Hi, we have in our environment around 200 DP globally. I'm troubleshooting issue with DP Authentication when trying to install applications. For background all our workstations are joined in Active Directory "NA" Domain, users are located in different domains depending on the region EU = Europe; NA = North America etc....
Our DP's are configured the standard way as recommend by Microsoft and we have also setup Network access account that can be used during OSD. We have not enabled the "Anonymous login" and don't want to do this either.
Scenario 1
I'm located in Europe, with my workstation I try to install application and checking the logs, I'm redirected to DP in Europe based on boundary setup, and installation completes just fine. Checking IIS logs I can see that I'm authentication using my DOmain\workstation name (ex. na\cnu12324-x7$)
Scenario 2
On the same workstation I've updated my hosts file and point my DP to US Based distribution point. I try to install application, and that fails, checking my logs I see Access Denied error, checking the server I can see incorrect/unknown user account. (Just to be sure, I've tested the installation from workstation located in the US and obviously then it works, and if I check the IIS logs, I can see that I'm authenticating using my computer name)
I like to understand how the authentication works, and why for some reason if I try to use DP in another region my applicaton installation fails. I've done the necessary checks
- Confirm DP's are configured identical
- I'm able to access the content on both DP's using network access account.
If I try to do the same with DP located in Europe it does work and my application downloads/installs correctly.
The way IIS authentication suppose to work for SCCM is (Got the info from this Forum)
- anonymous login
- computer account
- network access account
We like to use this option to quickly test if applicatoni does install correctly from DP, before we have to do any "Redistribute" of content.
Any help would be appreciated.