Mobile based clients disconnecting frequently

Similar Messages

• Cisco VPN Client Disconnecting Frequently. Reason:422

  I am connecting to ASA 5510 8.4 via Cisco VPN Client 5.x.
  It connects successfully but automatically disconnects after random time. sometimes after 20 min. Reason 422.
  Log is here:
  363    21:20:12.142  08/20/14  Sev=Warning/3 CM/0xA3100027
  Adapter address 10.76.50.101 has changed or not detected.  Current address(es): 10.156.112.30.
  368    21:20:12.143  08/20/14  Sev=Info/4 IKE/0x63000017
  Marking IKE SA for deletion  (I_Cookie=01B4ED6301CEA667 R_Cookie=C19DF922DE63146A) reason = DEL_REASON_ADDRESS_CHANGE
  But I don't see any address change on my LAN adapter.
  Help please.

  Can you add 'isakmp keepalive threshold infinite' to the VPN tunnel group properties. Then see if the problem resolves?
  Cisco Remote (IPSEC) VPN Clients Timeout / Disconnect
  Pete

• Clients getting frequently disconnected - Interference issue !!!!!

  Hi,
  We have a 2504 WLC, recently past few weeks all the WiFi clients are facing frequent WiFi disconnectivity issue.
  version: 7.6.130.14
  Sample output of 1 AP out of total 5 (AIR-LAP1041N-E-K9).
  >show ap auto-rf 802.11b APName
   Interference Information
      Interference Profile......................... FAILED
      Channel 1.................................... -128 dBm @  0 % busy
      Channel 2.................................... -128 dBm @  0 % busy
      Channel 3....................................  -74 dBm @  1 % busy
      Channel 4....................................  -80 dBm @  3 % busy
      Channel 5....................................  -70 dBm @  1 % busy
      Channel 6....................................  -68 dBm @ 13 % busy
      Channel 7....................................  -71 dBm @  1 % busy
      Channel 8.................................... -128 dBm @  0 % busy
      Channel 9....................................  -69 dBm @  6 % busy
      Channel 10...................................  -65 dBm @  4 % busy
      Channel 11...................................  -66 dBm @ 22 % busy
      Channel 12...................................  -72 dBm @  8 % busy
      Channel 13...................................  -73 dBm @  4 % busy
  Can anybody recommend some workaround for this.
  Will reducing the power level of AP help to resolve this issue.
  >under TPC setting of 802.11b/g/n, 
  Maximum Power Level Assignment (-10 to 30 dBm) : its set to 30dbm
  Power Level Assignment Method : Fixed : 3
  DCA setting is Automatic and Channels are 1,6,11.
  Regards

  We have a 2504 WLC, recently past few weeks all the WiFi clients are facing frequent WiFi disconnectivity issue.
  I think you're "barking at the wrong tree".  Co-channel interference won't cause widespread clients disconnection issues.  
  What kind of clients are getting this issue?  Computers?  Smartphones?  Tablets? 
  What's your encryption/authentication settings? 
  Have you tried running a debug on the clients during disconnection and reconnection?

• Nokia mobile VPN Client - split tunneling

  Hi
  I'm trying to get Nokia mobile CPN Client working with split tunneling on a Cisco firewall.
  I have full access to all on my internal lan's when I make the VPN tunnel, so tunnel is up and working.
  But I do not have access to anything in the internet, it tries to route internet requests through the VPN. I have set split tunneling on the Cisco firewall and it is working as intended on all other devices.
  Any ideas of what I have missed?
  My policy is based on the bundled Cisco_ASA_pskxauth.pol from the Nokia mobile VPN Client Policy Tool.
  tsfts

  Hi vgta2k:
  Nokia 5530 XpressMusic is S60 5th edition phone.
  http://www.forum.nokia.com/Devices/Device_specific​ations/5530_XpressMusic/
  It runs different version of Nokia Mobile VPN client than Symbian^3. You can find the correct version at the download page:
  http://europe.nokia.com/support/download-software/​nokia-mobile-vpn/compatibility-and-download
  Just use the device selector and pick your phone.
  You can also find Nokia Mobile VPN Client nowadays at Ovi Store.
  Thanks,
  Ismo

