none
sccm 2012 : Install agent in clients without dinamyc ports

    Question

  •  am install sccm2012 in m organization, but install agent in my pc clients obtained error: 53

    The device 192.168.136.4 does not exist on the network. Giving up~  $$<SMS_CLIENT_CONFIG_MANAGER><09-19-2012 17:27:20.050+300><thread=5920 (0x1720)>
    ---> ERROR: Unable to access target machine for request: "2097152014", machine name: "CP-BIBLIO-009",  access denied or invalid network path.  $$<SMS_CLIENT_CONFIG_MANAGER><09-19-2012 17:27:20.050+300><thread=5920 (0x1720)>
    Execute query exec [sp_CP_SetLastErrorCode] 2097152014, 53~  $$<SMS_CLIENT_CONFIG_MANAGER><09-19-2012 17:27:20.054+300><thread=5920 (0x1720)>
    Stored request "2097152014", machine name "CP-BIBLIO-009", in queue "Retry" 

    I was investigate this problem is by restricted dynamic ports . I need to know you must configure ports on the firewall to not open entire range of dynamic ports range 49152 - 65..... and can install agent sccm in clients

    Thursday, September 20, 2012 3:31 PM

Answers

  • The script has nothing to do with setting low level networking behaviors. If you need to do that, you need to tweak Windows itself; however, the point of the script is to "pull" the client install so that remote WMI access is not needed during client installation. Remote WMI access is never needed nor is RPC for the clients unless you are using the built-in client-push.

    Jason | http://blog.configmgrftw.com

    Thursday, May 02, 2013 1:06 PM

All replies

  • Hi,

    I would recommend that you use an alternative ways of deploying the SCCM Client, in your scenario you would have to reconfigure all clients to only use a specific number of RPC ports and that could case issues with applications and other software trying to use the RPC ports.

    I strongly recommend that you have a look at the Client Startup Script created by Jason Sandys which is great, then you can assign the client using a Group Policy startup script and that way you won't have to mess with your firewall or your RPC ports.

    http://blog.configmgrftw.com/?page_id=349

    Regards,
    Jörgen


    -- My System Center blog ccmexec.com -- Twitter @ccmexec

    Thursday, September 20, 2012 5:32 PM
  • Error code 53 (which means "The network path was not found") is usually caused by a name resolution issue and not a firewall issue. Have you verified that the site server can resolve the target's name to a valid IP?

    Jason | http://blog.configmgrftw.com

    Friday, September 21, 2012 2:25 AM
  • Jason I must use SCCM to manage server behind firewall and, obviously, my great problem is to open WMI dynamic port. Looking your blog, I'm finding interesting about your script:

    http://blog.configmgrftw.com/?page_id=349

    If I understand correct, with this script (that I can deploy with GPO) the client will try to connect to the MP server, but where can I set a specific range of RPC port for WMI that client will have to use?

    I want to open only the following port:

    445
    Netbios
    135
    2701
    2702
    60000-60100 (Dynamic port RPC for WMI)

    I've configured the .xml file following your guide:

    <Option Name="LocalAdmin" ></Option>
    <Option Name="SiteCode" >SIT</Option>
    <Option Name="CacheSize">5120</Option>
    <Option Name="AgentVersion">5.00.7804.1000</Option>
    <Option Name="MinimumInterval">0</Option>
    <Option Name="ClientLocation">\\MPSERVER\SMS_DPC\Client</Option>
    <Option Name="MaxLogFile">2048</Option>
    <Option Name="ErrorLocation">\\MPSERVER\Patch\BadLogs</Option>
    <Option Name="AutoHotfix">\\MPSERVER\SMS_DPC\Client</Option>
    <Option Name="Delay" >5</Option>
    <Option Name="WMIScript" >WMIDiag.vbs</Option>
    <Option Name="WMIScriptAsynch" >1</Option>
    <Option Name="WMIScriptOptions" >sms OldestLogHistory=14 LogWMIState BaseNamespace=root\ccm LogFilePath=\\MPSERVER\Patch\BadLogs\WMILogs</Option>
    <InstallProperty Name="SMSFSP"></InstallProperty>
    <InstallProperty Name="SMSMP">MPSERVER.dominio.local</InstallProperty>
    <InstallProperty Name="PATCH1"></InstallProperty>
    <InstallProperty Name="PATCH2"></InstallProperty> <ServiceCheck Name="BITS" State="Running" StartMode="Auto" Enforce="True" />
    <ServiceCheck Name="BITS" State="Running" StartMode="Auto" Enforce="True" />
    <ServiceCheck Name="winmgmt" State="Running" StartMode="Auto" Enforce="True" />
    <ServiceCheck Name="wuauserv" State="Running" StartMode="Auto" Enforce="True" />
    <ServiceCheck Name="lanmanserver" State="Running" StartMode="Auto" Enforce="True" />
    <ServiceCheck Name="RpcSs" State="Running" StartMode="Auto" Enforce="True" />
    <RegistryValueCheck Key="HKLM\SOFTWARE\Microsoft\Ole" Value="EnableDCOM" Expected="Y" Enforce="True" Type="REG_SZ"/>
    <RegistryValueCheck Key="HKLM\SOFTWARE\Microsoft\Ole" Value="EnableRemoteConnect" Expected="Y" Enforce="False" Type="REG_SZ"/>
    <RegistryValueCheck Key="HKLM\SOFTWARE\Microsoft\Ole" Value="LegacyAuthenticationLevel" Expected="2" Enforce="False" Type="REG_DWORD"/>
    <RegistryValueCheck Key="HKLM\SOFTWARE\Microsoft\Ole" Value="LegacyImpersonationLevel" Expected="2" Enforce="False" Type="REG_DWORD"/>

