Remove From My Forums

Client Installation on DMZ workgroup server

Question
0

Sign in to vote

Hi,

Please let me know how the DMZ workgroup client communicate with SCCM 2012 server which is in domain.

Also what client installation properties we need to mentioned while manully installing the client on DMZ workgroup server.

Whether PKI certificate will required for authentication?

I thing only http 80 port will required for communication, please correct if I am wrong.

Please suggest.

Regards

Parag

Friday, January 9, 2015 11:25 AM

Answers

0

Sign in to vote
Hi,

PKI is no requirement you can use HTTP instead of HTTPS.

Installation instructions are documentet here for a non-pki client http://technet.microsoft.com/en-us/library/gg712298.aspx

For ports 80 and 10123 is needed for traffic to the MP.

Regards,
Jörgen

-- My System Center blog ccmexec.com -- Twitter @ccmexec
- Marked as answer by Jason Sandys [MSFT]MVP Friday, January 9, 2015 2:59 PM
Friday, January 9, 2015 11:35 AM
0

Sign in to vote
A client in a workgroup and / or dmz has the same port requirements as any other client. For a complete list see: http://technet.microsoft.com/en-us/library/hh427328.aspx;
For some guidance on installing a client on a workgroup server see: http://technet.microsoft.com/en-us/library/gg712298.aspx;
It's not a ConfigMgr requirement that a client in a workgroup requires a PKI certificate.

The key is that the clients in the dmz can communicate and resolve the management point.
My Blog: http://www.petervanderwoude.nl/
Follow me on twitter: pvanderwoude
- Marked as answer by Jason Sandys [MSFT]MVP Friday, January 9, 2015 2:59 PM
Friday, January 9, 2015 11:38 AM

All replies

0

Sign in to vote
Hi,

PKI is no requirement you can use HTTP instead of HTTPS.

Installation instructions are documentet here for a non-pki client http://technet.microsoft.com/en-us/library/gg712298.aspx

For ports 80 and 10123 is needed for traffic to the MP.

Regards,
Jörgen

-- My System Center blog ccmexec.com -- Twitter @ccmexec
- Marked as answer by Jason Sandys [MSFT]MVP Friday, January 9, 2015 2:59 PM
Friday, January 9, 2015 11:35 AM
0

Sign in to vote
A client in a workgroup and / or dmz has the same port requirements as any other client. For a complete list see: http://technet.microsoft.com/en-us/library/hh427328.aspx;
For some guidance on installing a client on a workgroup server see: http://technet.microsoft.com/en-us/library/gg712298.aspx;
It's not a ConfigMgr requirement that a client in a workgroup requires a PKI certificate.

The key is that the clients in the dmz can communicate and resolve the management point.
My Blog: http://www.petervanderwoude.nl/
Follow me on twitter: pvanderwoude
- Marked as answer by Jason Sandys [MSFT]MVP Friday, January 9, 2015 2:59 PM
Friday, January 9, 2015 11:38 AM
0

Sign in to vote

To add a couple of comments here to Jorgen and Peter's correct reply:

- ConfigMgr does not care about, use, or rely on the domain membership of clients. It's irrelevant.

- Domains are about authentication, not communication. Thus, nothing changes communication wise just because a client is not in a domain.

- ConfigMgr itself does not use AD for authentication -- it uses certificates (either self-signed or PKI). This has nothing to do with HTTPS or HTTP.

- Some AD authentication is still involved -- in those cases with workgroup clients, that's where the network access account comes in.

- Port 8530 is also typically required for WSUS communication (see Peter's first link for a complete list of all ports).
Jason | http://blog.configmgrftw.com | @jasonsandys

Friday, January 9, 2015 3:10 PM
0

Sign in to vote

Thanks to all for your inputs.

I will check the same and update back.

Friday, January 9, 2015 6:46 PM

Products

Resources

Solutions

Updates

Trials

Related Sites

Training

Certifications

Other resources

Support options

More support

Not an IT pro?

Answered by:

Client Installation on DMZ workgroup server

Question

Answers

All replies