locked
Client Installation on DMZ workgroup server RRS feed

  • Question

  • Hi,

    Please let me know how the DMZ workgroup client communicate with SCCM 2012 server which is in domain.

    Also what client installation properties we need to mentioned while manully installing the client on DMZ workgroup server.

    Whether PKI certificate will required for authentication?

    I thing only http 80 port will required for communication, please correct if I am wrong.

    Please suggest.

    Regards

    Parag

    Friday, January 9, 2015 11:25 AM

Answers

All replies

  • Hi,

    PKI is no requirement you can use HTTP instead of HTTPS.

    Installation instructions are documentet here for a non-pki client http://technet.microsoft.com/en-us/library/gg712298.aspx

    For ports 80 and 10123 is needed for traffic to the MP.

    Regards,
    Jörgen


    -- My System Center blog ccmexec.com -- Twitter @ccmexec

    Friday, January 9, 2015 11:35 AM
  • The key is that the clients in the dmz can communicate and resolve the management point.


    My Blog: http://www.petervanderwoude.nl/
    Follow me on twitter: pvanderwoude

    Friday, January 9, 2015 11:38 AM
  • To add a couple of comments here to Jorgen and Peter's correct reply:

    - ConfigMgr does not care about, use, or rely on the domain membership of clients. It's irrelevant.

    - Domains are about authentication, not communication. Thus, nothing changes communication wise just because a client is not in a domain.

    - ConfigMgr itself does not use AD for authentication -- it uses certificates (either self-signed or PKI). This has nothing to do with HTTPS or HTTP.

    - Some AD authentication is still involved -- in those cases with workgroup clients, that's where the network access account comes in.

    - Port 8530 is also typically required for WSUS communication (see Peter's first link for a complete list of all ports).


    Jason | http://blog.configmgrftw.com | @jasonsandys

    Friday, January 9, 2015 3:10 PM
  • Thanks to all for your inputs.

    I will check the same and update back.

    Friday, January 9, 2015 6:46 PM