Configure HTTPS Distribution Point as a Source DP for Pull DP

Prajwal Desai
Posted by Prajwal Desai

This post will show you how to configure HTTPS Distribution Point as a Source DP for Pull DP. A pull-distribution point for System Center Configuration Manager is a standard distribution point that obtains distributed content by downloading that from a source location like a client, instead of having the content pushed to it from the site server. Recently for one of the customer I implemented PKI for SCCM. Post the implementation, I noticed that I was unable to configure Pull DP. There was no error but I was unable to set HTTPS distribution point as a source DP for pull DP. After reading this article I got to know more about the issue. It said “Although a pull-distribution point supports communications over HTTP and HTTPS, when you use the Configuration Manager console, you can only specify source distribution points that are configured for HTTP. You can use the Configuration Manager SDK to specify a source distribution point that is configured for HTTPS.

Configure HTTPS Distribution Point as a Source DP for Pull DP

Configure HTTPS Distribution Point as a Source DP for Pull DP

The TechNet article states that it should be possible to do so using the Configuration Manager SDK. You can configure a pull-distribution point when you install the distribution point or after it is installed by editing the properties of the distribution point site system role. A distribution point that you configure as a pull-distribution point can transfer content to clients by HTTP or HTTPS. When you configure the pull-distribution point, you must specify one or more source distribution points. Only distribution points that qualify to be source distribution points are displayed. Only distribution points that support HTTP can be specified as a source distribution points when you use the Configuration Manager console. However, you can use the Configuration Manager SDK to specify a source distribution point that is configured for HTTPS. To use a source distribution point that is configured for HTTPS, the pull-distribution point must be co-located on a computer that runs the Configuration Manager client. A pull-distribution point can be specified as a source distribution point for another pull-distribution point. I was not sure on using the configuration manager SDK to fix this issue. I came across a very good script (click on the link to download it from Technet) written by Kurt B Mayer. This script helps you to set HTTPS Distribution Point as a Source DP for Pull DP.

<#
.SYNOPSIS
Convert an SCCM 2012 Distribution Point into a Pull Distribution Point.

.DESCRIPTION 
The SCCM GUI console will not let admins choose an HTTPS-enabled Distribution Point as the source for a Pull Distribution Point.
This script uses PowerShell to associate an HTTPS-enabled Distribution Point with a Pull Distribution Point for content.
It can be used on both HTTPS-enabled and non-HTTPS-enabled DPs.  It was tested with SCCM 2012 R2 SP1.

.OUTPUTS
Results in a regular Distribution Point becoming a Pull Distribution Point.

.PARAMETER SiteCode
The three-letter SCCM site code in the hierarchy.

.PARAMETER DpSources
Designates one or more source servers that the Pull Distribution Point can get content from.

.PARAMETER DpTarget
Specifies the regular Distribution Point to convert into a Pull Distribution Point.

.EXAMPLE
.Enable-HttpsPullDp -SiteCode 'XYZ' -DpSources 'sccm-primary.mydomain.local' -DpTarget 'sccm-dp.mydomain.local'
Changes a target Distribution Point into a Pull Distribution Point using one or more source servers in the SCCM site.

.NOTES
Version: 1.0
Date: 05/29/2015
Authors: Kurt B. Mayer (MCSE)
#>
#requires -version 3


#Inputs:
param(
    [Parameter(Mandatory=$true)][string]$SiteCode,
    [Parameter(Mandatory=$true)][string[]]$DpSources,
    [Parameter(Mandatory=$true)][string]$DpTarget
)

#Connect to the SCCM site:
$Path = $(Split-Path -Path $env:SMS_ADMIN_UI_PATH -Parent)
$Module = "$PathConfigurationManager.psd1"
Import-Module -Name $Module
Set-Location -Path $($SiteCode + ':')

#Change the regular DP into a pull DP:
$PullDp = Get-CMDistributionPoint -SiteSystemServerName $DpTarget -SiteCode $SiteCode
Set-CMDistributionPoint -DistributionPoint $PullDp -EnablePullDP $true -SourceDistributionPoints $DpSources

Copy the above script and save it with .ps1 extension. Store it in a folder. On the configuration manager server, launch the command prompt, change the path to folder where the script is stored and type the below command.

.Enable-HttpsPullDp -SiteCode 'XYZ' -DpSources 'sccm-primary.mydomain.local' -DpTarget 'sccm-dp.mydomain.local'

Where

DpSources – Designates one or more source servers that the Pull Distribution Point can get content from.

DpTarget – Specifies the regular Distribution Point to convert into a Pull Distribution Point.

Post running this script, you should be able to Configure HTTPS Distribution Point as a Source DP for Pull DP.

Share This Article
Prajwal Desai
Posted by Prajwal Desai
Follow:
Prajwal Desai is a Microsoft MVP in Intune and SCCM. He writes articles on SCCM, Intune, Windows 365, Windows Server, Windows 11, WordPress and other topics, with the goal of providing people with useful information.