Ports to open a management point

Guys,
I want to  manage the servers in our other VLANs that are not accessible to SCCM.  I have built a management point in those vlans but am not sure what ports and protocols need to be opened to SCCM.
Any ideas ?

Hi,
It is all explained in the technet documentation here:
http://technet.microsoft.com/en-us/library/hh427328.aspx
From the article above:
Traffic both ways between Site Server and MP:
RPC Endpoint mapper
135
RPC
DYNAMIC
Server Message Block (SMB)
445
From MP to SQL Server -- 1433
But, having more than one management point is intended for scalability and availability. Your clients will try to contact both of these MP's and in scenarios like this I have experienced a lot if issues with clients not communicating with their MP. MP assignement
does not use Boundary and Boundary Group, the clients will use one of those two MP's there is no way to control which one.
I would make sure that the VLAN can communicate with the MP that already exists instead.
Regards,
jörgen
-- My System Center blog ccmexec.com -- Twitter
@ccmexec

Similar Messages

  • Firewall in 10.5, how to open ports and how to manage?

    I am pulling my hair out with the new firewall in 10.5. In 10.4 I could just set ports as I liked in the control panel, in 10.5 there is no such thing.
    I need to for example open port 49999 to allow PageSender to function in my network.
    I need to open port 5901 to work with JollyFast VNC, as port 5900 is used by Apple Remote Desktop and the conflict if they both use the same port.
    Some of these ports I need permanent open like 59999 and others for one session and than close again, like 5901. Again in 10.4 I made the rule in the pref pane, ticked the box and Bob was your uncle. Now?
    I would like to be able to see what ports are open and active on the machine. I have no idea as to where I could see this.
    And at the same time I would like to keep the firewall as closed as possible as I am often on line in hotels etc.
    So I need help, is there a manual somewhere someone is aware of? Or do you have any answers?

    The new Application Firewall does not work in the same way as IPFW (the main firewall in 10.4).
    Instead of managing ports, it simply controls the access of applications to any port. Thus, if you want PageSender to receive connections, you simply need to switch the firewall to "Set access for specific services and applications", and then add PageSender to the list, with "Allow incoming connections". When you do this, PageSender will be able to receive connections on any port that it needs to.
    If you don't like this method of controlling connections, you can still use IPFW. Apple has removed the GUI, but you can download a GUI application like [NoobProof|http://www.hanynet.com/noobproof> or [WaterRoof|http://www.hanynet.com/waterroof/index.html], and you can then set access for specific ports.
    There are no problems with using both IPFW and Application Firewall.
    Cheers,
    Rodney

  • Management point location for workgroup clients in DMZ

    Hi All,
    I am trying to install the SCCM 2012 client to some servers that are located in a workgroup and in a DMZ at our organization.
    I have read up about the config for this and I think that we have everything in place but the clients themselves are not locating a management point which I think is due to the setup of the IIS on the management points.
    Firstly, I ammended the local hosts file on the system to ensure that the server could resolve the SCCM site server and 2 management points by using NetBIOS and FQDN. I also checked that the ports are opened from the client to the
    management point.
    I then ran ccmsetup using the following switches /noservice /mp=smsmp SMSSITECODE=XXX SMSSLP=SMSMP FSP=SMSSITESERVER CCMHTTPPORT=24555 CCMHTTPSPORT=24556 RESETKEYINFORMATION=TRUE which appers to have sucessfully installed the client
    but is now failing to communicate with the MP specified. I am seeing on the client the following repeated in the locationservices.log
    <![LOG[Raising event:
    instance of CCM_CcmHttp_Status
                DateTime = "20141127153834.775000+000";
                HostName = "SMSMP";
                HRESULT = "0x87d0027e";
                ProcessID = 4004;
                StatusCode = 401;
                ThreadID = 5184;
    ]LOG]!><time="15:38:34.775+00" date="11-27-2014" component="LocationServices" context="" type="1" thread="5184" file="event.cpp:715">
    <![LOG[Successfully sent location services HTTP failure message.]LOG]!><time="15:38:34.962+00" date="11-27-2014" component="LocationServices" context="" type="1" thread="5184"
    file="ccmhttperror.cpp:396">
    <![LOG[Error sending HEAD request. HTTP code 401, status 'Unauthorized']LOG]!><time="15:38:34.962+00" date="11-27-2014" component="LocationServices" context="" type="3"
    thread="5184" file="util.cpp:2568">
    <![LOG[Workgroup client is in Unknown location]LOG]!><time="15:38:34.962+00" date="11-27-2014" component="LocationServices" context="" type="1" thread="5184"
    file="lsad.cpp:1078">
    <![LOG[[CCMHTTP] ERROR: URL=http://SMSMP, Port=24555, Options=224, Code=0, Text=CCM_E_BAD_HTTP_STATUS_CODE]LOG]!><time="15:38:34.993+00" date="11-27-2014"
    component="LocationServices" context="" type="1" thread="5184" file="ccmhttperror.cpp:297">
    And on the management point I am seeing the following repeated in the IIS logs
    x.x.x.x HEAD / - 24555 - x.x.x.x SMS+CCM+5.0 - 401 2 5 216 0
    I understand that this points to the IIS authentication issue so I have tried browsing to http://smsmp.domainname.com/sms_mp/.sms_aut?mplist and
    I do get a list of management points returned so I'm a little confused now. The other thing that confuses me is that we also have another domain we manage clients
    in and these systems have all registered with the MP fine even though there is no trust relationship in place between the 2 domains.
    I have checked anonymous authentication has been enabled on the SMS_MP virtual directory but I can see that it is set to use a user account of IUSR, but this is not a local user on the MP nor an AD user from what I can see.
    Is anybody able to point me in the correct direction of either what I am doing wrong or which settings I should be checking?
    Thanks in advance for any help
    Andrew

    You mention in your ccmsetup install properties: CCMHTTPPORT=24555 CCMHTTPSPORT=24556
    While the MPList test you provided shows:
    http://smsmp.domainname.com/sms_mp/.sms_aut?mplist
    This is on port 80
    Where is your MP? Port 80 or 24555 ?

  • Error adding Management Point over Win2008 SP2 x86

    Hi,
    I am using SCCM 2012 R2.
    I am trying to install an additional management point over Windows 2008 Enterprise SP2 x86. The prerequisites was installed based on the following article: http://technet.microsoft.com/en-us/library/gg682077.aspx#BKMK_SiteSystemRolePrereqs
    The error is the following:
    Site Component Manager detected that the site server does not contain the binary files for the platform (processor architecture) of site system "\\SERVER2.MYDOMAIN.COM". Possible cause: When installing this site, you did not specify that the binary
    files for this site system's platform should be installed on the site server.
    Solution: Use Configuration Manager Setup to modify the configuration of this site. When asked to select the server platforms for this site, select this site system's platform
    The following article http://technet.microsoft.com/en-us/library/gg682077.aspx#BKMK_SupConfigSiteRoleReqs states that a MP can be installed over a Windows 2008 SP2 x86,x64 server (Standard, Enterprise or Datacenter).
    The first SCCM server is local admin at Win2008 Server (server I need to be second MP).
    The question is:
    What is the procedure to install a MP over Windows 2008 SP2 x86 server?
    Thanks in advance!

    Hi,
    Your MP's have the right ports open and the right pre-reqs installed?
    Have you checked the log files MP*.log?
    http://technet.microsoft.com/en-us/library/hh427342.aspx#BKMK_MPLog
    We
    are trying to better understand customer views on social support experience, so your participation in this
    interview project would be greatly appreciated if you have time.
    Thanks for helping make community forums a great place.

  • DMZ Client Deployment failing. Unable to find Management Point

    I'm trying to install SCCM 2012 R2 client to a server in our DMZ.  This server is in a workgroup.  I have been following this article
    http://nikifoster.wordpress.com/2011/01/31/installing-configmgr-clients-on-servers-in-a-dmz/ however the SCCM agent doesn't seem to be able to find the Management Point, which is on the internal LAN.
    Step so far
    1) Port 80 and Port 8530 opened on the firewall between the DMZ server and the Primary site server (bi-directionally).
    2) Host and LMHost file on the DMZ server updated with the IP address of the Primary site server (where the MP is located).
    3)Boundary created on the Primary site server to include the IP address of the DMZ server.
    4)Client install files copied locally to the DMZ server.
    5)Installed with the following command ccmsetup.exe /MP:servername SMSSITECODE=ABC DNSSUffix=contoso.com
    The client installs but does not pick up the correct site code.  On the site tab the settings are blank and I can't manually update them.  In the locationservices.log it looks like it assigns the server to the correct site and then the following
    error appears Failed to retrieve DNS service record.... Unable to to find Lookup MP in Registry,AD, DNS and WINS.
    I'm not using Certificates.  The DMZ server IP address can be resolved from the Management Point (which is the site server) and the DMZ server will resolve the Management Point address.
    Does anyone have any ideas what I've missed?
    Thanks in advance