    Thanks a lot for all support.


    Thursday, May 02, 2013 8:39 AM
  • The script has nothing to do with setting low level networking behaviors. If you need to do that, you need to tweak Windows itself; however, the point of the script is to "pull" the client install so that remote WMI access is not needed during client installation. Remote WMI access is never needed nor is RPC for the clients unless you are using the built-in client-push.

    Jason | http://blog.configmgrftw.com

    Thursday, May 02, 2013 1:06 PM
  • The script has nothing to do with setting low level networking behaviors. If you need to do that, you need to tweak Windows itself; however, the point of the script is to "pull" the client install so that remote WMI access is not needed during client installation. Remote WMI access is never needed nor is RPC for the clients unless you are using the built-in client-push.

    Jason | http://blog.configmgrftw.com

    Thanks a lot Jason.

    Now I' ve executed your ConfigMgrStartup.vbs but I receive following error into the log:

    <![LOG[Beginning Execution at 02/05/2013 15:19:48]LOG]!><time="15:19:48.000+0" date="02-05-2013" component="ConfigMgrStartup.vbs" context="" type="1" thread="" file="ConfigMgrStartup.vbs">
    <![LOG[Configuration file not specified on command-line with config switch]LOG]!><time="15:19:48.000+0" date="02-05-2013" component="ConfigMgrStartup.vbs" context="" type="3" thread="" file="ConfigMgrStartup.vbs">
    <![LOG[Finished Execution at 02/05/2013 15:19:48]LOG]!><time="15:19:48.000+0" date="02-05-2013" component="ConfigMgrStartup.vbs" context="" type="1" thread="" file="ConfigMgrStartup.vbs">
    <![LOG[Total script execution time is 0:0:0]LOG]!><time="15:19:48.000+0" date="02-05-2013" component="ConfigMgrStartup.vbs" context="" type="1" thread="" file="ConfigMgrStartup.vbs">
    <![LOG[----------------------------------------]LOG]!><time="15:19:48.000+0" date="02-05-2013" component="ConfigMgrStartup.vbs" context="" type="1" thread="" file="ConfigMgrStartup.vbs">

    Where into the ConfigMgrStartup.vbs file I insert the name and location of the xml file?

    Can I try to execute your vbs without start the WMIDiag.vds? How can I do this? (This because I don't know the effective impact of this script with application that run in production)

    Thanks


    Thursday, May 02, 2013 1:29 PM
  • The documentation lists all of the details.

    For the XML configuration file, it's a command-line switch. For the execution of wmidiag, simply don't include the option in the configuration file; it is not required at all.


    Jason | http://blog.configmgrftw.com

    Thursday, May 02, 2013 3:25 PM
  • The documentation lists all of the details.

    For the XML configuration file, it's a command-line switch. For the execution of wmidiag, simply don't include the option in the configuration file; it is not required at all.


    Jason | http://blog.configmgrftw.com

    Thanks

    Friday, May 03, 2013 10:38 AM
  • The documentation lists all of the details.

    For the XML configuration file, it's a command-line switch. For the execution of wmidiag, simply don't include the option in the configuration file; it is not required at all.


    Jason | http://blog.configmgrftw.com

    Sorry Jason but I'm trying to start the ConfigMgrStartup.vbs but I receive always the same error:

    Configuration file not specified on command-line with config switch

    I don't find any solution, can you help me?

    I'm executing the vbs from the root of the disk and the xml is in the same place.

    Thanks

    Friday, May 03, 2013 2:48 PM
  • Did you specify the configuration file with the /config switch on the command-line?

    You need to explicitly do this, it won't just look for it in the same directory.


    Jason | http://blog.configmgrftw.com

    Friday, May 03, 2013 2:54 PM