How to manage VPN clients in SCCM 2012
Hi,
In my environment, I have multiple clients over VPN in multiple sites,
now I have problem, I how can I manage those clients for VPN, coz n CM 2012 I have to give boundary group and n boundary group have to give the site server references, and I have only one IP subnet in whole environment, but from that subnet, some clients
are from A site, B site and C site, now can you tell me how to manage them,
How to configure DP for them??
How they can get correct MP?
Sharad Singh | My blogs: SharadTech | Twitter:
@SinghSharaad | | Please remember to click “Mark as Answer” on the post that helps you.This can be beneficial to other community members reading the thread.
Jason,
I have only one IP subnet means I have only one IP subnet for VPN clients n all environment, all clients from all sites which are connecting with VPN they will fall on that VPN IP subnet.
other than have LAN/WAN link for all sites, which I have already configured according to Sites/DP and there s no problem, every thing is working fine.
but for VPN i have only one network which is worldwide, and that network used by all sites, this is the problem, How can I manage that network, and where should I add for boundary/DP for site references???
Sharad Singh | My blogs: SharadTech | Twitter:
@SinghSharaad | | Please remember to click “Mark as Answer” on the post that helps you.This can be beneficial to other community members reading the thread.
Similar Messages
-
How to configure SNMP on all managed client using SCCM 2012 SP1
hi ,
do you know How to configure SNMP on all managed client using SCCM 2012 SP1?As a side note, I made an interesting discovery last week: the SNMP Service is deprecated in Windows Server 2012. Why would you want to use SNMP on an actual Windows OS though? There are far better ways available to monitor Windows. I'm sure that lines
up with why they deprecated it.
Jason | http://blog.configmgrftw.com -
How to reduce configuration cache file Quota size located in ( C:\Windows\ccmcache ) for all client from SCCM 2012 server
Thanks in Advance
NTRaoHi,
There are numerous ways to change the cache size.
You could deploy a vbscript to a collection of the devices.
On Error Resume Next
Dim UIResManager
Dim Cache
Dim CacheSize
CacheSize=20000
Set UIResManager = createobject("UIResource.UIResourceMgr")
Set Cache=UIResManager.GetCacheInfo()
Cache.TotalSize=CacheSize
Or you could use a configuration item.
http://blog.coretech.dk/heh/configuration-items-and-baselines-using-scripts-powershell-example/
You can also use the right click tools by Now Micro on a collection, if all the servers are on this would be the easiest / quickest way.
http://www.nowmicro.com/recast/right-click-tools/
http://www.david-obrien.net/2013/02/how-to-configure-the-configmgr-client/
select SMS_R_SYSTEM.ResourceID, SMS_R_SYSTEM.ResourceType, SMS_R_SYSTEM.Name, SMS_R_SYSTEM.SMSUniqueIdentifier, SMS_R_SYSTEM.ResourceDomainORWorkgroup, SMS_R_SYSTEM.Client from SMS_R_System where SMS_R_System.OperatingSystemNameandVersion like '%6.2%'
https://msdn.microsoft.com/en-us/library/windows/desktop/ms724832%28v=vs.85%29.aspx?f=255&MSPPError=-2147217396 -
How to setup IPV6 boundary for SCCM 2012 R2 Primary Site?
How to setup IPV6 boundary for SCCM 2012 R2 Primary Site?
I have Direct Access implemented in my environment. I have Windows 8.1 machine connecting through direct access.
I want to manage the windows 8.1 through SCCM. How do I setup IPV6 boundary. Can someone guide me through?
