I'm on a middle of deployment the SCCM on a new company. I've installed and configured the SCCM server and after that I started a deployment (push install) to network equipaments. All the equipaments installed the client and start to report to SCCM server. The only problem occurried on the TMG Server equipament.
Based on this, I've created a new acces rule on the TMG server allowing comunication (all outbound protocols) from [SCCM Server and Localhost] to [SCCM Server and Localhost]. Even with this rule configured, I cannot install.
I made a logging action on TMG to log the 'conversation' between the SCCM server and TMG during the instal process. On this log, the following appears:
172.16.2.176 172.16.1.254 135 RPC (all interfaces) Closed Connection [System] Allow remote management from selected computers using MMC 0x80074e24 FWX_E_CONNECTION_KILLED
Where 172.16.2..176 is my SCCM server and 126.96.36.199.254 is my TMG.
Then I Edit the System policy 'Allow remote management from selected computers using MMC' and included the SCCM machine, but the same problem occur.
The CCM.log on the SCCM server is below:
CWmi::Connect(): ConnectServer(Namespace) failed. - 0x800706ba
Unable to connect to WMI on remote machine "SRV-FIREWALL", error = 0x800706ba.
What can I do ?Friday, August 19, 2011 4:52 PM
Not sure, you have already seen this or not
Anoop C Nair - Twitter @anoopmannur
MY BLOG: http://anoopmannur.wordpress.com
This posting is provided AS-IS with no warranties/guarantees and confers no rights.Friday, August 19, 2011 5:05 PM
What's the definition of "All Outbound Protocols"? This is not a default protocol set in TMG. Also, "Outbound" is the wrong direction to allow.
The only things you need to allow are inbound RPC and inbound file and print sharing from the ConfigMgr site server to the TMG server: http://technet.microsoft.com/en-us/library/bb694088.aspx.
The easier solution is to just run the client agent installation locally on the TMG system. You don't need to open anything to allow the agent to communicate to the site server because all agent communication is agent initiated.
Jason | http://myitforum.com/cs2/blogs/jsandys | Twitter @JasonSandysSaturday, August 20, 2011 12:38 AM
Honestly, just install it manually on them and move on. It's not worth spending a lot of time troubleshooting a handful of systems that you know have a particular configuration preventing the actin from happening.
Jason | http://blog.configmgrftw.com | Twitter @JasonSandysFriday, February 17, 2012 1:05 AM
You need to create an Firewall Access Policy Rule on the TMG Server that allows the following protocols
RPC Server (All Interfaces)
RPC (All Interfaces)
Connection - Internal to Localhost
Also ensure that you uncheck RPC Strict Compliance (Right Click, Configure RPC Protocol)
This worked for and installed the SCCM Client 2012 R2 via Client Push
Regards, Manoj R. Nair Microsoft Certified Trainer http://blogs.technet.com/manojnair
Friday, August 09, 2013 4:14 PM
- Proposed as answer by sashgor Tuesday, March 03, 2015 12:24 PM
Already long ago that had this problem. If I remember correctly, I disabled the "Enforce strict RPC compliance" in this rule.
Right click on the rule, select Configure RPC Protocol and uncheck the "Enforce strict RPC compliance" setting. Save and test.Tuesday, March 03, 2015 12:34 PM