Sccm 2012- remote access to client

Similar Messages

• SCCM 2012 Remote control with NON admin ID

  When trying to remote a machine via SCCM 2012 remote control using a non admin ID it does not connect. Get the following in the CmRcService log file:
  HandshakeWorker failed..
  The logon attempt failed (Error: 8009030C; Source: Windows) CmRcService 2014-12-10 01:19:41 PM 2632 (0x0A48)
  Security filter server: DoHandshake failed..
  The logon attempt failed (Error: 8009030C; Source: Windows) CmRcService 2014-12-10 01:19:41 PM 2632 (0x0A48)
  m_pSecFilter DoHandshake() failed. CmRcService 2014-12-10 01:19:41 PM 2632 (0x0A48)
  DoHandshake failed on server side.
  The logon attempt failed (Error: 8009030C; Source: Windows) CmRcService 2014-12-10 01:19:41 PM 2632 (0x0A48)
  Failed to do Handshake in Server.
  The logon attempt failed (Error: 8009030C; Source: Windows) CmRcService 2014-12-10 01:19:41 PM 2632 (0x0A48)
  Failed to create security context.. Security Handshake failed.
  The logon attempt failed (Error: 8009030C; Source: Windows) CmRcService 2014-12-10 01:19:41 PM 2632 (0x0A48)
  Failed to validate Security requirement..
  The logon attempt failed (Error: 8009030C; Source: Windows) CmRcService 2014-12-10 01:19:41 PM 2632 (0x0A48)
  Failed to complete the RDP connection..
  The logon attempt failed (Error: 8009030C; Source: Windows) CmRcService 2014-12-10 01:19:41 PM 2632 (0x0A48)

  Hi,
  Please check the similar thread below that is a Group Policy issue.
  Quote:
  our group policy is allowing only the local administrator to access the network , so the normal user will  not able to access the machine even the sccm remote tools member 
  https://social.technet.microsoft.com/Forums/en-US/77c865c2-7602-4234-a4cd-52d54ab6d653/sccm-2012-remote-access-to-client?forum=configmanagerdeployment
  Best Regards,
  Joyce

• SCCM 2012 Remote Control Viewer - Multiple Session

  Hello Guys,
  We have faced one issue that there have only one session can be connected if we are using the SCCM 2012 remote control viewer. The problem is that we have two support team may require to remote the same desktop in the same time via the remote control viewer.
  Do anyone know how we can activate more session for remote control viewer in SCCM 2012?
  Thanks,
  SCCM users

  FYI – If you need to have 2 technicians remoted into the same device, we found a workaround, this works with SCCM 2012 SP1 CU3, and Windows 7 clients.
  For tech1, using the ConfigMgr console, right-click the device, Start -> Remote Control
  For tech2, using the ConfigMgr console, right-click the device, Start -> Remote Assistance

• Can ASA5505 forward remote-access-VPN clients to LAN

  I currently have ASA-5505 and 2911-Router and I'm trying to configure VPN topology.
  Can ASA5505 forward remote-access-VPN clients to LAN operated by a different router?
  Are these two cases possible?:
  (1) ASA-5505 and 2911-Router are on separate WAN interfaces, each directly connected to ISP. But then can I connect one of other LAN interfaces of ASA-5505 into a switch managed by 2911-Router to inject remote-SSL-VPN clients into the LAN managed by the router?
  (2) ASA-5505 is behind 2911-Router. Can 2911 Router assign a public ip address or have public ip address VPN-access attempts directly be forwarded to ASA-5505 when there is only one public ip address available?
  Long put short, can ASA-5505 inject its remote-access-VPN clients as one of hosts on the LAN managed by 2911-router?
  Thanks.

  I could help you more if you can explain the purpose of this setup and the connectivity between the ASA and router.
  You can enable reverse-route on the Dynamic map on the ASA. The ASA will install a static route for the client on the routing table. You can use a Routing protocol to redistribute the static routes to your switch on the LAN side of the ASA.

• SCCM 2012 - Network requirements for Client communication to primary in a Cross Forest Environment

  Hello, I have been trying to get some definitive answers on what network traffic is required between a client and a primary site versus a secondary in a cross forest scenario.
  Here is the scenario:
  Company A has an existing SCCM 2012 primary Site. Company B (Separate Forest) has now been brought in. One subnet on each side can route to each other and using that one subnet a two way forest
  trust has been setup. But the remote offices have IP address overlaps between companies. At some point in the future all assets on company B will be re-IP and brought over to Company A domain. But in the interim it would be nice to get SCCM cross forest clients
  working. Upgrading to a CAS model with two Primaries would not be preferred here as this is a temporary solution. 
  My questions are as follows.
  If a secondary site is deployed into Company B Forest/Network. I have seen people online elude to that clients will still need to communicate to the Primary located at Company A, even though they
  are assigned to a secondary on Company B’s network. Is this true? Is there any workarounds for this? Is a NAT back to the primary acceptable, or is reverse lookup required?
  Will the Primary need to communicate directly to the clients in Company B? If this is in fact a requirement, then this would be a show stopper. But if its only needed for things like client pushes,
  then we could work around it.
  Thanks

  "But the remote offices have IP address overlaps between companies"
  Technically, this is unsupported because clients, depending upon your boundaries, will not be able to find a local DP since they use IP addresses for this. The only way to work around this is to use AD Site boundaries.
  "though they are assigned to a secondary"
  Clients are *never* assigned to a secondary site -- that's not what secondary sites are for. Yes, clients require communication with an MP in the primary site where they are assigned. There is no way to change this or work-around this except to put
  an MP from the primary site closer to those clients and use the new MP affinity option in R2 CU3.
  Reverse lookups are only used to verify names by applications that wish to have this type of functionality (which are very few in number) and have nothing to do with true network traffic. NATing is an issue for the reason I gave above -- DP location.
  Remote control, client push, and WoL won't work either because there is no way for the traffic to reach the destination behind the NAT.
  All client *agent* communication in ConfigMgr is client initiated in ConfigMgr (remote control, client push, and WoL -- as just mentioned -- are sort of exceptions to this but they don't really involve the client *agent*.)
  Jason | http://blog.configmgrftw.com | @jasonsandys

• Allowing the domain users Group to SCCM 2012 Remote Control

  Hi There,
  been working on this issue for the last few days now and its frustrating the crap out of me. My company has requested for all Domain users to be allowed to Remote Control to everyone's computer. This is so that users will be able to show each other how to
  use in house application. In SCCM 2012 console, I've added the Domain users to the Premitted viewer tab. I've also added the domain user group to the administrative user section, added the Remote operator role and assigned the
  ALL security scope to it. On another machine, i run the CMRCviewer to this machine and it prompts for username advising me the one i provided isn't authorized. when i check on the targeted machine, i can see domain users populated in the ConfigMgr
  remote control user group
  It seems only domain admins have rights to Remote control in. i've only got one client setting defined (default policy).
  the interesting thing is the following layout
  WINDOWS XP ---> WINDOWS 7      prompts for username
  WINDOWS 7 -----> WINDOWS XP  works
  WINDOWS XP -----> WINDOWS XP  works
  WINDOWS 7 ------> WINDOWS 7     prompts for username

  Hi Dave,
  1) yes domain users is part of the configMgr remote control users". CMRCSERVICE.log shows the following
  === Starting security handshake ===
  CmRcService
  11/03/2013 10:44:29 AM
  4808 (0x12C8)
  HandshakeWorker failed.. 
  The logon attempt failed (Error: 8009030C; Source: Windows)
  CmRcService 11/03/2013 10:44:29 AM
  4808 (0x12C8)
  Security filter server: DoHandshake failed.. 
  The logon attempt failed (Error: 8009030C; Source: Windows)
  CmRcService 11/03/2013 10:44:29 AM
  4808 (0x12C8)
  m_pSecFilter DoHandshake() failed. CmRcService
  11/03/2013 10:44:29 AM 4808 (0x12C8)
  DoHandshake failed on server side. 
  The logon attempt failed (Error: 8009030C; Source: Windows)
  CmRcService 11/03/2013 10:44:29 AM
  4808 (0x12C8)
  Failed to do Handshake in Server. 
  The logon attempt failed (Error: 8009030C; Source: Windows)
  CmRcService 11/03/2013 10:44:29 AM
  4808 (0x12C8)
  Failed to create security context.. Security Handshake failed.
  The logon attempt failed (Error: 8009030C; Source: Windows)
  CmRcService 11/03/2013 10:44:29 AM
  4808 (0x12C8)
  Failed to validate Security requirement.. 
  The logon attempt failed (Error: 8009030C; Source: Windows)
  CmRcService 11/03/2013 10:44:29 AM
  4808 (0x12C8)
  Failed to complete the RDP connection.. 
  The logon attempt failed (Error: 8009030C; Source: Windows)
  CmRcService 11/03/2013 10:44:29 AM
  4808 (0x12C8)
  i've confirmed this user is part of domain users as well.

• In SCCM 2012 if it integrates with 1E Nomad SCCM 2012 nomad how many clients it can handle

  Hi All
  Its about SCCM 2012 R2 with NOmad , we have around 300 and 500 users in WAN link remote locations ,if we use NOMAD
  it will handle more then 300 user in a remote location 

  Thanks for the question. The quick answer is it will work JUST fine for any SW Dist scenario you throw at it... the better answer is it will also depend on which version of Nomad you are using. Our current version is instrumented to handle VERY large remote
  offices across the WAN. Features like FanOut will dramatically improve performance with a large number of systems on a single subnet (on the order of 1,000's). Single Site Download further scales it out to having a scenario like a remote office with many thousands
  of systems, like an office building or site with many subnets there, each with many clients per subnet. You can manage that scenario easily with just a single instance of the content being downloaded and then replicated throughout the building/site very rapidly
  by a single Nomad master machine.
  Feel free to reach out to me directly (Ed.Aldrich AT 1e.com) if you wish to know more, or take a look at
  http://www.1e.com/nomad/ for a public facing look at all the usual sort of material and info.
  Ed Aldrich | 1E | Pre-Sales Solutions Engineer | ConfigManager MVP 2003-2012

• Windows 2012 Remote Access Log

  Hello,
  is there a setting or configuration in Windows Server 2012 which excludes some sort of "grey Clock+Date screen" asking for Ctrl+Alt+Del for sign in, when accessing in the Server via Remote Access?
  Actually this screen appears, and it is not receiving my Ctrl+Alt+Del remotely, so I can't sign in...
  Thank you!!

