Microsoft

Microsoft Endpoint Configuration Manager Feedback

Suggestion box powered by UserVoice - Update: Microsoft will be moving away from UserVoice sites on a product-by-product basis throughout the 2021 calendar year. We will leverage 1st party solutions for customer feedback. Learn more

How can we improve Configuration Manager?

← Ideas

Prevent the SCCM client from using hyper-v IP addresses

If you install Hyper-V on Windows 10, it will create a default adapter and randomly create an IP address, usually in the 172.x.x.x subnet. If by chance, you have a boundary that this random IP address falls into, the SCCM client will think it is part of this boundary, in addition to the boundary associated with it's physical NIC. The client considers both boundaries to be a Current boundary group and will therefore potentially download content from DP's associated within either boundary. In most situations, this additional DP will likely be across a WAN link which of course can cause issues.

39 votes
Vote

We're glad you're here

Please sign in to leave feedback
Signed in as (Sign out)
Close
Close
You have left! (?) (thinking…)
Anonymous shared this idea  ·   ·  Flag idea as inappropriate…  ·  Admin →

7 comments

We're glad you're here

Please sign in to leave feedback
Signed in as (Sign out)
Close
Close
Submitting...
An error occurred while saving the comment
  • Thorsten commented  ·   ·  Flag as inappropriate

    Two years time, problem not solved. Come on Adam, this is an important one.
    Probably it has not that many votes, because of the random nature it primarily affects sites with many boundaries. Also not those using 10.x.x.x IPs only. And, I'm sure, many people probably don't realize the fallback to another boundary's server because they don't read the logs as long as it runs fine 9 out of 10 times.

    @Edd Weaver: Afaik, since W10v1607 there is no need to enable Hyper-V features in order to use the security features that you may refer to. When configuring the security features, the hypervisor layer is automatically enabled. Quick win: no virtual adapter on the machine.
    Ref: Credential guard doc: "Starting with Windows 10, version 1607 and Windows Server 2016, enabling Windows features to use virtualization-based security is not necessary and this step can be skipped."

  • Alex commented  ·   ·  Flag as inappropriate

    Also have this same issue using split tunnel VPN. Would be nice to get this resolved with all the current WFH we want to make sure all VPN clients download from cloud sources

  • Michel Leclerc commented  ·   ·  Flag as inappropriate

    Hyper-v is one of the problem. If computer is used at home (Split VPN) and if the IP of one network adapter (home network IP range or 4G tethering) matches with a corporate IP range there will be a wrong boundary assignment. So in our case computer will download content from Intranet DP instead of Cloud DP. SCCM should only consider network interface that are able to reach configmgr systems !

  • Edd Weaver commented  ·   ·  Flag as inappropriate

    When will this be fixed?
    We have nonoption but to disable hyper-v and lose all the security features it brings

  • Anonymous commented  ·   ·  Flag as inappropriate

    This impacts peer cache subnet detection, especially if the default Hyper-V NIC picks up a PIPA address

  • AdminAdam Meltzer (ConfigMgr Product Team) (Software Engineer, Microsoft Endpoint Configuration Manager) commented  ·   ·  Flag as inappropriate

    Understood. The problem is that the Hyper-V default switch is adding another IP address that's creating an overlapping boundary. I'll move this out of By Design to Noted to keep it on the radar so we can look into possible ways to improve this in the future.

  • Anonymous commented  ·   ·  Flag as inappropriate

    Adam, I don't think I explained this very well. This is happening on the HOST machine not the guest VM. Even without a VM running on the host, windows will install the default switch when the Hyper-V feature is installed. This extra IP address is the one that messes up the host's sccm client.

Ideas: Content

Categories

Feedback and Knowledge Base

(thinking…)