locked
How is the step-by-step install client agent in perimeter network (DMZ) computer? RRS feed

  • Question

  • Hi all,

    would like to know how should be the step-by-step to install the client agent onto the workgroup computer which sit in the perimeter network (DMZ)?

    Any technet article to refer to?


    regards, Han Seen.



    • Edited by Han Seen Tuesday, August 7, 2012 11:33 AM
    Tuesday, August 7, 2012 9:43 AM

Answers

All replies

  • http://technet.microsoft.com/en-us/library/gg712298.aspx: "How to Install Configuration Manager Clients on Workgroup Computers "

    Torsten Meringer | http://www.mssccmfaq.de

    • Proposed as answer by Jörgen NilssonMVP Tuesday, August 7, 2012 10:10 AM
    • Marked as answer by Han Seen Thursday, August 9, 2012 8:54 AM
    Tuesday, August 7, 2012 9:58 AM
  • HI Torsten,

    Thanks. That means i should follow the same steps from the link you provided even the workgroup computer is in DMZ (perimeter network) right? 

    Then how about the Internet-based client management (IBCM) ?


    regards, Han Seen.

    Tuesday, August 7, 2012 11:37 AM
  • Then how about the Internet-based client management (IBCM) ?



    This is also there in the link provided above check out "How to Install Configuration Manager Clients for Internet-based Client Management". You should have PKI infra in place to achieve this.

    Anoop C Nair - @anoopmannur :: MY Site:  www.AnoopCNair.com :: FaceBook:  ConfigMgr(SCCM) Page :: Linkedin:  Linkedin<

    • Proposed as answer by Erick McCue Tuesday, June 9, 2015 6:22 PM
    Tuesday, August 7, 2012 11:48 AM
  • Hi Torsten, 

    i've installed the client agent follow the step given from your URL link. 

    However, the computer still  isn't listed with the agent installed in configuration manager console. Any place to look at or which port should be open?


    regards, Han Seen.

    Wednesday, August 8, 2012 7:49 AM
  • The required ports are listed in the docs: http://technet.microsoft.com/en-us/library/gg682180.aspx. You could also check your firewall's logs if something was blocked.
    Is the client registered (ClientIDManagerStartup.log), does it find an MP (ClientLocation.log, LocationServices.log)?

    Torsten Meringer | http://www.mssccmfaq.de

    Wednesday, August 8, 2012 9:46 AM
  • The required ports are listed in the docs: http://technet.microsoft.com/en-us/library/gg682180.aspx. You could also check your firewall's logs if something was blocked.
    Is the client registered (ClientIDManagerStartup.log), does it find an MP (ClientLocation.log, LocationServices.log)?

    Torsten Meringer | http://www.mssccmfaq.de

    Believe the client is couldn't find the MP.

    There are errors in  

    ClientIDManagerStartup.log

    RegTask: Failed to refresh MP. Error: 0x80004005

    LocationServices.log

    Unable to retrieve AD forest + domain membership

    Failed to persist Default Management Point Locations locally


    regards, Han Seen.

    Friday, August 10, 2012 1:09 AM
  • To Implement IBCM you nee to have a few things.

    1.You need to have a Cert with a private Key (Install this on your internet facing DP).

    2.You will need to implement HTTPS on the DP that you have internet facing in your DMZ.

    3. You need to run a scrip on the the clients so they can use the IBCM here is the script I used.

    Ccmsetup.exe /usepkicert smsmp=FQDN Primary Site ccmhostname=FQDN of DMZ DP smssitecode=Sitecode

    This works great it just takes some doing. You need to understand how certs work ,and how your DP is setup

    Erick  

    Tuesday, June 9, 2015 6:27 PM