Install SCCM Client on TMG Server

Hello.

I'm on a middle of deployment the SCCM on a new company. I've installed and configured the SCCM server and after that I started a deployment (push install) to network equipaments. All the equipaments installed the client and start to report to SCCM server. The only problem occurried on the TMG Server equipament.

Based on this, I've created a new acces rule on the TMG server allowing comunication (all outbound protocols) from [SCCM Server and Localhost] to  [SCCM Server and Localhost]. Even with this rule configured, I cannot install.

I made a logging action on TMG to log the 'conversation' between the SCCM server and TMG during the instal process. On this log, the following appears:

 

172.16.2.176 172.16.1.254 135 RPC (all interfaces) Closed Connection  [System] Allow remote management from selected computers using MMC 0x80074e24 FWX_E_CONNECTION_KILLED

 

Where 172.16.2..176 is my SCCM server and 172.1.6.1.254 is my TMG.

Then I Edit the System policy 'Allow remote management from selected computers using MMC' and included the SCCM machine, but the same problem occur.

The CCM.log on the SCCM server is below:

CWmi::Connect(): ConnectServer(Namespace) failed. - 0x800706ba
Unable to connect to WMI on remote machine "SRV-FIREWALL", error = 0x800706ba. 

 

What can I do ?

August 19th, 2011 4:52pm

Not sure, you have already seen this or not

http://myitforum.com/cs2/blogs/cstauffer/archive/2009/01/22/sccm-client-push-install-issue-with-wmi-and-rpc.aspx

Free Windows Admin Tool Kit Click here and download it now
August 19th, 2011 5:05pm

I dont think so, because on TMG I've already allowed all traffic between the SCCM server and TMG localhost.
August 19th, 2011 5:12pm

What's the definition of "All Outbound Protocols"? This is not a default protocol set in TMG. Also, "Outbound" is the wrong direction to allow.

The only things you need to allow are inbound RPC and inbound file and print sharing from the ConfigMgr site server to the TMG server: http://technet.microsoft.com/en-us/library/bb694088.aspx.

The easier solution is to just run the client agent installation locally on the TMG system. You don't need to open anything to allow the agent to communicate to the site server because all agent communication is agent initiated.

Free Windows Admin Tool Kit Click here and download it now
August 20th, 2011 12:38am

Did you find the solution?  I have the same problem.

Thank you.

February 15th, 2012 6:36pm

Honestly, just install it manually on them and move on. It's not worth spending a lot of time troubleshooting a handful of systems that you know have a particular configuration preventing the actin from happening.
Free Windows Admin Tool Kit Click here and download it now
February 17th, 2012 1:05am

Hi Jason,

You need to create an Firewall Access Policy Rule on the TMG Server that allows the following protocols

RPC Server (All Interfaces)

RPC (All Interfaces)

Connection - Internal to Localhost

Also ensure that you uncheck RPC Strict Compliance (Right Click, Configure RPC Protocol)

This worked for and installed the SCCM Client 2012 R2 via Client Push

August 9th, 2013 4:14pm

Already long ago that had this problem. If I remember correctly, I disabled the "Enforce strict RPC compliance" in this rule.

Right click on the rule, select Configure RPC Protocol and uncheck the "Enforce strict RPC compliance" setting. Save and test.

Free Windows Admin Tool Kit Click here and download it now
March 3rd, 2015 12:34pm

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics