http://blogs.technet.com/mkleef/archive/2007/08/10/teched-nap-and-sccm-session-question.aspxI had a good question from Jan yesterday after my TechEd session. She posted a comment to my article on SCCM and NAP first thoughts and wanted to know about how you use the Wake On LAN capability when the workstation is powered off (obviously) thoughen-USCommunityServer 2.1 SP1 (Build: 61025.2)http://blogs.technet.com/mkleef/archive/2007/08/10/teched-nap-and-sccm-session-question.aspx#1744426Mon, 13 Aug 2007 08:05:22 GMTd5e57398-b9ef-4490-9955-07cbb4e4a80d:1744426Anthony - YourASP<p>Hey Michael, what software where you using to manage your VM's?</p> <p>It looked pretty handy.</p>http://blogs.technet.com/mkleef/archive/2007/08/10/teched-nap-and-sccm-session-question.aspx#1744577Mon, 13 Aug 2007 08:49:48 GMTd5e57398-b9ef-4490-9955-07cbb4e4a80d:1744577mkleef<p>I was actually using Windows Server Virtualisation (hypervisor) which has its own MMC console. If youre using Virtual Server R2 theres now a decent management tool called VMRCPlus that enhances the management experience of Virtual Server. You can search for that on the download center of Microsoft.com/downloads</p> http://blogs.technet.com/mkleef/archive/2007/08/10/teched-nap-and-sccm-session-question.aspx#1744607Mon, 13 Aug 2007 08:59:43 GMTd5e57398-b9ef-4490-9955-07cbb4e4a80d:1744607Anthony - YourASP<p>Thanks. I am using VMRCPlus at the moment..it's impressive in it's own right.</p> <p>I'll be patient and wait for WSV to come out in some form. :)</p>http://blogs.technet.com/mkleef/archive/2007/08/10/teched-nap-and-sccm-session-question.aspx#1767331Fri, 17 Aug 2007 02:58:07 GMTd5e57398-b9ef-4490-9955-07cbb4e4a80d:1767331Rob<p>Hi Michael, I work with Jan so I thought I might add a bit of detail to the question. The advice from Cisco really just covers whats in the standard in Appendix B1 at <a rel="nofollow" target="_new" href="http://standards.ieee.org/getieee802/download/802.1X-2004.pdf">http://standards.ieee.org/getieee802/download/802.1X-2004.pdf</a></p> <p>The real problem occurs when you configure the cisco switches to use auth fail vlans, and guest vlans. These are designed to place computers which fail authentication into an administrator designated vlan. The interface command s would be something like this.</p> <p> switchport access vlan 900</p> <p> switchport mode access</p> <p> dot1x pae authenticator</p> <p> dot1x port-control auto</p> <p> dot1x control-direction in</p> <p> dot1x guest-vlan 999</p> <p> dot1x auth-fail vlan 999</p> <p>Now when a port has this type of config and the computer is turned off there is a very brief link state transition which causes the port to become unauthenticated. The switch will attempt to start authentication a number of times before timing out and placing the port into the guest vlan.</p> <p>Now the crux of the problem is this. The SMS records for the computer have an IP address from the authenticated access vlan (900 in the example). &nbsp;The wake on lan packet will never be received by the computer because it is in the unauthenticated vlan.</p> <p>The obvious solution is to modify the SMS records to reflect an IP address and subnet in the guest vlan as well. I've used a modified version of the example at <a rel="nofollow" target="_new" href="http://www.microsoft.com/technet/prodtechnol/sms/sms2003/opsguide/ops_64m9.mspx?mfr=true">http://www.microsoft.com/technet/prodtechnol/sms/sms2003/opsguide/ops_64m9.mspx?mfr=true</a> to generate the DDR and this seems to work ok. There is also an option to replace data using the ADDPROP_FULLREPLACE flag.</p> <p>Does SCCM send wakeup packets to each subnet in the SMS discovery record or just the first? Can SCCM exec a script to update the discovery records prior to executing the wakeup?</p> <p>Hope that makes our issues a little bit clearer.</p>