• Internet Based Client Updates

  Hi,
  We have SCCM 2012 R2 installed, with IBCM enabled. These clients are able to switch between intranet and internet fine.
  Updates work internally and externally fine too. We only have 1 SUP configured for intranet access only, and the Internet facing server is there as a DP and MP for clients to check in and report in etc. This enables us to see if any machines have viruses
  and what software they have installed etc
  Now, the problem...
  Our mobile workforce all use aircards with a data limit. We need to be able to report on these, and for them to get updates, but only from our DPs, NOT from windows updates, which is what happens by default when a client switches to internet based.
  This is an extract from a technet article:
  New in System Center 2012 Configuration Manager, when you have a software update point that is configured to accept connections from the Internet, Configuration Manager Internet-based clients on the Internet always scan against this software update point,
  to determine which software updates are required. However, when these clients are on the Internet, they first try to download the software updates from Microsoft Update, rather than from an Internet-based distribution point. Only if this fails, will they then
  try to download the required software updates from an Internet-based distribution point. Clients that are not configured for Internet-based client management never try to download the software updates from Microsoft Update, but always use Configuration Manager
  distribution points.
  We need to able to turn this off, so they do not get updates from windows updates and consume all their data allowance.
  On our SCCM 2007 server, we simply added a SUP internally, an internet facing DP/MP and when they were on the intranet they got updates and when they were on the internet they did not as we did not distribute the packages to that DP, but got them the next
  time they were at one of our sites...
  We need to replicate this functionality.
  Can you advise how to do this in SCCM 2012?
  Many thanks

  You are welcome to file a design change request (DCR) on connect.microsoft.com.
  Are these system Win 8.1? If so, then your scenario actually shouldn't be an issue because Win 8.1 can detect metered connections and ConfigMgr client settings can be set so that they do not use metered data connections.
  Jason | http://blog.configmgrftw.com | @jasonsandys

• Exception:The client disconnected.

  Hi,
  I  faced this exception frequently in my application at client site. Please suggest  how i can resolve the issue? 
  An exception occurred. Exception:The client disconnected. StackTrace: at System.Web.UI.ViewStateException.ThrowError(Exception inner, String persistedState, String errorPageMessage, Boolean
  macValidationError)    at System.Web.UI.HiddenFieldPageStatePersister.Load()    at System.Web.UI.Page.LoadPageStateFromPersistenceMedium()    at System.Web.UI.Page.LoadAllState()    at System.Web.UI.Page.ProcessRequestMain(Boolean
  includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint) An exception occurred. Exception:Invalid viewstate. 
  An exception occurred. Exception:Invalid length for a Base-64 char array or string. StackTrace: at System.Convert.FromBase64_Decode(Char* startInputPtr, Int32 inputLength, Byte* startDestPtr,
  Int32 destLength)    at System.Convert.FromBase64CharPtr(Char* inputPtr, Int32 inputLength)    at System.Convert.FromBase64String(String s)    at System.Web.UI.ObjectStateFormatter.Deserialize(String inputString,
  Purpose purpose)    at System.Web.UI.ObjectStateFormatter.System.Web.UI.IStateFormatter2.Deserialize(String serializedState, Purpose purpose)    at System.Web.UI.Util.DeserializeWithAssert(IStateFormatter2 formatter, String serializedState,
  Purpose purpose)    at System.Web.UI.HiddenFieldPageStatePersister.Load()

  Hi,
  [quote]An exception occurred. Exception:Invalid length for a Base-64 char array or string.[/quote]
  According to the error messages, it seems that the viewstate has become "large". You can try fixing by chunking the viewstate into multiple fields using maxPageStateFieldLength in the web.config:
  <pages enableSessionState="true" enableViewState="true" enableViewStateMac="true" validateRequest
  For more information, please refer to the document:
  https://kb.sitecore.net/articles/051243
  We are trying to better understand customer views on social support experience, so your participation in this interview project would be greatly appreciated if you have time. Thanks for helping make community forums a great place.
  Click
  HERE to participate the survey.