  Here’s a list commonly used keyboard shortcut key combinations to use in Remote Desktop Connection navigation, together with the action the shortcuts perform and equivalent keyboard shortcuts on local desktop.
  CTRL+ALT+END: Open the Microsoft Windows NT Security dialog box (CTRL+ALT+DEL)
  ALT+PAGE UP: Switch between programs from left to right (CTRL+PAGE UP)
  ALT+PAGE DOWN: Switch between programs from right to left (CTRL+PAGE DOWN)
  ALT+INSERT: Cycle through the programs in most recently used order (ALT+TAB)
  ALT+HOME: Display the Start menu (CTRL+ESC)
  CTRL+ALT+BREAK: Switch the client computer between a window and a full screen
  ALT+DELETE: Display the Windows menu
  CTRL+ALT+Minus sign (-): Place a snapshot of the entire client window area on the Terminal server clipboard and provide the same functionality as pressing ALT+PRINT SCREEN on a local computer (ALT+PRT SC)
  CTRL+ALT+Plus sign (+): Place a snapshot of the active window in the client on the Terminal server clipboard and provide the same functionality as pressing PRINT SCREEN on a local computer (PRT SC)
  . : | : . : | : . tim

• Remote Access VPN Clients Cannot Access inside LAN

  I have been asked to set up remote access VPN on an ASA 5505 that I previously had no invlovement with.  I have set it up the VPN using the wizard, they way I normally do, but the clients have no access to anything in the inside subnet, not even the inside interface IP address of the ASA.  Thay can ping each other.  The remote access policy below that I am working on is labeled VPNPHONE, address pool 172.16.20.1-10.  I do not need split tunneling to be enabled.  The active WAN interface is the one labeled outside_cable.
  : Saved
  ASA Version 8.2(1)
  hostname ASA5505
  domain-name default.domain.invalid
  enable password eelnBRz68aYSzHyz encrypted
  passwd eelnBRz68aYSzHyz encrypted
  names
  interface Vlan1
  nameif inside
  security-level 100
  ip address 192.168.100.1 255.255.255.0
  interface Vlan2
  nameif outside
  security-level 0
  pppoe client vpdn group dataDSL
  ip address 76.244.75.57 255.255.255.255 pppoe
  interface Vlan3
  nameif dmz
  security-level 50
  ip address 192.168.9.1 255.255.255.0
  interface Vlan10
  nameif outside_cable
  security-level 0
  ip address 50.84.96.178 255.255.255.240
  interface Ethernet0/0
  switchport access vlan 2
  interface Ethernet0/1
  switchport access vlan 10
  interface Ethernet0/2
  switchport access vlan 3
  interface Ethernet0/3
  interface Ethernet0/4
  interface Ethernet0/5
  interface Ethernet0/6
  interface Ethernet0/7
  ftp mode passive
  clock timezone CST -6
  clock summer-time CDT recurring
  dns server-group DefaultDNS
  domain-name default.domain.invalid
  same-security-traffic permit intra-interface
  object-group service Netbios udp
  port-object eq 139
  port-object eq 445
  port-object eq netbios-ns
  object-group service Netbios_TCP tcp
  port-object eq 445
  port-object eq netbios-ssn
  object-group network DM_INLINE_NETWORK_1
  network-object host 192.168.100.177
  network-object host 192.168.100.249
  object-group service Web_Services tcp
  port-object eq ftp
  port-object eq ftp-data
  port-object eq www
  port-object eq https
  object-group network DM_INLINE_NETWORK_10
  network-object host 192.168.9.10
  network-object host 192.168.9.4
  object-group network DM_INLINE_NETWORK_11
  network-object host 192.168.9.10
  network-object host 192.168.9.4
  object-group network DM_INLINE_NETWORK_2
  network-object host 192.168.9.10
  network-object host 192.168.9.4
  object-group network DM_INLINE_NETWORK_3
  network-object host 192.168.9.10
  network-object host 192.168.9.4
  object-group network DM_INLINE_NETWORK_4
  network-object host 192.168.9.10
  network-object host 192.168.9.4
  object-group network DM_INLINE_NETWORK_5
  network-object host 192.168.9.10
  network-object host 192.168.9.4
  object-group network DM_INLINE_NETWORK_6
  network-object host 192.168.9.10
  network-object host 192.168.9.4
  object-group network DM_INLINE_NETWORK_7
  network-object host 192.168.9.10
  network-object host 192.168.9.4
  object-group network DM_INLINE_NETWORK_8
  network-object host 192.168.9.10
  network-object host 192.168.9.4
  object-group network DM_INLINE_NETWORK_9
  network-object host 192.168.9.10
  network-object host 192.168.9.4
  object-group network VPN
  network-object 192.168.255.0 255.255.255.0
  access-list outside_access_in extended permit icmp any host 76.244.75.61
  access-list outside_access_in extended permit tcp any host 76.244.75.61 eq ftp
  access-list outside_access_in extended permit tcp any host 76.244.75.61 eq ftp-data
  access-list outside_access_in extended permit tcp any host 76.244.75.62 eq www
  access-list outside_access_in extended permit tcp any host 76.244.75.62 eq https
  access-list outside_access_in extended permit tcp any host 76.244.75.59 eq www
  access-list outside_access_in extended permit tcp any host 76.244.75.59 eq https
  access-list outside_access_in extended permit tcp any host 76.244.75.60 eq www
  access-list outside_access_in extended permit tcp any host 76.244.75.60 eq https
  access-list outside_access_in extended permit tcp any host 76.244.75.58 eq www
  access-list outside_access_in extended permit tcp any host 76.244.75.58 eq https
  access-list dmz_access_in remark Quickbooks
  access-list dmz_access_in extended permit tcp object-group DM_INLINE_NETWORK_6 host 192.168.100.5 eq 56719
  access-list dmz_access_in remark Quickbooks range
  access-list dmz_access_in extended permit tcp object-group DM_INLINE_NETWORK_7 host 192.168.100.5 range 55333 55337
  access-list dmz_access_in extended permit udp object-group DM_INLINE_NETWORK_8 host 192.168.100.5 eq 1434
  access-list dmz_access_in extended permit tcp object-group DM_INLINE_NETWORK_9 host 192.168.100.5 eq 49398
  access-list dmz_access_in remark QB
  access-list dmz_access_in extended permit tcp object-group DM_INLINE_NETWORK_10 host 192.168.100.5 eq 8019
  access-list dmz_access_in extended permit udp object-group DM_INLINE_NETWORK_2 host 192.168.100.5 eq 2638
  access-list dmz_access_in extended permit udp object-group DM_INLINE_NETWORK_11 host 192.168.100.5 object-group Netbios
  access-list dmz_access_in extended permit tcp object-group DM_INLINE_NETWORK_3 host 192.168.100.5 object-group Netbios_TCP
  access-list dmz_access_in extended deny ip host 192.168.9.4 host 192.168.100.5 inactive
  access-list dmz_access_in extended permit udp object-group DM_INLINE_NETWORK_4 any
  access-list dmz_access_in extended permit tcp object-group DM_INLINE_NETWORK_5 any
  access-list dmz_access_in remark Printer
  access-list dmz_access_in extended permit ip 192.168.9.0 255.255.255.0 object-group DM_INLINE_NETWORK_1
  access-list dmz_access_in extended permit tcp 192.168.9.0 255.255.255.0 any object-group Web_Services
  access-list dmz_access_in extended permit udp 192.168.9.0 255.255.255.0 any eq domain
  access-list dmz_access_in extended permit icmp 192.168.9.0 255.255.255.0 192.168.255.0 255.255.255.0 echo-reply
  access-list dmz_access_in extended permit icmp 192.168.9.0 255.255.255.0 192.168.100.0 255.255.255.0 echo-reply log disable
  access-list dmz_access_in remark QB probably does not need any udp
  access-list dmz_access_in extended permit udp host 192.168.9.4 host 192.168.100.5 eq 55333 inactive
  access-list dmz_access_in remark QB included in other rule range
  access-list dmz_access_in extended permit tcp host 192.168.9.4 host 192.168.100.5 eq 55333 inactive
  access-list dmz_access_in remark May be required for Quickbooks
  access-list dmz_access_in extended permit icmp host 192.168.9.4 host 192.168.100.5
  access-list CAD_capture extended permit ip host 192.168.9.4 host 192.168.100.5
  access-list CAD_capture extended permit ip host 192.168.100.5 host 192.168.9.4
  access-list inside_nat0_outbound extended permit ip any 192.168.255.0 255.255.255.0
  access-list inside_nat0_outbound extended permit ip any 192.168.255.0 255.255.255.240
  access-list inside_nat0_outbound extended permit ip any 172.16.10.0 255.255.255.240
  access-list inside_nat0_outbound extended permit ip any 172.16.20.0 255.255.255.240
  access-list cad_supplies_RAVPN_splitTunnelAcl standard permit 192.168.100.0 255.255.255.0
  access-list cad_supplies_RAVPN_splitTunnelAcl standard permit 192.168.9.0 255.255.255.0
  access-list dmz_nat0_outbound extended permit ip any 192.168.255.0 255.255.255.0
  access-list outside_cable_access_in extended permit icmp any host 50.84.96.182
  access-list outside_cable_access_in extended permit tcp any host 50.84.96.182 eq ftp
  access-list outside_cable_access_in extended permit tcp any host 50.84.96.182 eq ftp-data
  access-list outside_cable_access_in extended permit tcp any host 50.84.96.183 eq www
  access-list outside_cable_access_in extended permit tcp any host 50.84.96.183 eq https
  access-list outside_cable_access_in extended permit tcp any host 50.84.96.180 eq www
  access-list outside_cable_access_in extended permit tcp any host 50.84.96.180 eq https
  access-list outside_cable_access_in extended permit tcp any host 50.84.96.181 eq www