    Also note the difference between /mp and SMSMP:
    http://blog.configmgrftw.com/ccmsetup-mp-and-smsmp/
    Both are required in this case.
    Jason | http://blog.configmgrftw.com | @jasonsandys

  • SCCM 2012 R2 - Management Point deployment to untrusted domain

    Hi all,
    we've got two domains in our environment which have no trust relationship. I have sccm 2012 r2 installed on a Windows 2012 R2 server in the larger domain
    and have just installed a DP and MP on a Windows 2008 R2 server in the second, smaller domain. The Management Point installed ok according to mpmsi.log but the problem i'm having is that the mpcontrol.log is now repeatedly throwing up the following message:
    Call to HttpSendRequestSync failed for port 80 with status code 500, text:Internal Server Error
    On the dp/mp server in the smaller domain i can browse to http://sccm-dp1/ ok. I can also browse to http://sccm-dp1/sms_mp/.sms_aut?MPCert ok. I cannot
    browse to http://sccm-dp1/sms_mp/.sms_aut?MPList (receive a HTTP 500 error).
    In additon to this, every now and again the MP tries to connect to the SQL DB in the other domain. This fails with the following errors:
    MPStart(): RegisterWithWINS() returned 0x0 
    SMS_MP_CONTROL_MANAGER
    01/04/2015 17:23:04  1924 (0x0784)
    CMPControlManager::PublishInDNS: DnsReplaceRecordsInSet() failed with status 9002.           
    SMS_MP_CONTROL_MANAGER
    01/04/2015 17:23:04  1924 (0x0784)
    MPStart(): PublishInDNS() returned 0x0         
    SMS_MP_CONTROL_MANAGER
    01/04/2015 17:23:04  1924 (0x0784)
    EnableBranchCache(): configuration has not been changed. 
    SMS_MP_CONTROL_MANAGER
    01/04/2015 17:23:04           
    1924 (0x0784)
    MPStart(): EnableBranchCache() returned 0x0           
    SMS_MP_CONTROL_MANAGER
    01/04/2015 17:23:04  1924 (0x0784)
    Successfully Registered for IP Address Change notifications. 
    SMS_MP_CONTROL_MANAGER
    01/04/2015 17:23:04           
    1924 (0x0784)
    MPStart(): RegisterForIPAddressChangeNotification() returned 0x0  
    SMS_MP_CONTROL_MANAGER
    01/04/2015 17:23:04         
    1924 (0x0784)
    Attempting to register the SQL connection type for the configured SQL database.    
    SMS_MP_CONTROL_MANAGER           
    01/04/2015 17:23:04 
    1924 (0x0784)
    Registered connection type for SQL Server 'xxxxxxxxx' and database 'xxxx\xxx_xxx'.           
    SMS_MP_CONTROL_MANAGER
    01/04/2015 17:23:04  1924 (0x0784)
    MPStart(): RegisterSqlDatabaseConnectionType() returned 0x0        
    SMS_MP_CONTROL_MANAGER
    01/04/2015 17:23:04         
    1924 (0x0784)
    Checking the current CLR Enabled configuration setting for the configured SQL Server hosting the database.           
    SMS_MP_CONTROL_MANAGER
    01/04/2015 17:23:04  1924 (0x0784)
    Getting the CLR Enabled value from the configured SQL database.   
    SMS_MP_CONTROL_MANAGER
    01/04/2015 17:23:04         
    1924 (0x0784)
    Attempting to connect to the configured SQL database.        
    SMS_MP_CONTROL_MANAGER
    01/04/2015 17:23:04           
    1924 (0x0784)
    Impersonating using the SQL connection account; user name is now 'xxxxxxxxx'.    
    SMS_MP_CONTROL_MANAGER           
    01/04/2015 17:23:04 
    1924 (0x0784)
    *** [08001][10060][Microsoft][SQL Server Native Client 11.0]TCP Provider: A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to
    respond.        SMS_MP_CONTROL_MANAGER       
    01/04/2015 17:28:10           
    1924 (0x0784)
    *** [HYT00][0][Microsoft][SQL Server Native Client 11.0]Login timeout expired        
    SMS_MP_CONTROL_MANAGER           