• Wireless client disconnecting

  Hi All,
  We have a WLAN setup with 1 AP 1230 assigned as a WDS, and the 16 APs configured as Infrastructure AP. Off late, I am experiencing a problem where all my clients are getting disconnected frequently. I have checked the logs and the logs indicate the follwoing:
  %DOT11-4-TKIP_MIC_FAILURE: TKIP Michael MIC failure was detected on a packet (TSC=0x19B42) received from 0013.ced4.bd48.
  Oct 24 12:45:42 172.20.166.22 5673: Oct 24 07:15:42.428: %DOT11-3-TKIP_MIC_FAILURE_REPEATED: Two TKIP Michael MIC failures were detected within 48 seconds on Dot11Radio0 interface. The interface will be put on MIC failure hold state for next 60 seconds.
  Oct 24 12:45:42 172.20.166.22 5674: Oct 24 07:15:42.429: %DOT11-4-TKIP_MIC_FAILURE: TKIP Michael MIC failure was detected on a packet (TSC=0x19B43) received from 0013.ced4.bd48.
  Oct 24 12:45:42 172.20.166.22 5675: Oct 24 07:15:42.430: %DOT11-4-TKIP_MIC_FAILURE: TKIP Michael MIC failure was detected on a packet (TSC=0x19B44) received from 0013.ced4.bd48.
  Oct 24 12:45:42 172.20.166.22 5676: Oct 24 07:15:42.430: Too many MIC failures.
  I need a solution to overcome this problems. Please let me know if you need any further information, to help me provide a solution.
  regds,
  Mahesh

  Good afternoon Mahesh...
  Similar to a CRC, TKIP uses Message Integrity Check(MIC) to ensure protection of the payload and headers. Presently the Michael algorithm is used to accomplish this function. Essentially these messages are early warning signs of RF interference, hardware failure and or an active attack.
  The initial error message of TKIP_MIC_FAILURE is rather harmless, as there is no effect to surrounding clients. It simply states that the AP has received a packet which failed its integrity check. MIC replaced WEP's CRC-32 checksum for improved security. You will NOT see this issue in LEAP as it does not utilize MIC.
  TKIP_MIC_FAILURE_REPEATED, however is another story. If you see this log entry on an access point, you will want to respond quickly. This is stating that a workstation has sent X number of MIC failures in a certain number of seconds. As stated by the 802.11i standard, the access point goes into a blackout period. ( Cisco's default is 60 second blackout period), what this does is disassociates all wireless clients associated with the access point and puts the radio in a type of hold where it does not allow any associations until the blackout is lifted.
  The offending client and those associated with the access point do not receive any sort of error. All the user will notice, is that their laptop's wireless has been disconnected. If the user's laptop is able to access another AP it will attempt to connect to it, if behaving and configure correctly. What we have seen in at our facility is the offending client will continue to cause TKIP errors and bring down the AP it just connected to.
  Is there a Band-Aid to this problem?
  Interface dot11radio x
  countermeasure tkip hold-time 0
  This is NOT a solution, its simply a fix to keep your APs from going into blackout. Again I would only use this if you had a larger volume of laptops with malfunctioning nics than your local techsupport could handle.
  There are two typical causes for these errors, hardware problems and RF issues. RF changes even at 5ft, if you are able to go to multiple areas of your facility (saying you have a large facility) and take still shoot out errors, you likly have a hardware issue. Replace the card and your good to go.
  While upgrading to the latest IOS is always the best messure even when not facing problems you will likly not see a decrease/increase.
  hope this helps.... Simply put , research if its a single laptop... If it is, attempt to replace the nic.. We had one laptop which even after reloading the IOS, swapping the cards, etc it kept commiting the units. We kept the harddrive and sent the laptop off and was RMA'd. New laptop came in, put the old hdd back in, no problems.
  We have not noticed a link between driver version nor firmware...