  access-list outside_cable_access_in extended permit tcp any host 50.84.96.181 eq https
  access-list outside_cable_access_in extended permit tcp any host 50.84.96.179 eq www
  access-list outside_cable_access_in extended permit tcp any host 50.84.96.179 eq https
  access-list Local_LAN_Access standard permit host 0.0.0.0
  access-list vpnusers_spitTunnelACL extended permit ip 192.168.100.0 255.255.255.0 any
  access-list nonat-in extended permit ip 192.168.100.0 255.255.255.0 172.16.20.0 255.255.255.0
  pager lines 24
  logging enable
  logging buffered informational
  logging asdm informational
  mtu inside 1500
  mtu outside 1500
  mtu dmz 1500 
  mtu outside_cable 1500
  ip local pool VPN_IP_range 192.168.255.1-192.168.255.10 mask 255.255.255.0
  ip local pool VPN_Phone 172.16.20.1-172.16.20.10 mask 255.255.255.0
  no failover
  icmp unreachable rate-limit 1 burst-size 1
  no asdm history enable
  arp timeout 14400
  nat-control
  global (outside) 10 interface
  global (outside_cable) 10 interface
  nat (inside) 0 access-list nonat-in
  nat (inside) 10 0.0.0.0 0.0.0.0
  nat (dmz) 0 access-list dmz_nat0_outbound
  nat (dmz) 10 0.0.0.0 0.0.0.0
  static (inside,outside) 76.244.75.62 192.168.100.25 netmask 255.255.255.255 dns
  static (dmz,outside) 76.244.75.61 192.168.9.123 netmask 255.255.255.255 dns
  static (dmz,outside) 76.244.75.59 192.168.9.124 netmask 255.255.255.255 dns
  static (dmz,outside) 76.244.75.58 192.168.9.4 netmask 255.255.255.255 dns
  static (inside,dmz) 192.168.100.0 192.168.100.0 netmask 255.255.255.0
  static (dmz,outside) 76.244.75.60 192.168.9.10 netmask 255.255.255.255 dns
  static (inside,outside_cable) 50.84.96.183 192.168.100.25 netmask 255.255.255.255 dns
  static (dmz,outside_cable) 50.84.96.182 192.168.9.123 netmask 255.255.255.255 dns
  static (dmz,outside_cable) 50.84.96.180 192.168.9.124 netmask 255.255.255.255 dns
  static (dmz,outside_cable) 50.84.96.179 192.168.9.4 netmask 255.255.255.255 dns
  static (dmz,outside_cable) 50.84.96.181 192.168.9.10 netmask 255.255.255.255 dns
  access-group outside_access_in in interface outside
  access-group dmz_access_in in interface dmz
  access-group outside_cable_access_in in interface outside_cable
  route outside_cable 0.0.0.0 0.0.0.0 50.84.96.177 1
  timeout xlate 3:00:00
  timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
  timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
  timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
  timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
  timeout tcp-proxy-reassembly 0:01:00
  dynamic-access-policy-record DfltAccessPolicy
  http server enable
  http 192.168.1.0 255.255.255.0 inside
  http 192.168.100.0 255.255.255.0 inside
  http 204.107.173.0 255.255.255.0 outside
  http 204.107.173.0 255.255.255.0 outside_cable
  http 0.0.0.0 0.0.0.0 outside_cable
  no snmp-server location
  no snmp-server contact
  snmp-server enable traps snmp authentication linkup linkdown coldstart
  crypto ipsec transform-set TRANS_ESP_3DES_SHA esp-3des esp-sha-hmac
  crypto ipsec transform-set TRANS_ESP_3DES_SHA mode transport
  crypto ipsec transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac
  crypto ipsec transform-set ESP-DES-SHA esp-des esp-sha-hmac
  crypto ipsec transform-set ESP-DES-MD5 esp-des esp-md5-hmac
  crypto ipsec transform-set ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac
  crypto ipsec transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac
  crypto ipsec transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac
  crypto ipsec transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac
  crypto ipsec transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac
  crypto ipsec transform-set ESP-AES-128-MD5 esp-aes esp-md5-hmac
  crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
  crypto ipsec security-association lifetime seconds 28800
  crypto ipsec security-association lifetime kilobytes 4608000
  crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set pfs
  crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA ESP-3DES-MD5 ESP-DES-SHA ESP-DES-MD5
  crypto map outside_cable_map 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP
  crypto map outside_cable_map interface outside_cable
  crypto map outside_map 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP
  crypto map outside_map interface outside
  crypto map inside_map 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP
  crypto map inside_map interface inside
  crypto isakmp enable inside
  crypto isakmp enable outside
  crypto isakmp enable outside_cable
  crypto isakmp policy 10
  authentication pre-share
  encryption 3des
  hash sha
  group 2
  lifetime 86400
  crypto isakmp policy 30
  authentication pre-share
  encryption 3des
  hash md5
  group 2
  lifetime 86400
  telnet 192.168.100.0 255.255.255.0 inside
  telnet timeout 5
  ssh 192.168.100.0 255.255.255.0 inside
  ssh 204.107.173.0 255.255.255.0 outside
  ssh 204.107.173.0 255.255.255.0 outside_cable
  ssh 0.0.0.0 0.0.0.0 outside_cable
  ssh timeout 15
  console timeout 0
  vpdn group dataDSL request dialout pppoe
  vpdn group dataDSL localname [email protected]
  vpdn group dataDSL ppp authentication pap
  vpdn username [email protected] password *********
  dhcpd address 192.168.100.30-192.168.100.99 inside
  dhcpd dns 192.168.100.5 68.94.156.1 interface inside
  threat-detection basic-threat
  threat-detection statistics port
  threat-detection statistics protocol
  threat-detection statistics access-list
  threat-detection statistics tcp-intercept rate-interval 30 burst-rate 400 average-rate 200
  webvpn
  group-policy DefaultRAGroup internal
  group-policy DefaultRAGroup attributes
  dns-server value 192.168.100.5
  vpn-tunnel-protocol IPSec l2tp-ipsec
  group-policy cad_supplies_RAVPN internal
  group-policy cad_supplies_RAVPN attributes
  vpn-tunnel-protocol IPSec
  split-tunnel-policy tunnelspecified
  split-tunnel-network-list value cad_supplies_RAVPN_splitTunnelAcl
  group-policy VPNPHONE internal
  group-policy VPNPHONE attributes
  dns-server value 192.168.100.5
  vpn-tunnel-protocol IPSec
  split-tunnel-policy excludespecified
  split-tunnel-network-list value Local_LAN_Access
  client-firewall none
  client-access-rule none
  username swinc password BlhBNWfh7XoeHcQC encrypted
  username swinc attributes
  vpn-group-policy cad_supplies_RAVPN
  username meredithp password L3lRjzwb7TnwOyZ1 encrypted
  username meredithp attributes
  vpn-group-policy cad_supplies_RAVPN
  service-type remote-access
  username ipphone1 password LOjpmeIOshVdCSOU encrypted privilege 0
  username ipphone1 attributes
  vpn-group-policy VPNPHONE
  username ipphone2 password LOjpmeIOshVdCSOU encrypted privilege 0
  username ipphone2 attributes
  vpn-group-policy VPNPHONE
  username ipphone3 password LOjpmeIOshVdCSOU encrypted privilege 0
  username ipphone3 attributes
  vpn-group-policy VPNPHONE
  username oethera password WKJxJq7L6wmktFNt encrypted
  username oethera attributes
  vpn-group-policy cad_supplies_RAVPN
  service-type remote-access
  username markh password nqH+bk6vj0fR83ai0SAxkg== nt-encrypted
  username markh attributes
  vpn-group-policy cad_supplies_RAVPN
  tunnel-group DefaultRAGroup general-attributes
  default-group-policy DefaultRAGroup
  tunnel-group DefaultRAGroup ipsec-attributes
  pre-shared-key *
  tunnel-group DefaultRAGroup ppp-attributes
  authentication ms-chap-v2
  tunnel-group cad_supplies_RAVPN type remote-access
  tunnel-group cad_supplies_RAVPN general-attributes
  address-pool VPN_IP_range
  default-group-policy cad_supplies_RAVPN
  tunnel-group cad_supplies_RAVPN ipsec-attributes
  pre-shared-key *
  tunnel-group VPNPHONE type remote-access
  tunnel-group VPNPHONE general-attributes
  address-pool VPN_Phone
  default-group-policy VPNPHONE
  tunnel-group VPNPHONE ipsec-attributes
  pre-shared-key *
  class-map inspection_default
  match default-inspection-traffic
  policy-map type inspect dns preset_dns_map
  parameters
    message-length maximum 1500
  policy-map global_policy
  class inspection_default
    inspect dns preset_dns_map
    inspect ftp
    inspect h323 h225
    inspect h323 ras
    inspect rsh
    inspect rtsp
    inspect sqlnet
    inspect skinny 
    inspect sunrpc
    inspect xdmcp
    inspect sip 
    inspect netbios
    inspect tftp
  service-policy global_policy global
  prompt hostname context
  Cryptochecksum:8b25ecc61861a2baa6d2556a3679cc7c
  : end

  Hi,
  You have your "group-policy" set so that you have excluding some networks from being tunneled.
  In this access-list named Local_LAN_Access you specify "0.0.0.0"
  Doesnt this mean you are excluding all networks from being tunneled? In other words no traffic goes to your tunnel.
  This access-list should only contain your local LAN network from where you are connecting with the VPN Client. If you dont need to access anything on your local LAN while having the VPN on, you don't even need this setting on. You could just tunnel all traffic instead of excluding some networks.
  - Jouni

• SCCM 2012 R2 site server client installation error: The client version 5.00.7958.1000 does not match the MP version 5.00.7804.1000.