    01/04/2015 17:28:10 
    1924 (0x0784)
    *** [08001][10060][Microsoft][SQL Server Native Client 11.0]A network-related or instance-specific error has occurred while establishing a connection to SQL Server. Server is not found or not accessible. Check if instance name is correct and if SQL
    Server is configured to allow remote connections. For more information see SQL Server Books Online.    
    SMS_MP_CONTROL_MANAGER       
    01/04/2015 17:28:10        
    1924 (0x0784)
    *** Failed to connect to the SQL Server, connection type: MP_CONTROL_ACCESS.           
    SMS_MP_CONTROL_MANAGER       
    01/04/2015 17:28:10        
    1924 (0x0784)
    Failed to get connection to the configured SQL database.  
    SMS_MP_CONTROL_MANAGER       
    01/04/2015 17:28:10       
    1924 (0x0784)
    Failed to connect to the configured SQL database. 
    SMS_MP_CONTROL_MANAGER       
    01/04/2015 17:28:10           
    1924 (0x0784)
    Reverting back from using the SQL connection account.         
    SMS_MP_CONTROL_MANAGER
    01/04/2015 17:28:10           
    1924 (0x0784)
    Failed to get the current CLR Enabled configuration setting for the configured SQL Server hosting the database.           
    SMS_MP_CONTROL_MANAGER       
    01/04/2015 17:28:10        
    1924 (0x0784)
    MPStart(): CheckSqlDatabaseClrEnabled() returned 0x800720d9      
    SMS_MP_CONTROL_MANAGER
    01/04/2015 17:28:10         
    1924 (0x0784)
    Waiting up to 300 seconds for the SMS Agent Host service to be running.    
    SMS_MP_CONTROL_MANAGER
    01/04/2015 17:28:10         
    1924 (0x0784)
    Stopped waiting for the SMS Agent Host service to be running; Result = 0x0.           
    SMS_MP_CONTROL_MANAGER           
    01/04/2015 17:28:10 
    1924 (0x0784)
    MPStart(): WaitOnSmsAgentHostRunning() returned 0x0       
    SMS_MP_CONTROL_MANAGER
    01/04/2015 17:28:10           
    1924 (0x0784)
    MPStart(): CreateThread() succeeded with id 0x2fc.  
    SMS_MP_CONTROL_MANAGER
    01/04/2015 17:28:10  1924 (0x0784)
    SMS_MP_CONTROL_MANAGER successfully STARTED. 
    SMS_MP_CONTROL_MANAGER
    01/04/2015 17:28:10  1924 (0x0784)
    Can anyone provide any suggestions as to where i should begin troubleshooting this issue? When i deployed the MP to the smaller domain i ensured it
    had a Management Point Connection Account which could access the SQL DB in the larger domain. I'm wondering if the two error messages i'm receiving are related or whether i have two separate issues here?
    Thanks for the help!

    Hi Paul,
    thanks for taking the time to help. I registered asp.net v4 with IIS as per your suggestion, unfortunately it hasn't made much difference and i'm still seeing the "Call
    to HttpSendRequestSync failed for port 80 with status code 500, text:Internal Server Error"
    message repeating in mpcontrol.log. Have you got any further suggestions of things
    to try? Seems like an error message i really need to fix!
    As far as the MP to SQL issue goes, the network team assured me the connection is allowed
    but i might get them to double check this just in case. 
    Thanks

  • Open Item Management

    Hii all of u ...
    For which accounts we have to select "Open item Management " in FS00 ??
    Wht is the Clearing procedure for GL Accounts?
    Is there any provision to do " Automatic Clearing " for Vendors and Customers , as we r uploading the data for customer and vendor accounts...if is there can u plsss explain to me...
    Answers will b great appreciateble..
    thanks in advance
    regards
    ramki