• Client disconnection notification for NIO server

  A server accepts connections from clients and registers accepted channels for reading:
  while (true)
      if (selector.select()>0)
          Iterator<SelectionKey> iterator = selector.selectedKeys().iterator();
          while(iterator.hasNext())
              SelectionKey opKey = iterator.next();
              iterator.remove();
              if (opKey.isAcceptable())
                  clientSocketChannel = serverSocketChannel.accept();
                  clientSocketChannel.configureBlocking(false);
                  clientSocketChannel.register(selector, SelectionKey.OP_READ);
  . . .One of the server's clients disconnects from it by means of socketChannel.close() while the servert is locked with selector.select() (that is the server have nothing to read from its clients and nobody is connecting to it).Will the server be unlocked when the client performs socketChannel.close()? If so, what notification/exception will the server receive?

  One of the server's clients disconnects from it by means of socketChannel.close() while the servert is locked with selector.select()The select() will immediately return; the corresponding channel will be readable; and the read() will return -1.

• Mobile Sync Client does not save password properly

  The Mobile Sync Client (simple_sync_android application provided with Oracle DMS) does not appear to save password correctly. When you select the checkbox to Save Password, my guess is that it stores an encrypted password but then does not return the decrypted version of the password. As a result login fails with the error
  Encountered error: Server error, id = 2,001: "USER_INVALID in external auth; logon denied."
  For details, check out the "My Experience" section at http://oracledms.blogspot.in/2012/08/sample-app-step-2-install-mobile-sync.html
  Obvious workaround: Type in the password again and click Sync

  Hi there,
  You may find the troubleshooting article below helpful.
  iTunes 10.5 and later: Troubleshooting iTunes Wi-Fi Syncing
  http://support.apple.com/kb/TS4062
  -Griff W.

• Internet Based Clients and Native Mode

  Hi guys,
  I have a question.... We have SCCM 2007 SP2 running in mixed mode in the environment. Now we plan to support internet based clients. Here is the current Hierarchy in mixed mode.
  1 Central Server
  1 Primary Server
  3 Secondary servers under above Primary Server
  Now as the requirement is to support internet based clients and want them to support on office LAN as well when they come to the office....this is what I would be doing : ( Theoretically I know, I need the practical steps to achieve that )
  1. Get all the 3 PKI Certificates : Site Server Signing, Web Server, Client agent.
  2. Make sure all the required ports are opened in-between Intranet <->DMZ AND DMZ <-> Internet
  3. Migrate Central server from Mixed to Native Mode.
  4. Install another Primary Server on Intranet in Native mode.
  5. Create a site system server connected to newly created Native Primary Site in the DMZ zone with these roles installed : MP, SUP and DP.
  6. Re-install all the SCCM clients in the environment with the command-line so that they can be supported on both internet and intranet.
  7. Make sure internet clients are able to connect DMZ site system server via internet.
  Please let me know if I'm missing something here and let me know the practical steps to achieve this. 
  Request you not to share Microsoft technet link for the same. Please share some step-by-step practical document etc.. to achieve this.
  Thanks,
  Sam

  1. This is incorrect. You need more than a single web server cert and client cert. You need a unique server auth cert for *every* one of your systems hosting a client role like the MP, DP, and SUP. Also, you need a unique client auth cert for each and *every*
  client that may/will connect via the Internet.
  4. Standing up a whole extra site just to support IBCM is a bit overkill. It does allow you to keep your "main" primary site in mixed mode, but it does add some overhead and cost and is not technically necessary.
  6. Incorrect. You only need to reinstall clients that will be configured as "Internet-only". Intranet clients should pick up the internet facing roles via policy. You can verify this by checking locationservices.log on the clients after they are successfully
  communicating and the Internet facing roles are stood up and healthy.
  You've made no account above for the CDP or CRL checking. This is a major stumbling block for many folks.
  Jason | http://blog.configmgrftw.com

