Converting to Virtual Machine Scale Set Cloud Management Gateway


I wrote a blog post to highlight the process of creating a Cloud Management Gateway with virtual machine scale set but what if you are already running a classic cloud CMG?

Well from ConfigMgr 2107 you can convert to virtual machine scale set. You’ll need to register Microsoft.KeyVault, Microsoft.Compute and Microsoft.Network beforehand. Info on where to do that is in that previous post.

Note that when you convert the CMG you can change the following settings:

  • VM size
  • VM instances
  • Verify CRL
  • Require TLS
  • Serve content

You cannot change the following settings:

  • Azure environment
  • Subscription
  • Azure AD app
  • Region
  • Resource group

Converting to Virtual Machine Scale Set

To convert the CMG, right click your cloud management gateway in the ConfigMgr console and choose Convert.

The Convert Cloud Management Wizard will appear. Click Next as you can’t alter anything here.

On the Settings page you can change the specific configuration as highlighted in the list previously. I’m going to stick with the defaults here. Click through the wizard to completion.

Keep an eye on the CloudMgr log file for details of the conversion.

You will notice that the CMG Deployment Model now reports as Virtual machine scale set.

When the deployment completes the CMG will be in a ready state but the connector will be Disconnected.

If you take a look at the SMS_CLOUD_PROXYCONNECTOR log file, you’ll see an issue with connection the CMG.

At this stage, you’ll need to make a CNAME record change.

As per the previous blog post:

Now we need to map to the region your CMG will be deployed to plus cloudapp.azure.com. You’ll be given some details on this when you run through the CMG wizard, but as an example I will need to map – memcmggateway.sccmsolutions.co.uk to memcmggateway.eastus.cloudapp.azure.com with my external DNS provider as a CNAME record.

With the external CNAME record updated accordingly, the connection was made.

A quick check with the Connection Analyzer confirms all is good.

For some more tips on modifying a CMG instance, take a look at the official MS docs here.

9 comments

  1. Be sure to register Microsoft.KeyVault, Microsoft.Compute and Microsoft.Network before pressing the “convert” button, otherwise it fails and your CMG becomes orphaned. Trust….

  2. Hello,
    Any idea why I don’t have the “Convert” option (nor in the ribbon, neither in the right-click option) on a :
    CB2107 Site
    Console 2107
    CMG is ready, Cloud Service (Classic)

    I do have to same behavior on two separate sites.

    Thanks and best regards from Switzerland,

    Phil

      1. We are having the same issue as Phil today.
        The option to convert isn’t there. We are on current branch, and believe we saw the option there recently.

        We are using an internal PKI for the CMG cert.

        Andrew

      2. Hi Paul,
        Thanks, that is the problem..
        we use a certificate pointing to xxxx.cloudapp.net
        The “convert” menu is then hide in the console.

        Cheers, Phil

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s