  Hello,
  When I try to install the client on the site server itself it gives me this error message and fails the ccmsetup. I only have this on the site server. Clients to other servers and computers are pushed fine. If I check the version of the MP it says 5.00.7958.1000
  in ADSI. I removed the MP object in CN=System, CN=System Management. Waited for it to be regenerated automatically by SCCM but the installation doesn't work still.
  I tried to install with several methods including directly from ccmsetup.exe in ccmsetup folder, pushing by sccm itself, running from commandline, ...
  I run SCCM 2012 R2 on Windows Server 2008 R2 and the database on SQL 2008 on Server 2008 R2
  Below you find the ccmsetup.log:
  <![LOG[==========[ ccmsetup started in process 5072 ]==========]LOG]!><time="07:29:25.392-120" date="04-17-2014" component="ccmsetup" context="" type="1" thread="7532" file="ccmsetup.cpp:9437">
  <![LOG[Running on platform X64]LOG]!><time="07:29:25.393-120" date="04-17-2014" component="ccmsetup" context="" type="1" thread="7532" file="util.cpp:1837">
  <![LOG[Updated security on object C:\Windows\ccmsetup\cache\.]LOG]!><time="07:29:25.394-120" date="04-17-2014" component="ccmsetup" context="" type="0" thread="7532" file="ccmsetup.cpp:9281">
  <![LOG[Launch from folder C:\Windows\ccmsetup\]LOG]!><time="07:29:25.394-120" date="04-17-2014" component="ccmsetup" context="" type="1" thread="7532" file="ccmsetup.cpp:721">
  <![LOG[CcmSetup version: 5.0.7958.1000]LOG]!><time="07:29:25.395-120" date="04-17-2014" component="ccmsetup" context="" type="1" thread="7532" file="ccmsetup.cpp:727">
  <![LOG[In ServiceMain]LOG]!><time="07:29:25.397-120" date="04-17-2014" component="ccmsetup" context="" type="0" thread="2724" file="ccmsetup.cpp:3365">
  <![LOG[Running on 'Microsoft Windows Server 2008 R2 Enterprise ' (6.1.7601). Service Pack (1.0). SuiteMask = 274. Product Type = 18]LOG]!><time="07:29:25.490-120" date="04-17-2014" component="ccmsetup" context="" type="1" thread="2724" file="util.cpp:1919">
  <![LOG[Ccmsetup command line: "C:\Windows\ccmsetup\ccmsetup.exe" /runservice /config:MobileClient.tcf]LOG]!><time="07:29:25.491-120" date="04-17-2014" component="ccmsetup" context="" type="1" thread="2724" file="ccmsetup.cpp:3590">
  <![LOG[Command line parameters for ccmsetup have been specified. No registry lookup for command line parameters is required.]LOG]!><time="07:29:25.491-120" date="04-17-2014" component="ccmsetup" context="" type="1" thread="2724" file="ccmsetup.cpp:3775">
  <![LOG[Command line: "C:\Windows\ccmsetup\ccmsetup.exe" /runservice /config:MobileClient.tcf]LOG]!><time="07:29:25.491-120" date="04-17-2014" component="ccmsetup" context="" type="1" thread="2724" file="ccmsetup.cpp:3776">
  <![LOG[SslState value: 224]LOG]!><time="07:29:25.499-120" date="04-17-2014" component="ccmsetup" context="" type="0" thread="2724" file="ccmsetup.cpp:4425">
  <![LOG[CCMHTTPPORT: 80]LOG]!><time="07:29:25.511-120" date="04-17-2014" component="ccmsetup" context="" type="1" thread="2724" file="ccmsetup.cpp:8617">
  <![LOG[CCMHTTPSPORT: 443]LOG]!><time="07:29:25.511-120" date="04-17-2014" component="ccmsetup" context="" type="1" thread="2724" file="ccmsetup.cpp:8632">
  <![LOG[CCMHTTPSSTATE: 224]LOG]!><time="07:29:25.511-120" date="04-17-2014" component="ccmsetup" context="" type="1" thread="2724" file="ccmsetup.cpp:8650">
  <![LOG[CCMHTTPSCERTNAME: ]LOG]!><time="07:29:25.511-120" date="04-17-2014" component="ccmsetup" context="" type="1" thread="2724" file="ccmsetup.cpp:8668">
  <![LOG[FSP: SCCMSRV-02]LOG]!><time="07:29:25.511-120" date="04-17-2014" component="ccmsetup" context="" type="1" thread="2724" file="ccmsetup.cpp:8720">
  <![LOG[CCMFIRSTCERT: 1]LOG]!><time="07:29:25.511-120" date="04-17-2014" component="ccmsetup" context="" type="1" thread="2724" file="ccmsetup.cpp:8778">
  <![LOG[Config file: C:\Windows\ccmsetup\MobileClientUnicode.tcf]LOG]!><time="07:29:25.513-120" date="04-17-2014" component="ccmsetup" context="" type="1" thread="2724" file="ccmsetup.cpp:4539">
  <![LOG[Retry time: 10 minute(s)]LOG]!><time="07:29:25.513-120" date="04-17-2014" component="ccmsetup" context="" type="1" thread="2724" file="ccmsetup.cpp:4540">
  <![LOG[MSI log file: C:\Windows\ccmsetup\Logs\client.msi.log]LOG]!><time="07:29:25.513-120" date="04-17-2014" component="ccmsetup" context="" type="1" thread="2724" file="ccmsetup.cpp:4541">
  <![LOG[MSI properties: INSTALL="ALL" SMSSITECODE="ZAV" FSP="SCCMSRV-02" DISABLESITEOPT="TRUE" SMSCACHEDIR="CACHE" SMSCACHEFLAGS="MAXDRIVE" SMSCACHESIZE="20000" CCMHTTPPORT="80" CCMHTTPSPORT="443" CCMHTTPSSTATE="224" CCMFIRSTCERT="1"]LOG]!><time="07:29:25.514-120" date="04-17-2014" component="ccmsetup" context="" type="1" thread="2724" file="ccmsetup.cpp:4542">
  <![LOG[Source List:]LOG]!><time="07:29:25.514-120" date="04-17-2014" component="ccmsetup" context="" type="1" thread="2724" file="ccmsetup.cpp:4550">
  <![LOG[ \\SCCMSRV-02.snba.be\SMSClient]LOG]!><time="07:29:25.514-120" date="04-17-2014" component="ccmsetup" context="" type="1" thread="2724" file="ccmsetup.cpp:4557">
  <![LOG[ \\SCCMSRV-02.SNBA.BE\SMSClient]LOG]!><time="07:29:25.514-120" date="04-17-2014" component="ccmsetup" context="" type="1" thread="2724" file="ccmsetup.cpp:4566">
  <![LOG[MPs:]LOG]!><time="07:29:25.514-120" date="04-17-2014" component="ccmsetup" context="" type="1" thread="2724" file="ccmsetup.cpp:4569">
  <![LOG[ SCCMSRV-02.snba.be]LOG]!><time="07:29:25.514-120" date="04-17-2014" component="ccmsetup" context="" type="1" thread="2724" file="ccmsetup.cpp:4584">
  <![LOG[No version of the client is currently detected.]LOG]!><time="07:29:25.520-120" date="04-17-2014" component="ccmsetup" context="" type="1" thread="2724" file="ccmsetup.cpp:2748">
  <![LOG[Task 'Configuration Manager Client Retry Task' does not exist]LOG]!><time="07:29:25.525-120" date="04-17-2014" component="ccmsetup" context="" type="0" thread="2724" file="wintask.cpp:634">
  <![LOG[Updated security on object C:\Windows\ccmsetup\.]LOG]!><time="07:29:25.529-120" date="04-17-2014" component="ccmsetup" context="" type="0" thread="2724" file="ccmsetup.cpp:9281">
  <![LOG[Sending Fallback Status Point message to 'SCCMSRV-02', STATEID='100'.]LOG]!><time="07:29:25.530-120" date="04-17-2014" component="ccmsetup" context="" type="1" thread="2724" file="ccmsetup.cpp:9756">
  <![LOG[Failed to get client version for sending messages to FSP. Error 0x80041010]LOG]!><time="07:29:25.534-120" date="04-17-2014" component="ccmsetup" context="" type="2" thread="2724" file="ccmsetup.cpp:9838">
  <![LOG[Params to send FSP message '5.0.7958.1000 Deployment ']LOG]!><time="07:29:25.535-120" date="04-17-2014" component="ccmsetup" context="" type="0" thread="2724" file="ccmsetup.cpp:9887">
  <![LOG[State message with TopicType 800 and TopicId {C6441082-A993-4410-9F89-D4CCB6624ED0} has been sent to the FSP]LOG]!><time="07:29:25.676-120" date="04-17-2014" component="FSPStateMessage" context="" type="1" thread="2724" file="fsputillib.cpp:752">
  <![LOG[Running as user "SYSTEM"]LOG]!><time="07:29:25.693-120" date="04-17-2014" component="ccmsetup" context="" type="1" thread="2724" file="ccmsetup.cpp:1995">
  <![LOG[Detected 20167 MB free disk space on system drive.]LOG]!><time="07:29:25.693-120" date="04-17-2014" component="ccmsetup" context="" type="1" thread="2724" file="util.cpp:628">
  <![LOG[Checking Write Filter Status.]LOG]!><time="07:29:25.694-120" date="04-17-2014" component="ccmsetup" context="" type="1" thread="2724" file="ccmsetup.cpp:2024">
  <![LOG[This is not a supported write filter device. We are not in a write filter maintenance mode.]LOG]!><time="07:29:25.694-120" date="04-17-2014" component="ccmsetup" context="" type="1" thread="2724" file="ccmsetup.cpp:2051">
  <![LOG[Performing AD query: '(&(ObjectCategory=mSSMSManagementPoint)(mSSMSDefaultMP=TRUE)(mSSMSSiteCode=ZAV))']LOG]!><time="07:29:25.716-120" date="04-17-2014" component="ccmsetup" context="" type="0" thread="2724" file="lsad.cpp:656">
  <![LOG[OperationalXml '<ClientOperationalSettings><Version>5.00.7958.1000</Version><SecurityConfiguration><SecurityModeMask>0</SecurityModeMask><SecurityModeMaskEx>224</SecurityModeMaskEx><HTTPPort>80</HTTPPort><HTTPSPort>443</HTTPSPort><CertificateStoreName></CertificateStoreName><CertificateIssuers></CertificateIssuers><CertificateSelectionCriteria></CertificateSelectionCriteria><CertificateSelectFirstFlag>1</CertificateSelectFirstFlag><SiteSigningCert>308202EF308201D7A00302010202102F8856AD510DC3AB4F4908160FC3185E300D06092A864886F70D01010B05003016311430120603550403130B53697465205365727665723020170D3133303830373134323233325A180F32313133303731353134323233325A3016311430120603550403130B536974652053657276657230820122300D06092A864886F70D01010105000382010F003082010A0282010100DDAAEB161F4ACB759E0E56C6F784F3BEDD4DA0303B40657298A41D7F9714E112CC80272A238E605DADD2D409658211D40590BD92D0DFE4E50E8F5AF482BF747E8D00636C41F7F939EF53FA6581B173A15BE25BC24DB9E3620D78612650415DF862AFA17F75128A601A011358B27CFB9989EEBD128485F167A5E378A0A3A106DEE3DD6CE7C5804B0BA3724C4455D2EA8D646B47D989AFC7D2BACC6AD0E62FA0D6B338C2CD3B5879B4794F5D29A89ADC93489E43237E4C3BA30F645F4E4FE0E3B562ABCFC73F52C33B7D179DD10888D2EB00F6F4E121009F1CB80BCF4FA0F5CAA5BA167AE7DC0A767BC3C9031A95A42C791B100D7F15144B4FE5AC104C2BEB3EAB0203010001A3373035301D0603551D110416301482125343434D5352562D30322E736E62612E626530140603551D25040D300B06092B060104018237650B300D06092A864886F70D01010B050003820101004802B9C3A3A9EA0DB5C6624F9152C60CA38F2857691234B5FE13DDED32DB3BADF4C847F5EA097DB9918537F40A94D56A06364775E62B9F75C51189BC510EE8F2848B264C41A4E941C9CD996BEF70B9F72345BEB05F39B87BF88B3A461333BD61CD50E6E16B15709D58B78A7B385E914DF2C7949AA5BEEFC8199D69CD6DCA312DBCFE64AC43D6F13B80FED4967447532E1A65F5E0588CA7246B417DD8530E28E3DAD170F71C00B6D79645EC49332CD9F8815DB65AAB441E6C41F72C37F432E5B5E23065B6D308486C398F340B1FF2361F3C342A50EA9A02D01138BACEDCFA0E7FAA681C1FC6157797171A0593EA0ACE0BD7BBBEB26E2F34FFD461210C76669FE1</SiteSigningCert></SecurityConfiguration><RootSiteCode>ZAV</RootSiteCode><CCM> <CommandLine>SMSSITECODE=ZAV FSP=SCCMSRV-02 DISABLESITEOPT=True SMSCACHEDIR=Cache SMSCACHEFLAGS=MAXDRIVE SMSCACHESIZE=20000</CommandLine> </CCM><FSP> <FSPServer>SCCMSRV-02.snba.be</FSPServer> </FSP><Capabilities SchemaVersion ="1.0"><Property Name="SSLState" Value="0" /></Capabilities><Domain Value="snba.be" /><Forest Value="snba.be" /></ClientOperationalSettings>']LOG]!><time="07:29:26.401-120" date="04-17-2014" component="ccmsetup" context="" type="0" thread="2724" file="lsadcache.cpp:236">
  <![LOG[HTTP is selected for Client. The current state is 0.]LOG]!><time="07:29:26.403-120" date="04-17-2014" component="ccmsetup" context="" type="1" thread="2724" file="ccmutillib.cpp:420">
  <![LOG[The MP name retrieved is 'SCCMSRV-02.snba.be' with version '7958' and capabilities '<Capabilities SchemaVersion="1.0"><Property Name="SSLState" Value="0"/></Capabilities>']LOG]!><time="07:29:26.404-120" date="04-17-2014" component="ccmsetup" context="" type="1" thread="2724" file="lsadcache.cpp:334">
  <![LOG[MP 'SCCMSRV-02.snba.be' is compatible]LOG]!><time="07:29:26.404-120" date="04-17-2014" component="ccmsetup" context="" type="1" thread="2724" file="lsadcache.cpp:339">
  <![LOG[Retrieved 1 MP records from AD for site 'ZAV']LOG]!><time="07:29:26.404-120" date="04-17-2014" component="ccmsetup" context="" type="0" thread="2724" file="lsadcache.cpp:287">
  <![LOG[Retrived site version '5.00.7958.1000' from AD for site 'ZAV']LOG]!><time="07:29:26.405-120" date="04-17-2014" component="ccmsetup" context="" type="1" thread="2724" file="siteinfo.cpp:575">
  <![LOG[SiteCode: ZAV]LOG]!><time="07:29:26.405-120" date="04-17-2014" component="ccmsetup" context="" type="1" thread="2724" file="ccmsetup.cpp:2076">
  <![LOG[SiteVersion: 5.00.7958.1000]LOG]!><time="07:29:26.406-120" date="04-17-2014" component="ccmsetup" context="" type="1" thread="2724" file="ccmsetup.cpp:2077">
  <![LOG[Ccmsetup is being restarted due to an administrative action. Installation files will be reset and downloaded again.]LOG]!><time="07:29:26.406-120" date="04-17-2014" component="ccmsetup" context="" type="1" thread="2724" file="ccmsetup.cpp:2111">
  <![LOG[Deleted file C:\Windows\ccmsetup\client.msi]LOG]!><time="07:29:26.413-120" date="04-17-2014" component="ccmsetup" context="" type="1" thread="2724" file="ccmsetup.cpp:9493">
  <![LOG[Only one MP SCCMSRV-02.snba.be is specified. Use it.]LOG]!><time="07:29:26.414-120" date="04-17-2014" component="ccmsetup" context="" type="1" thread="2724" file="ccmsetup.cpp:10080">
  <![LOG[Searching for DP locations from MP(s)...]LOG]!><time="07:29:26.414-120" date="04-17-2014" component="ccmsetup" context="" type="1" thread="2724" file="ccmsetup.cpp:11018">
  <![LOG[Current AD site of machine is DAT]LOG]!><time="07:29:26.415-120" date="04-17-2014" component="LocationServices" context="" type="1" thread="2724" file="lsad.cpp:770">
  <![LOG[Local Machine is joined to an AD domain]LOG]!><time="07:29:26.415-120" date="04-17-2014" component="LocationServices" context="" type="0" thread="2724" file="lsad.cpp:714">
  <![LOG[Current AD forest name is snba.be, domain name is snba.be]LOG]!><time="07:29:26.419-120" date="04-17-2014" component="LocationServices" context="" type="1" thread="2724" file="lsad.cpp:842">
  <![LOG[DhcpGetOriginalSubnetMask entry point is supported.]LOG]!><time="07:29:26.424-120" date="04-17-2014" component="LocationServices" context="" type="0" thread="2724" file="ccmiputil.cpp:117">
  <![LOG[Begin checking Alternate Network Configuration]LOG]!><time="07:29:26.424-120" date="04-17-2014" component="LocationServices" context="" type="0" thread="2724" file="ccmiputil.cpp:1095">
  <![LOG[Finished checking Alternate Network Configuration]LOG]!><time="07:29:26.433-120" date="04-17-2014" component="LocationServices" context="" type="0" thread="2724" file="ccmiputil.cpp:1172">
  <![LOG[Sending message body '<ContentLocationRequest SchemaVersion="1.00">
  <AssignedSite SiteCode="ZAV"/>
  <ClientPackage/>
  <ClientLocationInfo LocationType="SMSPACKAGE" DistributeOnDemand="0" UseProtected="0" AllowCaching="0" BranchDPFlags="0" AllowHTTP="1" AllowSMB="0" AllowMulticast="0" UseInternetDP="0">
  <ADSite Name="DAT"/>
  <Forest Name="snba.be"/>
  <Domain Name="snba.be"/>
  <IPAddresses>
  <IPAddress SubnetAddress="172.31.20.0" Address="172.31.20.101"/>
  <IPAddress SubnetAddress="172.31.105.0" Address="172.31.105.17"/>
  <IPAddress SubnetAddress="172.31.109.0" Address="172.31.109.135"/>
  </IPAddresses>
  </ClientLocationInfo>
  </ContentLocationRequest>
  ']LOG]!><time="07:29:26.441-120" date="04-17-2014" component="ccmsetup" context="" type="0" thread="2724" file="siteinfo.cpp:96">
  <![LOG[Sending message header '<Msg SchemaVersion="1.1"><ID>{76CC1A6C-D696-4C32-82D6-4F56FCA9E926}</ID><SourceHost>SCCMSRV-02</SourceHost><TargetAddress>mp:[http]MP_LocationManager</TargetAddress><ReplyTo>direct:SCCMSRV-02:LS_ReplyLocations</ReplyTo><Priority>3</Priority><Timeout>600</Timeout><ReqVersion>5931</ReqVersion><TargetHost>SCCMSRV-02.snba.be</TargetHost><TargetEndpoint>MP_LocationManager</TargetEndpoint><ReplyMode>Sync</ReplyMode><Protocol>http</Protocol><SentTime>2014-04-17T05:29:26Z</SentTime><Body Type="ByteRange" Offset="0" Length="1338"/><Hooks><Hook3 Name="zlib-compress"/></Hooks><Payload Type="inline"/></Msg>']LOG]!><time="07:29:26.441-120" date="04-17-2014" component="ccmsetup" context="" type="0" thread="2724" file="siteinfo.cpp:177">
  <![LOG[CCM_POST 'HTTP://SCCMSRV-02.snba.be/ccm_system/request']LOG]!><time="07:29:26.442-120" date="04-17-2014" component="ccmsetup" context="" type="1" thread="2724" file="httphelper.cpp:807">
  <![LOG[Content boundary is '--aAbBcCdDv1234567890VxXyYzZ']LOG]!><time="07:29:27.999-120" date="04-17-2014" component="ccmsetup" context="" type="0" thread="2724" file="httphelper.cpp:1972">
  <![LOG[Received header '<Msg SchemaVersion="1.1">
  <ID>{431A4120-7DA1-4EF2-8A6C-2EDEF4D9E169}</ID>
  <SourceID>GUID:1C3F455F-F166-4B50-BE8E-68FD4F565096</SourceID>
  <SourceHost>SCCMSRV-02</SourceHost>
  <TargetAddress>direct:SCCMSRV-02:LS_ReplyLocations</TargetAddress>
  <ReplyTo>MP_LocationManager</ReplyTo>
  <CorrelationID>{00000000-0000-0000-0000-000000000000}</CorrelationID>
  <Priority>3</Priority>
  <Timeout>600</Timeout>
  <TargetHost>SCCMSRV-02</TargetHost><TargetEndpoint>LS_ReplyLocations</TargetEndpoint><ReplyMode>Sync</ReplyMode><Protocol>http</Protocol><SentTime>2014-04-17T05:29:27Z</SentTime><Body Type="ByteRange" Offset="0" Length="2504"/><Hooks><Hook3 Name="zlib-compress"/><Hook Name="authenticate"><Property Name="Signature">3082019206092A864886F70D010702A08201833082017F020101310B300906052B0E03021A0500300B06092A864886F70D0107013182015E3082015A02010130373023311330110603550403130A5343434D5352562D3032310C300A06035504031303534D5302104BA58C43C476A39E491A7F539E935ED8300906052B0E03021A0500300D06092A864886F70D010101050004820100B7018B6C14F24335592C864FDFAC6E038A9B2AC9AF3819C692F3DE515F97BF701A47E8595CE6CAD80F209EFFF3B1009F5AE60858FA6839B32C36FF9514D291895613A1A447C27E2BB8B05D71775FF770FF962DCC98AD3FC0DE0D45DD6BC16C9BAB0F697EF098FFC99228E26C52E661D3F6C929FEF527383DEBFA9C15027C58BAF8A7FFE4205C0198A9163E86535716E344D5012887A6AD8F563F2528DE6BD62BF2BF20DFDA4DA061EF57E755178827DAD0CB6CFC65FF4AB235E5EAAFBA565DC1B6E4AE7C093199B95CFE792F5FA6D0625D0938DC4EAF1BE70E708864B1E79B00FB32A1E6E37CF94FF54AC10C7FF994B5945E9CA1A3FA16B2F9D35462AFFAC001</Property><Property Name="AuthSenderMachine">SCCMSRV-02;SCCMSRV-02.snba.be;</Property><Property Name="MPSiteCode">ZAV</Property></Hook></Hooks><Payload Type="inline"/></Msg>']LOG]!><time="07:29:27.999-120" date="04-17-2014" component="ccmsetup" context="" type="0" thread="2724" file="httphelper.cpp:1724">
  <![LOG[Received reply body '<ContentLocationReply SchemaVersion="1.00"><ContentInfo PackageFlags="16777216"><ContentHashValues/></ContentInfo><Sites><Site><MPSite SiteCode="ZAV" MasterSiteCode="ZAV" SiteLocality="LOCAL" IISPreferedPort="80" IISSSLPreferedPort="443"/><LocationRecords><LocationRecord><URL Name="http://SCCMSRV-02.snba.be/SMS_DP_SMSPKG$/ZAV00114" Signature="http://SCCMSRV-02.snba.be/SMS_DP_SMSSIG$/ZAV00114"/><ADSite Name="DAT"/><IPSubnets><IPSubnet Address="172.31.20.0"/><IPSubnet Address="172.31.109.0"/><IPSubnet Address="172.31.105.0"/><IPSubnet Address=""/></IPSubnets><Metric Value=""/><Version>7958</Version><Capabilities SchemaVersion="1.0"><Property Name="SSLState" Value="0"/></Capabilities><ServerRemoteName>SCCMSRV-02.snba.be</ServerRemoteName><DPType>SERVER</DPType><Windows Trust="1"/><Locality>LOCAL</Locality></LocationRecord></LocationRecords></Site></Sites><ClientPackage FullPackageID="ZAV00114" FullPackageVersion="1" FullPackageHash="BFC11E099E8F451107B43E0DBEFD93B01DB2D6453DA74F8A2CB94B73D676C1CD" MinimumClientVersion="5.00.7958.1000" RandomizeMaxDays="7" ProgramEnabled="false" LastModifiedTime="30357216;2152392064" SiteVersionMatch="true" SiteVersion="5.00.7958.1000" EnablePeerCache="true"/><RelatedContentIDs/></ContentLocationReply>']LOG]!><time="07:29:28.000-120" date="04-17-2014" component="ccmsetup" context="" type="0" thread="2724" file="siteinfo.cpp:221">
  <![LOG[Found local location 'http://SCCMSRV-02.snba.be/SMS_DP_SMSPKG$/ZAV00114']LOG]!><time="07:29:28.001-120" date="04-17-2014" component="ccmsetup" context="" type="0" thread="2724" file="siteinfo.cpp:351">
  <![LOG[Discovered 1 local DP locations.]LOG]!><time="07:29:28.002-120" date="04-17-2014" component="ccmsetup" context="" type="1" thread="2724" file="ccmsetup.cpp:11153">
  <![LOG[PROPFIND 'http://SCCMSRV-02.snba.be/SMS_DP_SMSPKG$/ZAV00114']LOG]!><time="07:29:28.002-120" date="04-17-2014" component="ccmsetup" context="" type="1" thread="2724" file="httphelper.cpp:807">
  <![LOG[Using DP location http://SCCMSRV-02.snba.be/SMS_DP_SMSPKG$/ZAV00114]LOG]!><time="07:29:28.009-120" date="04-17-2014" component="ccmsetup" context="" type="1" thread="2724" file="ccmsetup.cpp:11395">
  <![LOG[GET 'http://SCCMSRV-02.snba.be/SMS_DP_SMSPKG$/ZAV00114/ccmsetup.cab']LOG]!><time="07:29:28.009-120" date="04-17-2014" component="ccmsetup" context="" type="1" thread="2724" file="httphelper.cpp:807">
  <![LOG[C:\Windows\ccmsetup\ccmsetup.cab is Microsoft trusted.]LOG]!><time="07:29:28.090-120" date="04-17-2014" component="ccmsetup" context="" type="1" thread="2724" file="util.cpp:1465">
  <![LOG[Successfully extracted manifest file C:\Windows\ccmsetup\ccmsetup.xml from file C:\Windows\ccmsetup\ccmsetup.cab.]LOG]!><time="07:29:28.101-120" date="04-17-2014" component="ccmsetup" context="" type="1" thread="2724" file="ccmsetup.cpp:6670">
  <![LOG[Retrieved client version '5.00.7958.1000' and minimum assignable site version '5.00.7845.1000' from manifest]LOG]!><time="07:29:28.104-120" date="04-17-2014" component="ccmsetup" context="" type="0" thread="2724" file="siteinfo.cpp:668">
  <![LOG[Checking compatibility of site version '5.00.7958.1000', expect newer than '5.00.7845.1000']LOG]!><time="07:29:28.104-120" date="04-17-2014" component="ccmsetup" context="" type="1" thread="2724" file="siteinfo.cpp:703">
  <![LOG[Site version '5.00.7958.1000' is compatible. Client deployment will continue.]LOG]!><time="07:29:28.104-120" date="04-17-2014" component="ccmsetup" context="" type="1" thread="2724" file="siteinfo.cpp:726">
  <![LOG[Location 'http://SCCMSRV-02.snba.be/SMS_DP_SMSPKG$/ZAV00114' passed site version check.]LOG]!><time="07:29:28.104-120" date="04-17-2014" component="ccmsetup" context="" type="1" thread="2724" file="ccmsetup.cpp:6809">
  <![LOG[Loading manifest file: C:\Windows\ccmsetup\ccmsetup.xml]LOG]!><time="07:29:28.104-120" date="04-17-2014" component="ccmsetup" context="" type="1" thread="2724" file="manifest.cpp:153">
  <![LOG[Successfully loaded ccmsetup manifest file.]LOG]!><time="07:29:28.106-120" date="04-17-2014" component="ccmsetup" context="" type="1" thread="2724" file="manifest.cpp:171">
  <![LOG[Checking if manifest version '5.00.7958.1000' is newer than the ccmsetup version '5.0.7958.1000']LOG]!><time="07:29:28.106-120" date="04-17-2014" component="ccmsetup" context="" type="1" thread="2724" file="ccmsetup.cpp:10475">
  <![LOG[Running from temp downloaded folder or manifest is not newer than ccmsetup.]LOG]!><time="07:29:28.107-120" date="04-17-2014" component="ccmsetup" context="" type="1" thread="2724" file="ccmsetup.cpp:2213">
  <![LOG[Item 'i386/vcredist_x86.exe' is applicable. Add to the list.]LOG]!><time="07:29:28.212-120" date="04-17-2014" component="ccmsetup" context="" type="1" thread="2724" file="manifest.cpp:343">
  <![LOG[Item 'x64/vcredist_x64.exe' is applicable. Add to the list.]LOG]!><time="07:29:28.269-120" date="04-17-2014" component="ccmsetup" context="" type="1" thread="2724" file="manifest.cpp:343">
  <![LOG[Item 'i386/vc50727_x86.exe' is not applicable.]LOG]!><time="07:29:28.269-120" date="04-17-2014" component="ccmsetup" context="" type="1" thread="2724" file="manifest.cpp:348">
  <![LOG[Item 'x64/vc50727_x64.exe' is applicable. Add to the list.]LOG]!><time="07:29:28.325-120" date="04-17-2014" component="ccmsetup" context="" type="1" thread="2724" file="manifest.cpp:343">
  <![LOG[Item 'i386/WindowsUpdateAgent30-x86.exe' is not applicable.]LOG]!><time="07:29:28.325-120" date="04-17-2014" component="ccmsetup" context="" type="1" thread="2724" file="manifest.cpp:348">
