locked
SCCM Client Push Installtion RRS feed

  • Question

  • Hello I am trying to test SCCM client push installation. I used active directory system group discovery as discovery method. All clients(windows 2008 r2) that were on the same subnet reported fine on collection and installed client through client push installation. However two clients that are on two different subnets are not reporting nor clients are install through push installation. I have boundaries setup correctly for these two non reporting client. I have all components of SCCM running on same server. What firewall ports are needed for active directory system group discovery and client push installation. Between SCCM and SCCM Client ?
    ad
    Tuesday, December 6, 2011 10:02 PM

Answers

  • Hi,

    The firewall ports required by Client push is documented here: http://technet.microsoft.com/en-us/library/bb694088.aspx
    Ad System Discovery and system group discovery queries the AD so there are no traffic from the SCCM server to the SCCM client.

    regards,
    Jörgen

     


    -- My System Center blog ccmexec.com -- Twitter @ccmexec
    • Marked as answer by Sabrina Shen Wednesday, December 21, 2011 9:04 AM
    Tuesday, December 6, 2011 10:14 PM
  • It's more than just TCP 445 from server to client for the agent push; it's also uses TCP port 135 as well as a random TCP port above 1024 for RPC connections -- that's part of SMB file sharing. Port 80 is never used from server to client during client push or otherwise.
    Jason | http://myitforum.com/myitforumwp/members/jasonsandys/ | Twitter @JasonSandys
    • Marked as answer by Adnan-Vohra Friday, December 9, 2011 9:00 PM
    • Unmarked as answer by Adnan-Vohra Friday, December 9, 2011 9:00 PM
    • Marked as answer by Sabrina Shen Wednesday, December 21, 2011 9:04 AM
    Thursday, December 8, 2011 9:25 PM

All replies

  • Hi,

    The firewall ports required by Client push is documented here: http://technet.microsoft.com/en-us/library/bb694088.aspx
    Ad System Discovery and system group discovery queries the AD so there are no traffic from the SCCM server to the SCCM client.

    regards,
    Jörgen

     


    -- My System Center blog ccmexec.com -- Twitter @ccmexec
    • Marked as answer by Sabrina Shen Wednesday, December 21, 2011 9:04 AM
    Tuesday, December 6, 2011 10:14 PM
  • Were the two clients in question discovered by AD System Discovery?

    If not, check adsysdis.log on the site server.

    If they were, and you initiated a manual client push (or auto client push is enabled) check ccm.log on the site server.


    Jason | http://myitforum.com/myitforumwp/members/jasonsandys/ | Twitter @JasonSandys
    Thursday, December 8, 2011 3:34 PM
  • sure i will check.

     

    I  requested to open port 80 and 445 from SCCM Server to SCCM Client. Look i can ping my sccm client now and its reported now on collection and had proper site code but the client says NO. I will check logs


    ad
    Thursday, December 8, 2011 3:40 PM
  • looks failed to install looking at ccm.log

     

    CWmi::Connect(): ConnectServer(Namespace) failed. - 0x800706ba    SMS_CLIENT_CONFIG_MANAGER    12/8/2011 11:50:14 AM    2176 (0x0880)
    ---> Unable to connect to WMI on remote machine "SCCMAGENT", error = 0x800706ba.    SMS_CLIENT_CONFIG_MANAGER    12/8/2011 11:50:14 AM    2176 (0x0880)
    ---> Deleting SMS Client Install Lock File '\\10.51.177.210\admin$\SMSClientInstall.DT2'    SMS_CLIENT_CONFIG_MANAGER    12/8/2011 11:50:14 AM    2176 (0x0880)
    Stored request "10.51_177_210.DPTST", machine name "SCCMAGENT", in queue "Retry".    SMS_CLIENT_CONFIG_MANAGER    12/8/2011 11:50:14 AM    2176 (0x0880)


    ad
    • Edited by Adnan-Vohra Thursday, December 8, 2011 6:10 PM
    Thursday, December 8, 2011 5:52 PM
  • It's more than just TCP 445 from server to client for the agent push; it's also uses TCP port 135 as well as a random TCP port above 1024 for RPC connections -- that's part of SMB file sharing. Port 80 is never used from server to client during client push or otherwise.
    Jason | http://myitforum.com/myitforumwp/members/jasonsandys/ | Twitter @JasonSandys
    • Marked as answer by Adnan-Vohra Friday, December 9, 2011 9:00 PM
    • Unmarked as answer by Adnan-Vohra Friday, December 9, 2011 9:00 PM
    • Marked as answer by Sabrina Shen Wednesday, December 21, 2011 9:04 AM
    Thursday, December 8, 2011 9:25 PM
  • sure. I will open 135 and RPC ports and will try again
    ad
    Friday, December 9, 2011 9:00 PM
  • In order to successfully use client push to install the Configuration Manager client, you must add the following as exceptions to the Windows Firewall:

     

    • File and Printer Sharing
    • Windows Management Instrumentation (WMI)
    • TCP Port 135
    • TCP Port 445

    Hossam Wael Elmosallamy (IT Support Engineer-ECC Solutions) MCSE - CCNA hossam.wael@eccsolutions.net Mobile:(011)-49464671 www.eccsolutions.net "Experience Reliability"

    Friday, March 22, 2013 4:52 PM
  • i'm having the same problem?what helped?
    Wednesday, May 7, 2014 11:43 AM