• How to automate the functionality of Oracle Mobile - Thick client  USING  OATS

  Hi Guys ,
  We have a Oracle Mobile - Thick Client installed  on a windows 7 machine and  when used OATS  its not recognizing  the way to automate. the attached is the snap shot . Please advise the way or protocol to automate the Oracle Mobile.
  Thanks

  Hi Vinod,
  Thanks alot for your help in this regard
  Requesting you to please clarify here which BADI is the relevant one.PFB the screenshot for your easy reference.Because we found nearly 4 BADIs related to this scenario.Please through some light here once.
  Thanks in Advance!
  Regards,
  Lakshmi S

• RE: Java-based Client for Forte/IIOP

  We have deployed an application using JDK 1.1.6,
  Swing 1.0.3, Visibroker 3.2, and Forte 3.0.G.2.
  We are also using Forte's Java Interoperability
  Service.
  We have a closely-held client base (i.e. not a
  million random yahoos off the internet), so we can
  secure a Java port between client and server and
  download a fairly significant client. The Java
  client is deployed with Sun's JRE (to control the
  environment) with the following configuration:
  2.6 MB JRE
  765 KB Forte.zip
  2.0 MB swingall.jar
  1.6 MB vbjtools.jar, vbjorb.jar
  100 KB application classes
  1) The Swing controls don't interoperate well
  with the AWT and Symantec widgets, especially in
  an internal frame. They paint slowly on top of
  each other, move jerkily, and paint before moving
  to the programmed coordinates so it looks silly.
  100% Swing controls play well with other Swing
  controls and are reasonably fast.
  2) We used Symantec Cafe 2.5a to paint the
  screens, and had some problems with the
  setLayout(null) on things like the Swing tab
  folder and split panel. Commenting out the line
  fixed it, but I'm hoping Cafe 3.0 will fix it (I
  have a person installing it but haven't gotten a
  report...)
  3) The initial search time to turn an IOR file
  into a reference is an annoying 10 seconds, and
  the first method call takes about 7 seconds, but
  after that is less than a tenth of a second.
  Haven't done any digging to find out why yet.
  4) If we were deploying this as an applet, we
  would probably use the IDL IIOP export--when using
  the Java Interoperability service, any method call
  seems to load the whole 765K across the
  line...class by class. Ugly. IDL just gets what
  it needs and is smaller.
  5) Also, if deploying as an applet, we wouldn't
  have to download the JRE or visibroker jar files,
  and would only download the swing and Forte IDL
  generated classes as needed, so it would be a much
  smaller footprint than the 7MB above. (Note:
  However, we would be at the mercy of the browser
  being used by client.) Different strokes for
  different folks...
  -DFR
  From: [email protected]
  Date: Tue, 01 Dec 1998 15:15:18 -0800
  Subject: RE: Java-based Client for Forte/IIOP
  Sean,
  My worry is that Swing, while eloquently designed,
  represents an attempt to
  write a totally new display system which, at least
  in the case of my
  project, will run on top of Windows. I really like
  the Java (or a Java-like
  i.e. J++) language, but I feel safer using the
  native MS widgets. It does
  not seem that anyone on this forum has used Swing
  extensively and can
  testify to its stability and performance.
  Regards,
  David
  To unsubscribe, email '[email protected]' with
  'unsubscribe forte-users' as the body of the message.
  Searchable thread archive <URL:http://pinehurst.sageit.com/listarchive/>