  <![LOG[Item 'x64/WindowsUpdateAgent30-x64.exe' is applicable. Add to the list.]LOG]!><time="07:29:28.380-120" date="04-17-2014" component="ccmsetup" context="" type="1" thread="2724" file="manifest.cpp:343">
  <![LOG[Item 'i386/msxml6.msi' is not applicable.]LOG]!><time="07:29:28.380-120" date="04-17-2014" component="ccmsetup" context="" type="1" thread="2724" file="manifest.cpp:348">
  <![LOG[Item 'x64/msxml6_x64.msi' is applicable. Add to the list.]LOG]!><time="07:29:28.433-120" date="04-17-2014" component="ccmsetup" context="" type="1" thread="2724" file="manifest.cpp:343">
  <![LOG[Item 'i386/msrdcoob_x86.exe' is not applicable.]LOG]!><time="07:29:28.433-120" date="04-17-2014" component="ccmsetup" context="" type="1" thread="2724" file="manifest.cpp:348">
  <![LOG[Item 'x64/msrdcoob_amd64.exe' is not applicable.]LOG]!><time="07:29:28.434-120" date="04-17-2014" component="ccmsetup" context="" type="1" thread="2724" file="manifest.cpp:348">
  <![LOG[Item 'pkgmgr.exe' is not applicable.]LOG]!><time="07:29:28.434-120" date="04-17-2014" component="ccmsetup" context="" type="1" thread="2724" file="manifest.cpp:348">
  <![LOG[Item 'dism.exe' is applicable. Add to the list.]LOG]!><time="07:29:28.504-120" date="04-17-2014" component="ccmsetup" context="" type="1" thread="2724" file="manifest.cpp:343">
  <![LOG[Item 'wimgapi.msi' is not applicable.]LOG]!><time="07:29:28.504-120" date="04-17-2014" component="ccmsetup" context="" type="1" thread="2724" file="manifest.cpp:348">
  <![LOG[Item 'i386/MicrosoftPolicyPlatformSetup.msi' is not applicable.]LOG]!><time="07:29:28.504-120" date="04-17-2014" component="ccmsetup" context="" type="1" thread="2724" file="manifest.cpp:348">
  <![LOG[Item 'x64/MicrosoftPolicyPlatformSetup.msi' is applicable. Add to the list.]LOG]!><time="07:29:28.560-120" date="04-17-2014" component="ccmsetup" context="" type="1" thread="2724" file="manifest.cpp:343">
  <![LOG[Item 'i386/WindowsFirewallConfigurationProvider.msi' is not applicable.]LOG]!><time="07:29:28.561-120" date="04-17-2014" component="ccmsetup" context="" type="1" thread="2724" file="manifest.cpp:348">
  <![LOG[Item 'x64/WindowsFirewallConfigurationProvider.msi' is applicable. Add to the list.]LOG]!><time="07:29:28.615-120" date="04-17-2014" component="ccmsetup" context="" type="1" thread="2724" file="manifest.cpp:343">
  <![LOG[Item 'i386/Silverlight.exe' is applicable. Add to the list.]LOG]!><time="07:29:28.670-120" date="04-17-2014" component="ccmsetup" context="" type="1" thread="2724" file="manifest.cpp:343">
  <![LOG[Item 'i386/wic_x86_enu.exe' is not applicable.]LOG]!><time="07:29:28.670-120" date="04-17-2014" component="ccmsetup" context="" type="1" thread="2724" file="manifest.cpp:348">
  <![LOG[Item 'x64/wic_x64_enu.exe' is not applicable.]LOG]!><time="07:29:28.670-120" date="04-17-2014" component="ccmsetup" context="" type="1" thread="2724" file="manifest.cpp:348">
  <![LOG[Item 'i386/dotNetFx40_Client_x86_x64.exe' is applicable. Add to the list.]LOG]!><time="07:29:28.723-120" date="04-17-2014" component="ccmsetup" context="" type="1" thread="2724" file="manifest.cpp:343">
  <![LOG[Item 'SCEPInstall.exe' is applicable. Add to the list.]LOG]!><time="07:29:28.779-120" date="04-17-2014" component="ccmsetup" context="" type="1" thread="2724" file="manifest.cpp:343">
  <![LOG[Item 'i386/client.msi' is not applicable.]LOG]!><time="07:29:28.779-120" date="04-17-2014" component="ccmsetup" context="" type="1" thread="2724" file="manifest.cpp:348">
  <![LOG[Item 'x64/client.msi' is applicable. Add to the list.]LOG]!><time="07:29:28.841-120" date="04-17-2014" component="ccmsetup" context="" type="1" thread="2724" file="manifest.cpp:343">
  <![LOG[Default CSP is Microsoft Enhanced RSA and AES Cryptographic Provider]LOG]!><time="07:29:28.842-120" date="04-17-2014" component="ccmsetup" context="" type="0" thread="2724" file="ccmutillib.cpp:1363">
  <![LOG[Default CSP Type is 24]LOG]!><time="07:29:28.842-120" date="04-17-2014" component="ccmsetup" context="" type="0" thread="2724" file="ccmutillib.cpp:1364">
  <![LOG[Discovering whether item 'i386/vcredist_x86.exe' exists.]LOG]!><time="07:29:28.842-120" date="04-17-2014" component="ccmsetup" context="" type="1" thread="2724" file="manifest.cpp:553">
  <![LOG[Detected item 'i386/vcredist_x86.exe']LOG]!><time="07:29:28.842-120" date="04-17-2014" component="ccmsetup" context="" type="1" thread="2724" file="manifest.cpp:614">
  <![LOG[Discovering whether item 'x64/vcredist_x64.exe' exists.]LOG]!><time="07:29:28.842-120" date="04-17-2014" component="ccmsetup" context="" type="1" thread="2724" file="manifest.cpp:553">
  <![LOG[Detected item 'x64/vcredist_x64.exe']LOG]!><time="07:29:28.843-120" date="04-17-2014" component="ccmsetup" context="" type="1" thread="2724" file="manifest.cpp:614">
  <![LOG[Discovering whether item 'x64/vc50727_x64.exe' exists.]LOG]!><time="07:29:28.843-120" date="04-17-2014" component="ccmsetup" context="" type="1" thread="2724" file="manifest.cpp:553">
  <![LOG[Upgrade code '{A8D19029-8E5C-4E22-8011-48070F9E796E}': product = '{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}', installed = 1, version = 8.0.61000]LOG]!><time="07:29:28.843-120" date="04-17-2014" component="ccmsetup" context="" type="0" thread="2724" file="msiutil.cpp:1273">
  <![LOG[Checking '{A8D19029-8E5C-4E22-8011-48070F9E796E}' version '8.0.61000' expecting >= '8.0.61000'.]LOG]!><time="07:29:28.844-120" date="04-17-2014" component="ccmsetup" context="" type="0" thread="2724" file="manifest.cpp:873">
  <![LOG[Detected item 'x64/vc50727_x64.exe']LOG]!><time="07:29:28.844-120" date="04-17-2014" component="ccmsetup" context="" type="1" thread="2724" file="manifest.cpp:614">
  <![LOG[Discovering whether item 'x64/WindowsUpdateAgent30-x64.exe' exists.]LOG]!><time="07:29:28.844-120" date="04-17-2014" component="ccmsetup" context="" type="1" thread="2724" file="manifest.cpp:553">
  <![LOG[Checking file 'C:\Windows\system32\wuapi.dll' version '7.6.7600.0256' expecting >= '7.4.7600.226'.]LOG]!><time="07:29:28.846-120" date="04-17-2014" component="ccmsetup" context="" type="0" thread="2724" file="manifest.cpp:1278">
  <![LOG[Detected item 'x64/WindowsUpdateAgent30-x64.exe']LOG]!><time="07:29:28.846-120" date="04-17-2014" component="ccmsetup" context="" type="1" thread="2724" file="manifest.cpp:614">
  <![LOG[Discovering whether item 'x64/msxml6_x64.msi' exists.]LOG]!><time="07:29:28.846-120" date="04-17-2014" component="ccmsetup" context="" type="1" thread="2724" file="manifest.cpp:553">
  <![LOG[Checking file 'C:\Windows\system32\msxml6.dll' version '6.30.7601.17857' expecting >= '6.10.1129.0'.]LOG]!><time="07:29:28.847-120" date="04-17-2014" component="ccmsetup" context="" type="0" thread="2724" file="manifest.cpp:1278">
  <![LOG[Detected item 'x64/msxml6_x64.msi']LOG]!><time="07:29:28.847-120" date="04-17-2014" component="ccmsetup" context="" type="1" thread="2724" file="manifest.cpp:614">
  <![LOG[Discovering whether item 'dism.exe' exists.]LOG]!><time="07:29:28.847-120" date="04-17-2014" component="ccmsetup" context="" type="1" thread="2724" file="manifest.cpp:553">
  <![LOG[File 'C:\Windows\system32\msrdc.dll' exists. Discovery passed]LOG]!><time="07:29:28.848-120" date="04-17-2014" component="ccmsetup" context="" type="0" thread="2724" file="manifest.cpp:1250">
  <![LOG[Detected item 'dism.exe']LOG]!><time="07:29:28.848-120" date="04-17-2014" component="ccmsetup" context="" type="1" thread="2724" file="manifest.cpp:614">
  <![LOG[Discovering whether item 'x64/MicrosoftPolicyPlatformSetup.msi' exists.]LOG]!><time="07:29:28.848-120" date="04-17-2014" component="ccmsetup" context="" type="1" thread="2724" file="manifest.cpp:553">
  <![LOG[Upgrade code '{19B9818B-7432-49E9-BC02-B126025EE235}': product = '{90D295B8-BA08-487E-B904-0E624209A410}', installed = 1, version = 1.2.3602.0]LOG]!><time="07:29:28.849-120" date="04-17-2014" component="ccmsetup" context="" type="0" thread="2724" file="msiutil.cpp:1273">
