Remote Policy Initiation for DMZ Workgroup Servers

Hi,

I could successfully see the client as Active for a DMZ workgroup server. When forced run any policy from client properties on the server, it runs fine. However when trying to run the same from the SCCM console, it gives an error as below.

The area in "Black" denotes the name of the server. The message says "<Server Name> is not on".

The ports are already open and I have tested the patch deployments and it works successfully.

January 3rd, 2015 2:55pm

Patch deployment and client notification are two completely different things. Successful patching (or any other standard ConfigMgr activity/action) is meaningless when it comes to client notification. Also, client showing as "active" has nothing to with client notification. Active simply means that the client has reported in to the MP recently (in the form hw inv, sw inv, heartbeat, or a policy request).

Client notification requires a persistent connection initiated by the client to the client's MP on port 10123 (or 80 as the client will fallback to 80 if 10123 if not available although this does cause more load on the MP).

However, the dialog you have above is not generated by ConfigMgr or client notification. It looks like it is being generated by one of the right-click tools which truly have nothing to do with ConfigMgr. For most of the tools to work, you must be able to communicate from the console you are working on (since the console is calling the right-click tool) to the target system. Some right-click tools use psexec or WMI and some use WinRM. If the tool cannot make a connection on the appropriate protocol channel, then it will give you the above message. Ultimately as mentioned though, this has nothing to do with ConfigMgr

Free Windows Admin Tool Kit Click here and download it now
January 3rd, 2015 7:33pm

How are you initiating the policy download from the Console? Right click Tool or the Client Notification feature?
January 4th, 2015 10:51am

Hello Kent,

I have read your books as well. Good Stuff!

In this scenario, I am using Right click tools. What is strange is there are 2 servers in DMZ as of now but it works for one of them but i am unable to remote trigger it for another.

Could it be something with the ports on this particular server ?

January 6th, 2015 9:43am

Hi,

>>Could it be something with the ports on this particular server ?

You could try to use package capture tool to check whether it is a ports issue.

Best Regards,

Joyce

Free Windows Admin Tool Kit Click here and download it now
January 7th, 2015 11:02am

Thanks Joyce,

Could you give me some more details regarding this tool's name etc.

Moreover, its only the remote triggering from the console which is not working, apart from it, everything works as desired.

January 7th, 2015 12:52pm

Hi,

Microsoft Network Monitor

http://www.microsoft.com/en-us/download/details.aspx?id=4865

Best Regards,

Joyce

Free Windows Admin Tool Kit Click here and download it now
January 7th, 2015 1:03pm

Hi Joyce,

I had tried the tool but didn't get much help out of it.

What I had noticed is apart from the remote initiation, I am also unable to see the compliance percent on the console even the software patches were installed successfully on DMZ server, it is still at 0% after quite a few number of days.

February 24th, 2015 3:23am

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics