locked
SMS Client discovery over VPN RRS feed

  • Question

  • Hello,

    I'm working on a problem I have with our SMS clients that will not update while connected to our VPN. We are currently using SMS 2003 R2 on Server 2003 and SQL 2005 in our environment.

    When users connect to our network through a VPN tunnel they will not properly discover the SMS site name unless the subnet of the local network they are connected to is listed within our site boundaries.

    Since we have a good deal of users whom tele-work and utilize Blackberry's as an IP modem, Hotel network, Air card service or even home networks we cannot enter each of those networks as a boundary.

    It was my understandings that if we entered the VPN subnet in our sites boundaries an SMS client should be able to correctly discover our SMS site server. However this is not the case, it seems the local client references the initial network subnet it connects thru (e.g. Blackberry, hotel networks) instead of the VPN subnet.

    Are we missing some configuration setting that would allow our VPN clients once connected to correctly discover the site server from the VPN subnet instead of the subnet the VPN tunnel was established on? I hope that makes since.

    I have been successful with updating a VPN client only if the initial ISP's subnet is listed within the SMS site boundaries. Our VPN subnet is listed within our site boundaries but VPN clients will not properly discover that way.

    Any help would be greatly appreciated.

    Wednesday, November 10, 2010 9:14 PM

Answers

  • Yes to discover a site the IP range MUST be in SMS Boundaries. However why do you client need to find the site anyways? They should be already assigned to the site and this will mean they will use SMS DP as Slow DP. Keep in mind that you really should upgrade to ConfigMgr and look at IBCM to support your clients.


    http://www.enhansoft.com/
    • Marked as answer by jbolton99 Friday, November 12, 2010 4:52 PM
    Friday, November 12, 2010 3:41 PM

All replies

  • Ok, I not sure that I completely follow you. If your users can connect to you network via VPN then they should be able to resolve the SMS site server to an IP. If not then is sound like you have a DNS problem.  If they can resolve the name to an IP address, can you ping it? Can you map a drive to it?

     

    Also understand that NATing is not supported unless you upgrade to ConfigMgr with IBCM.


    http://www.enhansoft.com/
    Thursday, November 11, 2010 1:37 AM
  • I have tested our VPN clients; we are able to resolve our SMS servers name and we can directly ping the IP address while connected to the VPN. The problem occurs with the SMS client trying to discover our SMS server Site ID "HN1" while connected to the VPN.

    Example: Users working at home under the IP address of 192.168.100.10 they then connect to our Corperate VPN at 10.22.0.15. In the SMS client applet under control panel if we tell the SMS client to discover "HN1" it fails.

    We have the VPN IP subnet entered in our SMS boundary list but systems continue to fail to Discover "HN1". However if we enter the users Home network IP subnet into our SMS boundary list (192.168.100.1) the SMS client will properly discover the SMS site server name "HN1".

    My problem is this, we have 800+ users who move back and forth between work, home, hotel, Blackberry networks etc. We cannot enter each of these individual subnets into our Boundary list so that the SMS clients can properly discover the SMS site "HN1" while connected to our VPN. We thought that by simply entering the VPN subnet range into the SMS boundary list that these clients could discover our SMS site "HN1" when connected to our VPN.

    Friday, November 12, 2010 2:48 PM
  • Yes to discover a site the IP range MUST be in SMS Boundaries. However why do you client need to find the site anyways? They should be already assigned to the site and this will mean they will use SMS DP as Slow DP. Keep in mind that you really should upgrade to ConfigMgr and look at IBCM to support your clients.


    http://www.enhansoft.com/
    • Marked as answer by jbolton99 Friday, November 12, 2010 4:52 PM
    Friday, November 12, 2010 3:41 PM
  • We will be upgrading to the ConfigMgr soon, I just wanted to make sure any possible issues I have with clients or other systems could be cleaned up prior to the upgrade. I have a couple more concerns I may be posting on this forum before we go through with the upgrade.

    Perhaps my ingorance with SMS boundaries is the problem here. Just to be sure I understand this properly. An SMS client that has already discovered the SMS site doesn't need to again in order to obtain updates on a subnet which is not listed as a boundary?

    My VPN clients aren't getting updates, I thought a possible reason for this was because while connected to the VPN subnet through a foreign network the clients couldn't "re-discover" the SMS site name.

    Also I want to thank you for your input, its very helpful. I don't have any traditional training other then some CBT's with SMS which leads to many gaps in my knowledge of the system.

    Friday, November 12, 2010 4:13 PM