Below are the Windows 8.1 client IP Configuration
C:\Windows\system32>ipconfig
Windows IP Configuration
Wireless LAN adapter Local Area Connection* 3:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Wireless LAN adapter Wi-Fi:
Connection-specific DNS Suffix . : home
Link-local IPv6 Address . . . . . : fe80::7466:11a5:39ed:ffb0%4
IPv4 Address. . . . . . . . . . . : 192.168.1.5
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.1.1
Tunnel adapter isatap.home:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : home
Tunnel adapter Teredo Tunneling Pseudo-Interface:
Connection-specific DNS Suffix . :
IPv6 Address. . . . . . . . . . . : 2001:0:5ef5:79fd:1494:1339:93d6:439c
Link-local IPv6 Address . . . . . : fe80::1494:1339:93d6:439c%9
Default Gateway . . . . . . . . . :
Tunnel adapter iphttpsinterface:
Connection-specific DNS Suffix . :
IPv6 Address. . . . . . . . . . . : fd64:fc00:d17b:1000:e1a7:9cc8:c3c7:d819
Temporary IPv6 Address. . . . . . : fd64:fc00:d17b:1000:206c:f857:ddbe:2f2b
Link-local IPv6 Address . . . . . : fe80::e1a7:9cc8:c3c7:d819%10
Default Gateway . . . . . . . . . :
Below are the IPConfiguration details for Direct Access server
C:\Windows\system32>PsExec.exe \\MURA01 ipconfig
PsExec v1.98 - Execute processes remotely
Copyright (C) 2001-2010 Mark Russinovich
Sysinternals - www.sysinternals.com
Windows IP Configuration
Ethernet adapter Ethernet:
Connection-specific DNS Suffix . :
IPv6 Address. . . . . . . . . . . : fd64:fc00:d17b:3333::1
Link-local IPv6 Address . . . . . : fe80::b1ad:1c29:b4a:9125%15
IPv4 Address. . . . . . . . . . . : 10.192.1.25
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 10.192.1.1
Tunnel adapter Teredo Tunneling Pseudo-Interface:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Tunnel adapter isatap.{3D6A5E86-D85A-46C8-B69B-FFCF6D5D849C}:
Connection-specific DNS Suffix . :
IPv6 Address. . . . . . . . . . . : fd64:fc00:d17b:1:0:5efe:10.192.1.25
Link-local IPv6 Address . . . . . : fe80::5efe:10.192.1.25%18
Default Gateway . . . . . . . . . :
Tunnel adapter 6TO4 Adapter:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Tunnel adapter IPHTTPSInterface:
Connection-specific DNS Suffix . :
IPv6 Address. . . . . . . . . . . : fd64:fc00:d17b:1000::1
IPv6 Address. . . . . . . . . . . : fd64:fc00:d17b:1000::2
IPv6 Address. . . . . . . . . . . : fd64:fc00:d17b:1000:2552:e9f8:87d3:ed8e
Link-local IPv6 Address . . . . . : fe80::2552:e9f8:87d3:ed8e%20
Default Gateway . . . . . . . . . :
ipconfig exited on MURA01 with error code 0.
Below are the IPCONFIG Details for SCCM Server:
C:\Windows\system32>PsExec.exe \\sccm01 ipconfig
PsExec v1.98 - Execute processes remotely
Copyright (C) 2001-2010 Mark Russinovich
Sysinternals - www.sysinternals.com
Windows IP Configuration
Ethernet adapter Ethernet:
Connection-specific DNS Suffix . :
Link-local IPv6 Address . . . . . : fe80::9f0:86f9:441d:bc07%12
IPv4 Address. . . . . . . . . . . : 10.192.1.30
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 10.192.1.1
Tunnel adapter isatap.{0749E47D-AE0A-4D47-9D37-BDDC848E56F6}:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
ipconfig exited on sccm01 with error code 0.
What will be the IPV6 values to configure boundary?Depending on how the clients connect use the IPv6 prefix of their 6to4, Teredo, and/ or IP-HTTPS tunnel. Just keep in mind that it could become a long list...
My Blog: http://www.petervanderwoude.nl/
Follow me on twitter: pvanderwoude -
Hello All
With the given need from the market to manage license compliance proactively - the givven toolsets from MS SCCM 2012 should be capable of handling the given complexity. (reference 27 processes out of SAM ISO 19.770-1:2012
Where can I find the solution accelerator, which guides us to help clients on two tipical use-cases
a.) Client has SCCM 2012 - however not yet established the SAM componentes to it (Contracts, Use-rights and License-Comparizons)
b.) Client has no SCCM yet and wants to start his journey with the Commercial scope right away.
Any guidance highly appreciatedSCCM alone isn't going to fit this need.
You need a License Compliance Solution / Software Asset Management (SAM) solution which SCCM is not.
The issue with those system, they fail of providing clean /usefull data.
Usually the best approach is to collect the data with SCCM, normalize the data for that I used BDNA Normalize, then pull in the SAM.
Like this:
SCCM 2012 - Normalize - SAM
John Marcum | http://myitforum.com/myitforumwp/author/johnmarcum/ -
Upgrading SMS 2003 client to SCCM 2012 clients
How can we upgrade the existing SMS 2003 client to SCCM 2012 client. We are planning to upgrade our existing sms 2003 environment to SCCM 2012. It will be a fresh installation and side by side. My question is ...
1 can we upgrade the existing client to new version? How?
2 can we have both clients on same system?
Want to know the best possible way....for doing this.
Appreciate your suggestions/help....
Ravi.Ravi,
There is no upgrade path from 2003 to 2012. You can create a package in 2003 to uninstall and then install the 2012 client. There may be better ways to do this but at the moment that is what I have seen done in the past. The only other
solution I have dealt with was an OS refresh since the 2003 client most likely is running on XP systems?
