Cloud management gateway: addressing common challenges

One common challenge at the moment are very limited Azure Ressorces in the some regions. Tried to deploy a new CMG in any available Europe Region yesterday and it failed two times. Tried in West US failed too. Finally in West US 2 it succeded. 

Thanks for this. I will give it a thorough look over. We implemented a CMG and even with the policy only being deployed to a small pilot we broke thousands of machines. The MP's that clients were using became flooded with over half a million status messages each. Software Center refused to load on any of the machines. On rare occasions when we could get the client to restart we could get software Center to load for a little bit but it did not last. The most helpful thing so far has been to downgrade the client from 1910 to 1906. However even that does not seem to be the silver bullet.

Joseph Buckley Good Day, sorry to hear about the issue you had when enabling CMG. I would definitely be open to some strategic dialogue if you wanted to discuss the details of "what broke", and maybe "how do we/how should we". Feel free to send me a direct message, if you would like to connect.

Thank you for the short videos.  It's helping me go back in and figure out why we are unable to get clients registered to the CMG from the internet.  We had 1910 in our environment when we set up the CMG, with a PKI cert installed and not trusted root cert.  DNS CNAME records created internally and external DNS.  Currently, the environment is set up EHTTP and no AAD/HAAD joined devices.  We upgraded to ConfigMgr 2002, to use the token, so we wouldn't have to register devices in AAD and the OS Versions are not restricted..  Since we were having no luck, I added our Trusted Root Cert to the CMG.  We've tried bulk token registration before I added the Trusted Root Cert and it started to install the client, but failed.  After I've added the Trusted Root it will download all files but the ccmsetup.cab from the CMG and install fails immediately.  It seems, once we switched over to the CMG that all of a sudden I've got warnings and critical messages in component status on mp controller for guids, inventory data loader issues, state system if flooded with messages.  Everything I see from a CMG perspective is set up as it should be.  Any advice?  Should we remove the PKI cert and go to a public provider and remote the trusted root cert too?  When I upgraded from 1910 to 2002, the Primary server did have the ConfigMgr Client on it.  To fix the mp control manager, i was going to uninstall the internal MP, remove client reboot, and reinstall the MP.  One of the messages I remember reading said something about the component not installing properly after the upgrade.  Thanks for the advice.

We have just come across an issue recently where a couple of applications will not download from the CMG to clients. All other apps work fine, the app downloads from the on-prem DP fine. The apps have been recreated and distributed to the CMG but fail to download. The only link we can find so far is both apps have a large number of small files. Wondering if this is the issue. Anyone seen this before?

tobeadvised There's a lot to unpack here but I am going to take a shot at some things you might want to look at.

• Check the logs on the client device and verify that the device is trying to get the content from the CloudDP. The logs will rule out with certainty where the client is trying to get the content from.
• The other thing I would encourage you to look at is to make sure the device is/is not connected to VPN and that VPN is not having an overlap with another boundary. 
• Also, check to make sure that the client setting is assigned to make sure your device can leverage cloud resources

If you continue to have challenges, feel free to DM me and we can kick some ideas around and discuss more specifics as my time allows. Also, feel free to lob a support case if this is something urgent you are trying to solve. 

Hi Danny, I think we have found the cause. We had 2 applications that were having the same issue, actually Microsoft Dynamics CRM was one of them. The common theme was that the source content had lots of files. One had over 4,000 files, CRM had over 12,000. I’m assuming that from the CMG the clients are just more sensitive when trying to download a high number of small files. We had to change the packaging so that there were fewer files, down to hundreds rather than thousands. We don’t use any packaging tools so just have to get a bit creative, but this has been a good lesson and glad we were able to narrow it down.

I'm so confused by the requirement for classic compute and storage?  I thought the classic services are being deprecated and this was an ARM solution?  Why aren't the ARM services for compute and storage being used if classic compute will no longer be supported after in 2023?

Vigitalmoe13 

As you can see here: https://docs.microsoft.com/en-us/azure/virtual-machines/classic-vm-deprecation#how-does-this-affect-me

The CMG "Classic Service" is not impacted by this EOL, it's in the exception list so you don't need to worry about that 🙂