I wrote a blog post to highlight the process of creating a Cloud Management Gateway with virtual machine scale set but what if you are already running a classic cloud CMG?
Well from ConfigMgr 2107 you can convert to virtual machine scale set. You’ll need to register Microsoft.KeyVault, Microsoft.Compute and Microsoft.Network beforehand. Info on where to do that is in that previous post.
Note that when you convert the CMG you can change the following settings:
- VM size
- VM instances
- Verify CRL
- Require TLS
- Serve content
You cannot change the following settings:
- Azure environment
- Subscription
- Azure AD app
- Region
- Resource group
Converting to Virtual Machine Scale Set
To convert the CMG, right click your cloud management gateway in the ConfigMgr console and choose Convert.
The Convert Cloud Management Wizard will appear. Click Next as you can’t alter anything here.
On the Settings page you can change the specific configuration as highlighted in the list previously. I’m going to stick with the defaults here. Click through the wizard to completion.
Keep an eye on the CloudMgr log file for details of the conversion.
You will notice that the CMG Deployment Model now reports as Virtual machine scale set.
When the deployment completes the CMG will be in a ready state but the connector will be Disconnected.
If you take a look at the SMS_CLOUD_PROXYCONNECTOR log file, you’ll see an issue with connection the CMG.
At this stage, you’ll need to make a CNAME record change.
As per the previous blog post:
Now we need to map to the region your CMG will be deployed to plus cloudapp.azure.com. You’ll be given some details on this when you run through the CMG wizard, but as an example I will need to map – memcmggateway.sccmsolutions.co.uk to memcmggateway.eastus.cloudapp.azure.com with my external DNS provider as a CNAME record.
With the external CNAME record updated accordingly, the connection was made.
A quick check with the Connection Analyzer confirms all is good.
For some more tips on modifying a CMG instance, take a look at the official MS docs here.
SCCMentor - Paul Winstanley 
Be sure to register Microsoft.KeyVault, Microsoft.Compute and Microsoft.Network before pressing the “convert” button, otherwise it fails and your CMG becomes orphaned. Trust….
Yes totally. I’ll update the post later to stress this.
Hello,
Any idea why I don’t have the “Convert” option (nor in the ribbon, neither in the right-click option) on a :
CB2107 Site
Console 2107
CMG is ready, Cloud Service (Classic)
I do have to same behavior on two separate sites.
Thanks and best regards from Switzerland,
Phil
Hi Phil, are you using external or internal PKI for the CMG cert?
We are having the same issue as Phil today.
The option to convert isn’t there. We are on current branch, and believe we saw the option there recently.
We are using an internal PKI for the CMG cert.
Andrew
You can’t convert if using an internal PKI cert due to the change in domain name. Take a look at the important information here https://docs.microsoft.com/en-us/mem/configmgr/core/clients/manage/cmg/modify-cloud-management-gateway#convert. Follow the steps which Microsoft recommend: create a new internal cert, create a new CMG and then delete the old CMG. Hope that helps. Cheers Paul
Hi Paul,
Thanks, that is the problem..
we use a certificate pointing to xxxx.cloudapp.net
The “convert” menu is then hide in the console.
Cheers, Phil
Will look into it next week. Thanks, Paul!
Good luck with the implementation.
Hi Paul, great article & one I’ll be using to convert our CMG. We can’t convert directly as the service name of our CMG uses a domain name in cloudapp.net so we will need to create a new CMG and go from there. My question is more towards storage, does this mean we will need to re-copy all of the content we have in our existing CMG to the new one, if we are using the same Resource Group?
Hi there, that’s s good question and I’m not sure what the behaviour is here. I’d assume you would have to copy the content up again.