Kris
I faced this situation, where we have old SMS2003 system with XP clients, and W7 migration is planned on 2012. Uninstallation of old ccmsetup is okay, but then offcourse all activity stops and new client is not installed within the same process. I put
everything on the same bat file, like ccmsetup.exe /uninstall and ccmsetup /mp:primarysiteserver... old client goes away, but then nothing happens. -
Remote control and remote desktop client in sccm 2012 ?
What is the difference between remote control and remote desktop client in sccm 2012 ?
Remote Control is a built-in feature for SCCM 2012 and uses the RPC protocol. When you use this, the user can still be logged on while helping.
Remote Desktop is a buit-in feature for Windows and uses the RDP protcol. When you use it, the user will be logged off.
Why you would use one over the other depends on your requirements.
Blog: www.danielclasson.com/blog |
LinkedIn:
Daniel Classon | Twitter: @danielclasson -
How many concurrent VPN client sessions available for cisco 2621XM?
I have cisco router 2621XM with IOS c2600-advipservicesk9-mz.124-11.T4.
I want to know, how many concurrent VPN client sessions can be available in this image.here is the configuration on PIX,
group-policy DfltGrpPolicy attributes
wins-server value 10.0.0.67 10.0.0.68
dns-server value 10.0.0.67 10.0.0.68
vpn-simultaneous-logins 20
vpn-idle-timeout 5
split-tunnel-policy tunnelspecified
split-tunnel-network-list value vpn-acl
default-domain value mydomain.com
address-pools value vpnpool group-policy DfltGrpPolicy attributes
wins-server value 10.0.0.67 10.0.0.68
dns-server value 10.0.0.67 10.0.0.68
vpn-simultaneous-logins 20
vpn-idle-timeout 5
split-tunnel-policy tunnelspecified
split-tunnel-network-list value vpn-acl
default-domain value want-want.com
address-pools value vpnpool -
How to make VPN client auto timeout when it still idle?
How to make VPN client auto disconnect when it still idle?
Hi,I found some user still connected the VPN evenif they dose not use the VPN resouse.
I try to set a "idle timeout" for the VPN configuration.
We use PIX515 8.0.3 and CISCO ACS 4.2 for the VPN's connection and authentication,and the user use cisco vpn client for the connection.
I have tried many methods,but all failured.
First,I configed "vpn-idel-timeout 5" on PIX.It can not worked.
so,I add Radius(CISCO VPN 3000/ASA/PIX 7.0+) attribute "[026/3076/050] Authenticated-User-Idle-Timeout" on CISCO ACS,It still not worked.
And I also add IETF RADIUS Attributes "[028] Idle-Timeout" on group setting on ACS,it always not worked.
i found in vpn client's statistics,it always has some byte sended or received, i thought it maybe IPsec keepalive message or Radius message.
This maybe the reason because the PIX or ACS think the vpn user is keep working.
Can someone tell me how to make a "idle time out"?
best regard.
Rogerhere is the configuration on PIX,
group-policy DfltGrpPolicy attributes
wins-server value 10.0.0.67 10.0.0.68
dns-server value 10.0.0.67 10.0.0.68
vpn-simultaneous-logins 20
vpn-idle-timeout 5
split-tunnel-policy tunnelspecified
split-tunnel-network-list value vpn-acl
default-domain value mydomain.com
address-pools value vpnpool group-policy DfltGrpPolicy attributes
wins-server value 10.0.0.67 10.0.0.68
dns-server value 10.0.0.67 10.0.0.68
vpn-simultaneous-logins 20
vpn-idle-timeout 5
split-tunnel-policy tunnelspecified
split-tunnel-network-list value vpn-acl
default-domain value want-want.com
address-pools value vpnpool -
How to update CU1 & CU2 to SCCM 2012 R2
I Install SCCM 2012 R2 then I install CU1 immediately. After about 2 months, I install CU2 in Primary Site.
Now I found some bug, but it should be fixed by CU, then I found this is because I didn't push CU to client.
So I have some questions about Update CU
After Install CU2, I find KB2970177 in server, click "about CM", show the version is
5.0.7958.1303, but I click the properties of primary site. the version is
5.00.7958.1000. Why? Did I finish the Update in primary site?
If I only install SCCM 2012 R2, can I install CU2 without install CU1 first or I must install CU1 before install CU2?
How to deploy CU to Client, I found the package of CU client update. But can I create applications to deploy? or Use software update or compliance? If have some post about these?
I use default Configuration Manager Client Package to do the OSD, can I create new package with CU2?
