha-mayerov,

Agree with RahulJindal-2267, content is on the local DPs and the deployments are configured to download content from local DPs, we could refer to the following the screenshot to set it:

81043-324.png



If the response is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.



324.png (50.4 KiB)
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.