Hello,I have two Management Points: MP1 & MP2I installed Client with the command:ccmsetup /MP:MP1orccmsetup /MP:MP2I see the MP1 and MP2 in the CCMSetup.log during the installation...But later on when running in production I do not see anymore this MP1 and MP2 any more in the ClientLocation,log I see only MP1 which is the "Default" Management Point.Is it correct?How do I know which Management Point is used by the Client?ThanksDomAltiris Support / System Center Configuration Manager Support

You can have only one active/default MP in a site by definition; all others are unused.From http://technet.microsoft.com/en-us/library/bb632400.aspx:Regardless of the number of management point site system roles installed on site systems within a site, clients will only communicate with either the default management point (intranet clients) or their assigned management point (Internet based clients).Jason | http://myitforum.com/cs2/blogs/jsandys | http://blogs.catapultsystems.com/jsandys/default.aspx | Twitter @JasonSandys

Hi Dom,As Jason is replaying there can be only one active MP pr. site. You can check the mp being used by looking at the clientlocation.log and locationservices.log file on the clientKent Agerlund | http://scug.dk/members/Agerlund/default.aspx | The Danish community for System Center products

Hi Kent, Jason,I see but what is the way to have a specific MP for a DMZ?The MP is within the DMZ and has access to external and internal servers.I though having --> Configuration Manager Server (Roles:component server, distribution point, management point, reporting point, server locator point, site server, site system, software update point, site database server, Reporting Service point) --> Management Point Server (Roles:component server, distribution point, management point, site system) --> Client in DMZ would work but it seems I was wrong (: ...So what would be the solution? Do I have to create a new site?Could I use the same site as other servers?Thanks,DomAltiris Support / System Center Configuration Manager Support

Can you clarify why you want a specific MP in the DMZ and you can't use the existing default MP in the intranet? Is it because clients in the DMZ cannot communicate with the intranet MP (firewall issue)?

totally correct the current MP could not communicate with the Clients due to the firewall... and it is about six months we are fighting with Network to open ports so!!! we wanted to move with an MP inside the DMZ which is also able to get out...ThanksAltiris Support / System Center Configuration Manager Support

Then you must use a secondary site to host the second MP; this MP will then be a proxy MP.http://technet.microsoft.com/en-us/library/bb632837.aspxJason | http://myitforum.com/cs2/blogs/jsandys | http://blogs.catapultsystems.com/jsandys/default.aspx | Twitter @JasonSandys

No, I wouldn't try & resolve this with a secondary site. Secondary sites were not designed to prevent client communication to site systems in the primary site. They were designed to help managelow bandwidth connections but not to eliminate all client connections to the primary. For example, I'm told that clientregistration requires management point connectivity to the database, which proxy managementpoints don't have. Additionally, not all site systems are supported in secondary sites.The standard response to this requirement is to create a new site in the DMZ, so that you have only server-to-server connectivity between the two site servers. However, if your site can be configured for native mode, then you have another option: you can install an Internet-based MP/DP/SUP/FSP in the DMZ and configure the DMZ clients for Internet-only management so that they communicate with these site systems only. Internet-only management doesn't support all thefunctionality in Configuration Manager, so if this is an option that's available to you because you have the PKI for native mode, check that you don't need any of these features listed in http://technet.microsoft.com/en-us/library/bb693755.aspx. -CarolThis posting is provided AS IS with no warranties and confers no rights

Correct, clients must register with the MP on a primary site, and client push (using the wizard or primary site discovery) willdownload the client bits and pre-requisites from the primary site MP in most cases.There must either be an MP associated with the primary site in the DMZ or the clients need to be able to communicate with the primary site MP (Although they will retrieve policies and upload data to the MP at the secondary so very little traffic will hit the primary site MP).There are other ways to install the client to avoid this butregistrationstill requires that routing. Native mode willallow you to put the MP in the DMZ and close http portsif that is an option. The link posted above has some good information as well.Stan