Thanks in advance!Check out this blog:
http://blogs.technet.com/b/ryanan/archive/2014/01/31/applying-a-configmgr-hotfix-during-the-client-installation-of-an-os-deployment.aspx
You essentially can create a new client package with the client hotfix files.
Then adjust your Setup Windows and ConfigMgr TS step by adding the appropriate patch command to the properties section.
I mentioned this in a blog I did about applying R2 CU1. Same process applies with CU2 of course.
http://damonjohns.com/2014/04/08/applying-the-adk-8-1-update-and-cu1-for-system-center-2012-r2-configuration-manager/
Cheers
Damon -
Sccm client v4 wont install and install client v5 - SCCM 2012 R2
Hi, I am coming to the end of a SCCM 2012 R2 client deployment. I have come across 2 machines (so far)that have the SCCM 2007 (v4) client installed, and although the task is set to uninstall from the server the v5 client will not installed. iI have been
using this an as template:
http://eskonr.com/2010/11/sccm-client-installation-troubleshooting-steps-check-list/
I have ran the install seperatelty from the server (boxed ticked - Uninstall existing Config Manager client) - No Install
The ccmsetup folder is created - c$\Windows\ccmsetup, but only has 3 files, no logs folder
Other machines on site has the v5 client
Checked ping from client to server and vice versa (no firewall enabled)
Boundaries/Schema/DNS - ok
Checked all local event logs.
i know you can run the local uninstall command, but as the network is vast i would like to fix to come from the server, rather than having to do this on the client.
Any tips would be great going forward.
SCCM 2012 R2 - Windows 7 Enterprise SP1Hi,
I ensured the account used for the install was in the local admins group.
From the ccm.log on the server, i got these erros, been googling but nothing yet:
---> ERROR: Unable to start service "ccmsetup" on machine "LCD12121", error = 1075. SMS_CLIENT_CONFIG_MANAGER 22/10/2014 12:01:43 1460 (0x05B4)
---> Failed to install CCM Client Bootstrap component on client (1075) SMS_CLIENT_CONFIG_MANAGER 22/10/2014 12:01:43 1460 (0x05B4)
Execute query exec [sp_CP_SetLastErrorCode] 2097153910, 1075 SMS_CLIENT_CONFIG_MANAGER 22/10/2014 12:01:43 1460 (0x05B4)
Also, is there a way to run a report on which machines dont have the sccm client/install issues?
Thanks -
AMT 3.2.10 Clients with SCCM 2012 on Windows 2012
Hey
I have a couple of HP dc7800 computers with Intel's AMT/vPro that I'd like to provision with SCCM 2012. The installed firmware version is 3.2.10 which is a supported version according to the documentation [1]. Provisioning of newer clients (5.2.x upwards)
is successful, so I can rule out all the usual suspects like the provisioning certificate from GoDaddy, our internal CA, DHCP options, etc. Provisioning with SCCM 2007 of both 3.2.x and 5.x AMT devices is also still successful.
The amtopmgr.log repeatedly shows the following entries:
Provision target is indicated with SMS resource id. (MachineId = 16777325 WS45.mydomain.ch)
Found valid basic machine property for machine id = 16777325.
Warning: Currently we don't support mutual auth. Change to TLS server auth mode.
The provision mode for device WS45.mydomain.ch is 1.
The IP addresses of the host WS45.mydomain.ch are x.x.x.x.
Root hash of provisioning certificate is 2796BAE63F1801E277261BA0D77770028F20EEE4.
Attempting to establish connection with target device using SOAP.
Create provisionHelper with (Hash: 74B7792EDBD64EBB01E2E3A0B27FAFA04C2D3BCB)
Set credential on provisionHelper...
Try to use provisioning account to connect target machine WS45.mydomain.ch...
Error 0x80090304 returned by InitializeSecurityContext during follow up TLS handshaking with server.
**** Error 0x37f2b370 returned by ApplyControlToken
Fail to connect and get core version of machine WS45.mydomain.ch using provisioning account #0.
Try to use default factory account to connect target machine WS45.mydomain.ch...
Error 0x80090304 returned by InitializeSecurityContext during follow up TLS handshaking with server.
**** Error 0x37f2b370 returned by ApplyControlToken
Fail to connect and get core version of machine WS45.mydomain.ch using default factory account.
Try to use provisioned account (random generated password) to connect target machine WS45.mydomain.ch...
Error 0x80090304 returned by InitializeSecurityContext during follow up TLS handshaking with server.
**** Error 0x37f2b370 returned by ApplyControlToken
Fail to connect and get core version of machine WS45.mydomain.ch using provisioned account (random generated password).
