SCCM client doesn’t connect to the local SMP during OSD

I recently noticed that one of my computers was connecting to an SMP/DP across a T1 to a remote office to store user state during OSD. After reviewing the logs I saw that it was connecting to the local DP for content, but not for user state storage.

I couldn’t find anything in the logs that explained this behavior, and I checked my boundaries and boundary groups and everything looked good. After failing to resolve this on my own over a few days, I opened a ticket with Microsoft support.

It turns out that while using boundaries to connect a client to the local DP is a feature, connecting to the SMP at the local site is not and the client can connect to any writable SMP, even if its across your slowest WAN connection to a remote office.

You have two options to avoid having the client connect across the WAN for user state storage; check “Enable restore-only mode” in your State Migration Point properties under Administration > Servers and Site System Roles, or check “Capture locally by using links instead of copying files” under the “Capture User Files and Settings” step in your OSD.

Enabling restore-only mode will prevent the SMP from being used to store user state, and user state already stored on the SMP is still available. The problem with this approach is that not only will your other sites not use that SMP to store user state, the local clients won’t use it either so they will be sending user state across the WAN to another SMP. You may have to enable or disable this setting as needed, for example if you are imaging multiple workstations in the same office you could enable this setting on all other SMP’s except the one at the site where computers are being imaged.

Capturing locally by using links instead of copying files would prevent you from having to remember to change the SMP settings frequently as it would be a “set it and forget it” solution which is what I prefer.

Creating Mandatory profiles

Over time I’ve noticed that as the number of GPO settings applied to my Citrix servers grow, so does the user logon times. I’m using XenApp to provide shared hosted desktops, and the logon times have grown to around a minute.

The solution is to use Mandatory profiles ( and redirected folders ) as long as you don’t need for users to be able to save changes. That fits the bill for shared hosted desktops on a server. Instead of having a large number of user GPO settings applied at logon, we’re going to customize the profile and save it to a network share, then set a GPO to use this profile for all users. Now you have a profile with all settings applied and you can eliminate many of those GPO’s you were previously waiting on to apply. You can use Mandatory profiles along with redirected folders so that users can still get their own desktop and documents folders as well.

Instead of creating yet another tutorial, I’m going to point you to Rob Beekman’s excellent blog post on how to create a Mandatory profile.