Install SCCM Client on TMG Server


  • Hello.

    I'm on a middle of deployment the SCCM on a new company. I've installed and configured the SCCM server and after that I started a deployment (push install) to network equipaments. All the equipaments installed the client and start to report to SCCM server. The only problem occurried on the TMG Server equipament.

    Based on this, I've created a new acces rule on the TMG server allowing comunication (all outbound protocols) from [SCCM Server and Localhost] to  [SCCM Server and Localhost]. Even with this rule configured, I cannot install.

    I made a logging action on TMG to log the 'conversation' between the SCCM server and TMG during the instal process. On this log, the following appears:

  135 RPC (all interfaces) Closed Connection  [System] Allow remote management from selected computers using MMC 0x80074e24 FWX_E_CONNECTION_KILLED


    Where 172.16.2..176 is my SCCM server and is my TMG.

    Then I Edit the System policy 'Allow remote management from selected computers using MMC' and included the SCCM machine, but the same problem occur.

    The CCM.log on the SCCM server is below:

    CWmi::Connect(): ConnectServer(Namespace) failed. - 0x800706ba
    Unable to connect to WMI on remote machine "SRV-FIREWALL", error = 0x800706ba. 


    What can I do ?

    Friday, August 19, 2011 4:52 PM

All replies

  • Not sure, you have already seen this or not


    Anoop C Nair - Twitter @anoopmannur

    MY BLOG:  http://anoopmannur.wordpress.com

    SCCM Professionals

    This posting is provided AS-IS with no warranties/guarantees and confers no rights.

    Friday, August 19, 2011 5:05 PM
  • I dont think so, because on TMG I've already allowed all traffic between the SCCM server and TMG localhost.
    Friday, August 19, 2011 5:12 PM
  • What's the definition of "All Outbound Protocols"? This is not a default protocol set in TMG. Also, "Outbound" is the wrong direction to allow.

    The only things you need to allow are inbound RPC and inbound file and print sharing from the ConfigMgr site server to the TMG server: http://technet.microsoft.com/en-us/library/bb694088.aspx.

    The easier solution is to just run the client agent installation locally on the TMG system. You don't need to open anything to allow the agent to communicate to the site server because all agent communication is agent initiated.

    Jason | http://myitforum.com/cs2/blogs/jsandys | Twitter @JasonSandys
    Saturday, August 20, 2011 12:38 AM
  • Did you find the solution?  I have the same problem.

    Thank you.

    Wednesday, February 15, 2012 6:36 PM
  • Honestly, just install it manually on them and move on. It's not worth spending a lot of time troubleshooting a handful of systems that you know have a particular configuration preventing the actin from happening.

    Jason | http://blog.configmgrftw.com | Twitter @JasonSandys

    Friday, February 17, 2012 1:05 AM
  • Hi Jason,

    You need to create an Firewall Access Policy Rule on the TMG Server that allows the following protocols

    RPC Server (All Interfaces)

    RPC (All Interfaces)

    Connection - Internal to Localhost

    Also ensure that you uncheck RPC Strict Compliance (Right Click, Configure RPC Protocol)

    This worked for and installed the SCCM Client 2012 R2 via Client Push

    Regards, Manoj R. Nair Microsoft Certified Trainer http://blogs.technet.com/manojnair

    • Proposed as answer by sashgor Tuesday, March 03, 2015 12:24 PM
    Friday, August 09, 2013 4:14 PM
  • Already long ago that had this problem. If I remember correctly, I disabled the "Enforce strict RPC compliance" in this rule.

    Right click on the rule, select Configure RPC Protocol and uncheck the "Enforce strict RPC compliance" setting. Save and test.

    Tuesday, March 03, 2015 12:34 PM