  We have deployed an application using JDK 1.1.6,
  Swing 1.0.3, Visibroker 3.2, and Forte 3.0.G.2.
  We are also using Forte's Java Interoperability
  Service.
  We have a closely-held client base (i.e. not a
  million random yahoos off the internet), so we can
  secure a Java port between client and server and
  download a fairly significant client. The Java
  client is deployed with Sun's JRE (to control the
  environment) with the following configuration:
  2.6 MB JRE
  765 KB Forte.zip
  2.0 MB swingall.jar
  1.6 MB vbjtools.jar, vbjorb.jar
  100 KB application classes
  1) The Swing controls don't interoperate well
  with the AWT and Symantec widgets, especially in
  an internal frame. They paint slowly on top of
  each other, move jerkily, and paint before moving
  to the programmed coordinates so it looks silly.
  100% Swing controls play well with other Swing
  controls and are reasonably fast.
  2) We used Symantec Cafe 2.5a to paint the
  screens, and had some problems with the
  setLayout(null) on things like the Swing tab
  folder and split panel. Commenting out the line
  fixed it, but I'm hoping Cafe 3.0 will fix it (I
  have a person installing it but haven't gotten a
  report...)
  3) The initial search time to turn an IOR file
  into a reference is an annoying 10 seconds, and
  the first method call takes about 7 seconds, but
  after that is less than a tenth of a second.
  Haven't done any digging to find out why yet.
  4) If we were deploying this as an applet, we
  would probably use the IDL IIOP export--when using
  the Java Interoperability service, any method call
  seems to load the whole 765K across the
  line...class by class. Ugly. IDL just gets what
  it needs and is smaller.
  5) Also, if deploying as an applet, we wouldn't
  have to download the JRE or visibroker jar files,
  and would only download the swing and Forte IDL
  generated classes as needed, so it would be a much
  smaller footprint than the 7MB above. (Note:
  However, we would be at the mercy of the browser
  being used by client.) Different strokes for
  different folks...
  -DFR
  From: [email protected]
  Date: Tue, 01 Dec 1998 15:15:18 -0800
  Subject: RE: Java-based Client for Forte/IIOP
  Sean,
  My worry is that Swing, while eloquently designed,
  represents an attempt to
  write a totally new display system which, at least
  in the case of my
  project, will run on top of Windows. I really like
  the Java (or a Java-like
  i.e. J++) language, but I feel safer using the
  native MS widgets. It does
  not seem that anyone on this forum has used Swing
  extensively and can
  testify to its stability and performance.
  Regards,
  David
  To unsubscribe, email '[email protected]' with
  'unsubscribe forte-users' as the body of the message.
  Searchable thread archive <URL:http://pinehurst.sageit.com/listarchive/>

• What kind of approach for new XML-based clients

  Hi.
  Our firm is using Oracle-technology everywhere, and now we would
  like to find out what kind of XML-based technology would suit us
  best for a new generation of our products.
  Our products are now using old Forms 3-clients and we're doing a
  research on replacing this technology with Internet-based
  clients. Java-clients are one option, but now we'd really like
  to know about thin-clients which wouldn't have much code run on
  the server. We have already done extranet-clients with OAS
  PL/SQL-cartridges and have found out that HTML-clients require
  much work and can't have too much logic on them.
  So, we have already OAS running on Oracle 8.0.5.1.0 -server and
  would like to know what kind of XML-strategy would be a
  reasonable solution. I know about these tools: XML Parser for
  xx, XML SQL Utility for Java, XSQL Servlet.
  -But what would be a reasonable combination of these and what
  kind of thin-client could we use? XSL?
  -What kind of development tools could we use for clients (or do
  we have to use text-editors)?
  -Which of these tools require Oracle 8i and is it stupid to even
  think about XML-based applications without Oracle 8i?
  Thanks,
  Perttu Auramo, Network Banking Systems Oy
  null

  NO. Have you taken a look at the specs page for Mac Pro?
  Or when you go to OWC for Mac Pro Memory.
  http://eshop.macsales.com/shop/memory/Mac-Pro-Memory
  2GB modules are better, especially if you need more than 4GB, but you want to have 4 DIMMs, 4 x 2GB or 4 x 1GB.
  http://docs.info.apple.com/article.html?artnum=304492
  TechWorks:
  http://www.shopatbuffalotech.com/cart/product.php?productid=16655&cat=42077&page =1

