Add MP Selection/Priority Setting to PXE-Enabled DP Settings
PXE-Enabled DPs currently pass their Management Point List on to PXE Clients, as reflected in the "ManagementPoints" list in HKLM\SOFTWARE\Microsoft\SMS\DP; this seems to be an alphabetical list of MPs in the infrastructure which may not reflect the actual MP(s) the PXE client should communicate with.
On the PXE-Enabled DP, in HKLM\OSFTWARE\Microsoft\CCM, the AllowedMPs registry value can be created and populated. The PXE Responder will honor this list when setting up the PXE Client's environment.
A field should be added to the PXE settings of a DP to allow configuring of this setting, or to override the site's MP List that gets written to the MP and instead replace it with the administrator's defined list of MPs relevant for the given PXE-Enabled DP.
Mads Nyberg Hansen commented
We have a similar issue where get a management points in untrusted sites if the firewall is somehow open. At least it should respect boundaries, prioritize a mangementpoint if installed on the PXE server and/or pick try one in a local domain at first.
Jerry Abbott commented
I am currently on ConfigMgr 1810 with all of the 1810 Hotfix rollups applied.
I meant to come back and update this. While setting the AllowedMPs registry key does generate what appears to be desired activity in the SMSPXE log, as shown in the screen snip, I've found that I still had issues where my PXE clients would still get directed to the wrong MP, even though the PXE-Enabled DP also has an HTTPS MP hosted on it as well.
I still use the AllowedMPs registry key, but I also found that I have had to use a CI to maintain the "ManagementPoints" value in the HKLM\SOFTWARE\Microsoft\SMS\DP key.
I encountered this problem, as I needed to introduce an HTTP Management Point into my infrastructure to handle some client communications for some Stand-Alone Media builds. When I introduced the HTTP MP into the environment, even though I un-select it from being published with the other MPs in the Management Point Component Properties, and it is not a member of any Boundary Groups for clients, it still gets offered to PXE Clients and gets placed in the PXE-Enabled DP's ManagementPoints list.
Jon W. commented
Jerry, what version of Configuration Manager are you working on where this works for you?