    Hi
    Accounts that are managed on an open item basis include:
    Clearing account:
    Bank clearing account
    Payroll clearing account
    Cash discount clearing account
    GR/IR clearing account
    Accounts that are not managed on an open item basis:
    Bank accounts
    Tax accounts
    Raw material accounts
    Reconciliation accounts
    These are managed implicitly using the subledger open item function.
    Profit and loss accounts
    Materials Management (MM) accounts posted with a posting key that has account type 'M'
    If useful assign points
    Regards
    Amit

  • Can no longer open Fabric Manager Web Client 4.7(2b)

    Hello
    I have recently upgraded from Fabric Manager 3.3(2b) to 4.2(7b). I followed the correct path, so went from 3.3 to 4.1 and then from 4.1 to 4.2.
    The application opens but I can not browse to the localhost address on either http or https and there are no Cisco related services running, or, even available. Additionally, the server is no longer listenning on port 80 or 443.
    Does anyone know of what might be happenning here because at the moment, trying to get to the server from itself, or remotely, just brings up a "page cannot be displayed" error.
    Many thanks in advance
    Anthony
    p.s. I have rebooted since the rebuild.

    Hi
    Yes, the PostgreSQL service has started but there is not even a Cisco Fabric Manager service visible, nor a Fabric Manager Web Client service. I can open Fabric Manager and it works, just no services and I cant open the Web GUI.
    Thanks for replying
    Anthony

  • Change GL account to open intem management

    Hi,
    We are going to change a GL account to open item management.
    We need a program that changes all prevously posted items ( non open item management ) to open item management. If anyone knows such a program ( standard or customer's ), I'll be glad to know it.
    Points are guaranteed.
    Regards,
    Svetlin

    It's not easy problem, because you have to change several dictionary tables.
    If your documents are created directly by Accounting Module, you should check only FI tables, but you make sure others Module (CO for example) aren't related, so if you are sure you need to update these tables:
    - BKPF, BSEG, BSIS (open Items, but check all table BS*):
    Perhaps, if GL accounts are the same characteristics, you need to change only the value HKONT in BSEG, but this field is a key field for BSIS, so you need to delete the record before updating it.
    I think it's not good idea, but you can try.
    Max

  • I am trying to create a new profile, but I cannot open profile manager in Mac OS 10.5.8. I get the following error: "dyld: unknown required load command 0x80000022 Trace/BPT trap".

    Hello,
    I am trying to repair my Firefox profile, but I cannot open profile manager in Mac OS 10.5.8. When I follow the directions for opening profile manager in my Terminal utility, I get the following error: "dyld: unknown required load command 0x80000022 Trace/BPT trap".
    At this point, Firefox (v 5.0 or previous versions), is not running.
    Thanks.

    [http://asqueella.blogspot.com/2010/12/dyld-unknown-required-load-command.html Here's an Explanation]. Basically you need to add "arch -i386 " at the beginning of the command because 10.5 is 32-bit only and more recent versions of Firefox default to 64-bit.

  • Post open items with clearing for a account nt previously open item managed

    Hi,
    We have a current VAT account which was not open item managed till April 2008. Since the account has a zero balance we were able to make it open item managed from May onwards.
    Using transaction code FS10N we see that there are some items which are open  (type SB and SA). We want to post these items with clearing.
    Moreover the postings made in the vat account are done every month but they are manual postings only using T.Code FB50 and as checked using the transaction code OB40.
    We are not also allowed to run program RSEPA02. as this is not a standard program and not recommended to be run by SAP.
    Could anyone please sujjest how can we post the previous items with clearing.
    Thanks and regards,
    Priyajit.