• Support for Internet based client Management - SCCM 2012

  Hi There,
  My Company wants to go for Internet based client Management in SCCM 2012 SP1 R2 and here is the design I'm proposing. I'm getting a bit confused at one point and need suggestion....
  Everything would work on HTTPS ( PKI Certificate based )... LAN and Internet.
  1 Primary ( with non-client facing roles installed ) on LAN with two site systems.
  - One Site System configured for INTRANET support only with MP, DP and SUP -> To support LAN users ( Allow
  Intranet-only connections )
  - One Site System configured for INTERNET support only with MP, DP and SUP -> To support Internet users ( Allow 
      Internet-only connections )
  The INTERNET facing site system is in DMZ network connected to parent Primary via Firewall.
  We want internet clients to talk to ONLY DMZ SCCM Site System and no connection to corporate LAN. We cannot open any ports for internet based clients to LAN.
  If this is the supported scenario, then why we need to put the Internet FQDN in the Primary server Site System property. This server would not be available to internet. It should only be my DMZ SCCM server client should connect for MP, DP and SUP and only
  this DMZ server should be accessible to client over internet.
  Also, what least ports should be opened between :
  - Parent Primary and its internet facing site system kept in DMZ
  - DMZ Site system and internet clients.
  Thanks in advance for your suggestions.
  Sam

  The FQDN has only to be specified on the Internet facing site system. You can leave this field blank on the primary site Server.
  Ports to Open:
  Internet --> DMZ Site Server:
  TCP Port 443
  TCP Port 80, if Fallback Status Point is installed
  DMZ Site Server --> Primary Site:
  TCP 135, 49152-65535
  TCP 445
  TCP 135, 24158 (fixed with
  http://msdn.microsoft.com/en-us/library/bb219447(v=vs.85).aspx )
  TCP 80, 443
  If you have some other roles installed, please consult this page:
  http://technet.microsoft.com/en-us/library/hh427328.aspx
  Cheers,
  Thomas Kurth
  Netree AG, System Engineer
  Blog:
  http://netecm.netree.ch/blog | Twitter:
  | LinkedIn:
  | Xing:
  Note: Posts are provided “AS IS” without warranty of any kind, either expressed or implied, including but not limited to the implied warranties of merchantability and/or fitness for a particular purpose.

• Internet Based Client Management Design Question

  Hi,
  I read many articles and many forum posts about IBCM design possibilities. I want to make sure I am on the right path, so I would like to mention about what I have currently in my environment and how I will change it. Please let me know if something is wrong
  with my plannings for IBCM.
  Currently I have one SCCM2012 R2 primary site server and one database server. We dont have
  public key infrastructure at the moment , so communication is via HTTP. We dont have DMZ either. I would like to make my internal SCCM site server reachable from intranet and internet
  without installing any other site server or MP,DP,SUP point. The article below says that is possible. I will implement the scenario1 in that article.
  http://blogs.technet.com/b/configmgrteam/archive/2012/05/25/system-center-2012-configuration-manager-r-i-p-native-mode.aspx
  So, I guess
  1.I need to create
  public key infrastructure.
  2.Public DNS registration for site server's internet FQDN
  3.Firewall Settings from internet to site server
  After those 3 steps, my client will connect from intranet when they are in the office and they will also be able to connect from internet when they are outside of our network. Can you please verify whether this planning is correct or not? If you know any
  step by step IBCM implementation article that I can use , can you please give me the link?
  Yavuz Selim Atmaca

  Very high level those are indeed the right steps at this moment. Just keep in mind that this definitely is not the most secure solution.
  I created a blog post about some important configuration steps:
  http://www.petervanderwoude.nl/post/five-key-configuration-steps-for-implementing-internet-based-clients-in-configmgr-2012/
  On a side-note, if your going to build a PKI anyway, you might want to think about DirectAccess instead of Internet clients.
  My Blog: http://www.petervanderwoude.nl/
  Follow me on twitter: pvanderwoude