Friday 30 September 2016

Unexpected Change to Configuration Manager Site Client Communications Settings

I thought I'd take a moment to jot this down as I've now seen the issue at a couple of customers. Configuration Manager is deployed to use 'HTTP or HTTPS' as the client communication settings, but it unexpectedly changes to using HTTPS Only. In addition, both Management Point and Distribution Point site system roles also see their settings change from HTTP to using HTTPS.

The root cause has turned out to be Configuration Manager PowerShell. The cmdlet 'Set-CMSite', when used to make other unrelated changes to a site, will flip this setting at the site level even if no security settings are specified in your code.

For example, the following code causes my test environment to change to using HTTPS.

$site = Get-CMSite | Where sitecode -eq TST
Set-CMSite -InputObject $site -GeneralAlertWhenFreeDiskSpaceOnSiteDatabaseIsLow $true 

Now, I don't know if there are a particular set of other factors that come into this or not, but I can reproduce this in at least three environemtns now, two at customers, and one is my own lab. It took ages to figure out why these settings would sometimes change.

I hope this helps someone else understand the issue.

Solution? Manually change settings back, but I haven't figured out how to stop this happening if you don't know about it. When you know about the issue, you can include code to stop this happening. Using the same example above, I do this:

$site = Get-CMSite | Where sitecode -eq TST
Set-CMSite -InputObject $site -GeneralAlertWhenFreeDiskSpaceOnSiteDatabaseIsLow $true -ClientComputerCommunicationType HTTPSorHTTP

This documentation on TechNet says that '-ClientComputerCommincationType' does not have a default value, so I don't know why this issue exists.

https://technet.microsoft.com/en-us/library/jj850085%28v=sc.20%29.aspx?f=255&MSPPError=-2147217396