    Hi,
    In this case when you are shifting account from open item to non open item all the open item debit and credit side to a dummy account and when account is converted into open item you have to reverse the earlier entries.
    Check this with what exactly you have done.
    Assign points if solved the problem.
    Warm Regards
    Edited by: MILIND on May 20, 2008 10:29 AM

  • Clearing Non Open Item Managed documents

    Hello,
    we have an existing G/L account where it was previously set to non open item managed. after some time, they have switched it to OI managed. since the balance of this account is 0, they were able to switch it successfully.
    problem is, during FBL3n, these documents (that were posted when the account is still non open item managed) is listed in the open items. can this items be "cleared"?
    thanks
    Moderator: Search SDN and certainly don't post threads, which were locked before, under different names. This is violation of SDN rules

    HI,
    When u have created the GL and if you have not activate or deactivate the OPEN ITEM mmanagement.
    You have to use the follow  SAP std progrom. ther are four std program SAP has provide for this these
    RFSEPA01
    RFSEPA02
    RFSEPA03
    RFSEPA04
    you have to check the documentation of the program to know which one u have to used here for your case .
    hope this is clear assign the points.
    with regards
    krishna

  • How to change status of open item management check box??

    Dear Members,
    There is a GL which was not defined as Open Item Management Previously.
    Now we Identified and we wanted to define it as Open Item Managed account.
    For ex take ..Payable Account
    say there is one line item with credit balance ..to make this accoount balance as 0 (ZERO)  ..we reversed the original entry ..we tried to select open item check box..
    but system is not allowing us to change ..instead its giving msg"Account balance is zero but stil open items exists"
    i dont understan this ..
    now how to solve this problem
    thanks & regards.

    Hi suja csc,
    Thanks for the points : )
    OK it's very easy to transfer the balance. Either u have already customised program to upload data or if the data is "little" u can just manual posting using FB01. just zerorise all balances in the old account.
    Eg. old journal:
    01  MAN        NIAGA SDN.              1,975.00 
    50  80070010   Rental-Car Park              1,975.00-
    To transfer:
    17  MAN        NIAGA SDN.              1,975.00-
    40  80070010   Rental-Car Park              1,975.00
    Means, the account will be zero.
    Hope this will help you.
    TQ
    Regards,
    Nazrul

  • Open Item Manage - GL Account

    Hi,
    I have earlier created a GL Account without choosing the option of Open Item Manage.  Now this account has certain entries and have balance. 
    Can anybody guide me for converting this account into "Open item managed".
    Regards,
    Harish

    Hi,
    If you want to change the flag "open item management", you need to follow the steps described in message FH087:
    "If you want to switch this function on retroactively for a certain account, you should create a new account with the correct setting and use this to make a transfer posting of existing items."
    "If you want to switch off the open item management function   retroactively for an account, you must first clear all the postings   currently on this account. You cannot make any changes to the account  management method until this is done."
    The only  possible workaround available for the same is:
    Create a new account with the correct account assignment. Post your items to the new account. If you want to use the original account number, you must bring the account balance to zero, change the account assignment, and repost the items. You can remove the old items by archiving the documents.
    Please assign  points if it useful.
    Regards
    Ravinagh Boni

  • Open item Management Hidden Field

    Dear Friends:
    When creating an GL Account, I am getting the following Error:
    Field 'Open item Management' contains an entry, although it is hidden.You cannot Save.
    How to overcome the problem?Please advise.
    Regards
    MSReddy

    Hi Sridhar,
    Use T.Code : OBD4 ,Select your Account grouop related to your chart of accounts, select the field status . Change the "Open item Management" from suppress to optional.
    I hope this will definitely solve the problem.
    If the problem is solved , please assign points.
    Thanks
    D.K.Lakshmi Narayana

Maybe you are looking for

  • Issue with Deduplicated files and Mac OSX 10.9.2

    Running a Windows 2012 R2 DFS with Deduplication enabled on the storage drives.  Both Macs and PCs regularly interact with the system with no issues. However with Apple's rollout of 10.9.2 SMB2 'fix' users are no longer able to correctly interact wit

  • Conditional Build Tags - How Many is Too Many?

    Has anyone ever run into problems generating a project because of too many conditional build tags? I'm new to this and considering using quite a few in a particular project - unless I find that overuse will compromise the project on the backend. I'd

  • Can you have audio automatically start when new page is loaded

    I was wondering if iWeb allows you to set up an audio file to be played automatically when someone loads a certain page. Thanks for your help

  • Line Graphs

    Hi I'm trying to construct a line graph on an applet from values in two arrays. I also need to make the axis scale with different value ranges that can be in the arrays. Now I've looked at the sun tutorials but I cant fin anything to do this seemingl

  • Showing not valid file masage

    Hi when i open my email there is pdf docouments not open showing  not valid file