Friday, August 19, 2011 4:52 PM
I'm on a middle of deployment the SCCM on a new company. I've installed and configured the SCCM server and after that I started a deployment (push install) to network equipaments. All the equipaments installed the client and start to report to SCCM server. The only problem occurried on the TMG Server equipament.
Based on this, I've created a new acces rule on the TMG server allowing comunication (all outbound protocols) from [SCCM Server and Localhost] to [SCCM Server and Localhost]. Even with this rule configured, I cannot install.
I made a logging action on TMG to log the 'conversation' between the SCCM server and TMG during the instal process. On this log, the following appears:
172.16.2.176 172.16.1.254 135 RPC (all interfaces) Closed Connection [System] Allow remote management from selected computers using MMC 0x80074e24 FWX_E_CONNECTION_KILLED
Where 172.16.2..176 is my SCCM server and 188.8.131.52.254 is my TMG.
Then I Edit the System policy 'Allow remote management from selected computers using MMC' and included the SCCM machine, but the same problem occur.
The CCM.log on the SCCM server is below:
CWmi::Connect(): ConnectServer(Namespace) failed. - 0x800706ba
Unable to connect to WMI on remote machine "SRV-FIREWALL", error = 0x800706ba.
What can I do ?
Friday, August 19, 2011 5:05 PM
Not sure, you have already seen this or not
Anoop C Nair - Twitter @anoopmannur
MY BLOG: http://anoopmannur.wordpress.com
This posting is provided AS-IS with no warranties/guarantees and confers no rights.
Friday, August 19, 2011 5:12 PMI dont think so, because on TMG I've already allowed all traffic between the SCCM server and TMG localhost.
Saturday, August 20, 2011 12:38 AM
What's the definition of "All Outbound Protocols"? This is not a default protocol set in TMG. Also, "Outbound" is the wrong direction to allow.
The only things you need to allow are inbound RPC and inbound file and print sharing from the ConfigMgr site server to the TMG server: http://technet.microsoft.com/en-us/library/bb694088.aspx.
The easier solution is to just run the client agent installation locally on the TMG system. You don't need to open anything to allow the agent to communicate to the site server because all agent communication is agent initiated.
Jason | http://myitforum.com/cs2/blogs/jsandys | Twitter @JasonSandys
Wednesday, February 15, 2012 6:36 PM
Did you find the solution? I have the same problem.
Friday, February 17, 2012 1:05 AMHonestly, just install it manually on them and move on. It's not worth spending a lot of time troubleshooting a handful of systems that you know have a particular configuration preventing the actin from happening.
Jason | http://blog.configmgrftw.com | Twitter @JasonSandys