locked
Client discovered and installed when it should not have RRS feed

  • Question

  • Hello,

    My client installation seems to work great the only issue is it has installed on a client that in my eyes should not have received it.  I am in the process of migrating clients from SCCM 2007 and I have a workstation that received and installed the client that is not part of my site boundaries.  It was discovered through SMS_AD_DISCOVERY_AGENT AD, MP_ClientRegistration and Heartbeat Discovery, however the IP addresses on the machine do not fall into any of my sites boundaries.  I do not have client push installation enabled at all.  I have been using the client install wizard for the discovered workstation to migrate them.  I've checked logs on the workstation and I am trying to find out what or who initiated the client install.  Maybe I am misinterpreting the point of boundaries.  Essentially this client is a VPN only client, no ip addresses that are distributed by VPN are part of the site boundaries.  If anyone can clarify this or let me know which log exactly I need to look in and what to look for it would be much appreciated.  We have roughly 100 VPN only machines and this was the only one that received and installed a client.

    Thanks!

    Friday, November 23, 2012 4:46 PM

Answers

  • I'm not sure if the logging/auditing is granular enough to find out who initiated the install; however, strictly speaking,  a client does *not* need to be in a site's boundaries to be managed by that site or have the client agent manually pushed/installed to it. Boundaries define auto-site assignment, content location, and (proxy) MP location -- nothing more. There is a check box in the manual client push that says always install which means the client's site assignment is completely ignored and the push will happen. 

    Jason | http://blog.configmgrftw.com

    Friday, November 23, 2012 8:18 PM

All replies

  • I suppose it is possible that you tried to push the client to one machine and DNS gave you the IP address that this computer was currently using.

    Nash Pherson, Senior Systems Consultant - http://www.nowmicro.com - http://myitforum.com/myitforumwp/author/npherson <-- If this post was helpful, please click "Vote as Helpful".

    Friday, November 23, 2012 6:40 PM
  • I checked all 3 dns servers and there is no entry anywhere for this machine with this address.  The vpn distributes 192.168.x.x addresses, I dont have 192 addresses at all as part of  my site boundaries.  When I right click the client and select properties it shows me all the ip addresses this machine has reported and all of them start with 192.  Im trying to find out if the collections of machines I was using to push the client to contained this workstation but I dont know how it would as all the collections were based on IP address ranges none of which contained 192.

    Friday, November 23, 2012 6:55 PM
  • I'm not sure if the logging/auditing is granular enough to find out who initiated the install; however, strictly speaking,  a client does *not* need to be in a site's boundaries to be managed by that site or have the client agent manually pushed/installed to it. Boundaries define auto-site assignment, content location, and (proxy) MP location -- nothing more. There is a check box in the manual client push that says always install which means the client's site assignment is completely ignored and the push will happen. 

    Jason | http://blog.configmgrftw.com

    Friday, November 23, 2012 8:18 PM