Error: Device internal error. This may be caused by: 1. blabla...
Error: Can NOT establish connection with target device. (MachineId = 16777325)
After some investigation with Wireshark, I've found out that SCCM tries connect with TLSv1 to the AMT device. The response from the device is immediately an SSL alert (internal error). Using OpenSSL, I could connect to the device if I explicitly told it
to use SSLv3. This leads me to believe that the 3.2.x firmware cannot handle TLSv1 correctly and SCCM never tries to connect with SSLv3 after a failure.
So the question is: How can I get SCCM 2012 to provision these devices?
Regards,
Ingo
[1]
http://technet.microsoft.com/en-us/library/c1e93ef9-761f-4f60-8372-df9bf5009be0#BKMK_SupConfigOOBSince no one has answer this post, I recommend opening a support case with CSS as they can work with you to solve this problem.
Garth Jones | My blogs: Enhansoft and
Old Blog site | Twitter:
@GarthMJ -
For find activated lync client using SCCM 2012
Hi All,
In my current company we have in deployed lync client. But we are not sure how many clients are activated.
Is there any way to find which system got activated using SCCM 2012.
Please suggest and let me know any reference.
ThanksI really don't know, but I would guess that a file or registry key would change once it's activated. Basically, I would simply compare an activated system with a not activated system and look for the difference. Once you've located that you can create
a compliance setting to see how many system are actived, or not.
My Blog: http://www.petervanderwoude.nl/
Follow me on twitter: pvanderwoude -
Let me clarify.
We had a functional WSUS server delivering our updates to ours workstations. The location of the WSUS server was pushed out by Group policies.
Later, an SCCM 2012 R2 installation was installed. The original WSUS server was removed. Now WSUS type services appear to be broken.
I tried to start WSUS on the SCCM 2012 R2 server and it does not start. (I assume its not configured).
I want to get WSUS running again but am not sure how to do this safely in conjunction with our SCCM 2012 R2 installation. Do I just reinstall WSUS on the SCCM server and configure? Or is there other preferred methods?
I was not involved in SCCM's installation, so I do not know what was done.
Geoff.Update functionality is provided via the Software Update Point
https://technet.microsoft.com/en-us/library/gg712312.aspx
... which requires WSUS to be installed - it basically takes control of WSUS.
Any existing group policies defining WSUS servers should be removed so that the SCCM client (which I assume is installed on computers already) can configure accordingly. Otherwise you will have group policy and SCCM client over writing one another to configure
the update server -
How to update Office 365 using SCCM 2012 R2?
Hi,
I am using SCCM 2012 R2 and Office 365 ProPlus.
At products list (Software Update Point Components Properties) there is not Office 365.
Office 365 automatically updates from Internet.
I need to know the following:
How to disable Internet automatic updates at Office 365
How to deploy updates for Office 365 from SCCM.
Thanks in advance!Funny thing you can't deploy those updates via WSUS and/ or ConfigMgr. See for more information:
http://blogs.technet.com/b/office_resource_kit/archive/2014/01/21/managing-updates-for-office-365-proplus-part-1.aspx
Also, make sure to read part 2 as it provides dome guidance on controlled testing of those updates.
My Blog: http://www.petervanderwoude.nl/
Follow me on twitter: pvanderwoude
Maybe you are looking for
-
Check if date is in specified format or not
Hi, I am reading date from spreadsheet. I want to validate this date, it should follow the format 'MM/dd/yyyy HH:mm'. I tried it using SimpleDateFormat class SimpleDateFormat formatter = new SimpleDateFormat("MM/dd/yyyy HH:mm"); Date timeStamp;
-
Samsung p2270 scrolling and window lag
I have a new 2.8ghz xenon Mac Pro with 6 GB of ram. It's attached to a Samsung P2770HD monitor via a DVI cable. When I scroll a window in Safari, or drag any window, or even when a new window is opening, it is extremely laggy and redraws the window v
-
AWM Error while Enabling MViews
Hi Experts, I have created a Product Dim on SH Schema. Below is the detailed Information Levels: Total_Product Product_Category Product_SubCategory Product Heirarchy: PROD_ROLLUP I have mapped all the attributes and made sure that in the Materialized
-
Non-controllable device/ audio video still out of sync?
importing dv tape with time code breaks. i was told that by setting "non-controllable device" that fc would ignore time code and import without sync problems. is this possible ? thanks to you guys who helped me on my previous post.
-
Hi All, We have Cisco NCS device. I want to generate the report which will give me the information about DCA ( Dynamic Channel Allocation) for all Radio Channels ( i.e a/b/g/n) of all APs monitored by NCS. Does anyone has idea on how to generate this