  <![LOG[Checking '{19B9818B-7432-49E9-BC02-B126025EE235}' version '1.2.3602.0' expecting >= '1.2.3602.0'.]LOG]!><time="07:29:28.849-120" date="04-17-2014" component="ccmsetup" context="" type="0" thread="2724" file="manifest.cpp:873">
  <![LOG[Detected item 'x64/MicrosoftPolicyPlatformSetup.msi']LOG]!><time="07:29:28.849-120" date="04-17-2014" component="ccmsetup" context="" type="1" thread="2724" file="manifest.cpp:614">
  <![LOG[Discovering whether item 'x64/WindowsFirewallConfigurationProvider.msi' exists.]LOG]!><time="07:29:28.849-120" date="04-17-2014" component="ccmsetup" context="" type="1" thread="2724" file="manifest.cpp:553">
  <![LOG[Validated file 'C:\Windows\ccmsetup\WindowsFirewallConfigurationProvider.msi' hash '3BF0651FD4A01170925CEF694468D4EF6F64D76FD3413DEBD14CB8DE019AA10E']LOG]!><time="07:29:28.868-120" date="04-17-2014" component="ccmsetup" context="" type="0" thread="2724" file="util.cpp:2609">
  <![LOG[File 'C:\Windows\ccmsetup\WindowsFirewallConfigurationProvider.msi' exists. Discovery passed]LOG]!><time="07:29:28.868-120" date="04-17-2014" component="ccmsetup" context="" type="0" thread="2724" file="manifest.cpp:1250">
  <![LOG[Detected item 'x64/WindowsFirewallConfigurationProvider.msi']LOG]!><time="07:29:28.868-120" date="04-17-2014" component="ccmsetup" context="" type="1" thread="2724" file="manifest.cpp:614">
  <![LOG[Discovering whether item 'i386/Silverlight.exe' exists.]LOG]!><time="07:29:28.869-120" date="04-17-2014" component="ccmsetup" context="" type="1" thread="2724" file="manifest.cpp:553">
  <![LOG[32-bit Hive selected]LOG]!><time="07:29:28.869-120" date="04-17-2014" component="ccmsetup" context="" type="1" thread="2724" file="manifest.cpp:948">
  <![LOG[Detected item 'i386/Silverlight.exe']LOG]!><time="07:29:28.869-120" date="04-17-2014" component="ccmsetup" context="" type="1" thread="2724" file="manifest.cpp:614">
  <![LOG[Discovering whether item 'i386/dotNetFx40_Client_x86_x64.exe' exists.]LOG]!><time="07:29:28.869-120" date="04-17-2014" component="ccmsetup" context="" type="1" thread="2724" file="manifest.cpp:553">
  <![LOG[Detected item 'i386/dotNetFx40_Client_x86_x64.exe']LOG]!><time="07:29:28.869-120" date="04-17-2014" component="ccmsetup" context="" type="1" thread="2724" file="manifest.cpp:614">
  <![LOG[Discovering whether item 'SCEPInstall.exe' exists.]LOG]!><time="07:29:28.870-120" date="04-17-2014" component="ccmsetup" context="" type="1" thread="2724" file="manifest.cpp:553">
  <![LOG[Validated file 'C:\Windows\ccmsetup\SCEPInstall.exe' hash 'FDDB17A148D8358B5BFBF63BBB3CDE902DCE807366081FE16B8E6042DCB47C71']LOG]!><time="07:29:29.649-120" date="04-17-2014" component="ccmsetup" context="" type="0" thread="2724" file="util.cpp:2609">
  <![LOG[Checking file 'C:\Windows\ccmsetup\SCEPInstall.exe' version '4.3.0220.0000' expecting >= '4.3.220.0'.]LOG]!><time="07:29:29.651-120" date="04-17-2014" component="ccmsetup" context="" type="0" thread="2724" file="manifest.cpp:1278">
  <![LOG[Detected item 'SCEPInstall.exe']LOG]!><time="07:29:29.651-120" date="04-17-2014" component="ccmsetup" context="" type="1" thread="2724" file="manifest.cpp:614">
  <![LOG[Discovering whether item 'x64/client.msi' exists.]LOG]!><time="07:29:29.651-120" date="04-17-2014" component="ccmsetup" context="" type="1" thread="2724" file="manifest.cpp:553">
  <![LOG[Item x64/client.msi has not been installed yet. Put to pending install list.]LOG]!><time="07:29:29.651-120" date="04-17-2014" component="ccmsetup" context="" type="1" thread="2724" file="manifest.cpp:609">
  <![LOG[PROPFIND 'http://SCCMSRV-02.snba.be/SMS_DP_SMSPKG$/ZAV00114']LOG]!><time="07:29:29.651-120" date="04-17-2014" component="ccmsetup" context="" type="1" thread="2724" file="httphelper.cpp:807">
  <![LOG[No client patches are detected.]LOG]!><time="07:29:29.658-120" date="04-17-2014" component="ccmsetup" context="" type="0" thread="2724" file="ccmsetup.cpp:1736">
  <![LOG[PROPFIND 'http://SCCMSRV-02.snba.be/SMS_DP_SMSPKG$/ZAV00114']LOG]!><time="07:29:29.658-120" date="04-17-2014" component="ccmsetup" context="" type="1" thread="2724" file="httphelper.cpp:807">
  <![LOG[No client language packs are detected.]LOG]!><time="07:29:29.664-120" date="04-17-2014" component="ccmsetup" context="" type="0" thread="2724" file="ccmsetup.cpp:1777">
  <![LOG[Searching for available transform]LOG]!><time="07:29:29.665-120" date="04-17-2014" component="ccmsetup" context="" type="1" thread="2724" file="ccmsetup.cpp:1807">
  <![LOG[PROPFIND 'http://SCCMSRV-02.snba.be/SMS_DP_SMSPKG$/ZAV00114']LOG]!><time="07:29:29.665-120" date="04-17-2014" component="ccmsetup" context="" type="1" thread="2724" file="httphelper.cpp:807">
  <![LOG[No transform available for this locale. Installation will proceed with no transformation.]LOG]!><time="07:29:29.671-120" date="04-17-2014" component="ccmsetup" context="" type="1" thread="2724" file="ccmsetup.cpp:1892">
  <![LOG[File 'C:\Windows\ccmsetup\client.msi' doesn't exist.]LOG]!><time="07:29:29.672-120" date="04-17-2014" component="ccmsetup" context="" type="2" thread="2724" file="util.cpp:2595">
  <![LOG[Using branch cache option.]LOG]!><time="07:29:29.690-120" date="04-17-2014" component="ccmsetup" context="" type="1" thread="2724" file="ccmsetup.cpp:6443">
  <![LOG[Adding file 'http://SCCMSRV-02.snba.be:80/SMS_DP_SMSPKG$/ZAV00114/x64/client.msi' to BITS job, saving as 'C:\Windows\ccmsetup\client.msi'.]LOG]!><time="07:29:29.690-120" date="04-17-2014" component="ccmsetup" context="" type="1" thread="2724" file="ccmsetup.cpp:6474">
  <![LOG[Starting BITS download for client deployment files.]LOG]!><time="07:29:29.698-120" date="04-17-2014" component="ccmsetup" context="" type="1" thread="2724" file="ccmsetup.cpp:6487">
  <![LOG[Download Update: 32616448 out of 32616448 bytes transferred.]LOG]!><time="07:29:30.700-120" date="04-17-2014" component="ccmsetup" context="" type="1" thread="2724" file="ccmsetup.cpp:6578">
  <![LOG[Successfully completed BITS download for client deployment files.]LOG]!><time="07:29:32.701-120" date="04-17-2014" component="ccmsetup" context="" type="1" thread="2724" file="ccmsetup.cpp:6536">
  <![LOG[Retrieved client version '5.00.7958.1000' and minimum assignable site version '5.00.7845.1000' from client package]LOG]!><time="07:29:34.020-120" date="04-17-2014" component="ccmsetup" context="" type="0" thread="2724" file="siteinfo.cpp:678">
  <![LOG[Checking compatibility of site version '5.00.7958.1000', expect newer than '5.00.7845.1000']LOG]!><time="07:29:34.020-120" date="04-17-2014" component="ccmsetup" context="" type="1" thread="2724" file="siteinfo.cpp:703">
  <![LOG[Site version '5.00.7958.1000' is compatible. Client deployment will continue.]LOG]!><time="07:29:34.020-120" date="04-17-2014" component="ccmsetup" context="" type="1" thread="2724" file="siteinfo.cpp:726">
  <![LOG[Successfully downloaded client files via BITS.]LOG]!><time="07:29:34.020-120" date="04-17-2014" component="ccmsetup" context="" type="1" thread="2724" file="ccmsetup.cpp:1396">
  <![LOG[Validated file 'C:\Windows\ccmsetup\client.msi' hash 'A5732CE24F2B1545E9FBA458971E0A5504093E0F743CA9E8BD9C047582902878']LOG]!><time="07:29:35.032-120" date="04-17-2014" component="ccmsetup" context="" type="0" thread="2724" file="util.cpp:2609">
  <![LOG[An MP exists on this machine.]LOG]!><time="07:29:35.048-120" date="04-17-2014" component="ccmsetup" context="" type="1" thread="2724" file="msiutil.cpp:565">
  <![LOG[The client version 5.00.7958.1000 does not match the MP version 5.00.7804.1000. The client will not be installed.]LOG]!><time="07:29:35.048-120" date="04-17-2014" component="ccmsetup" context="" type="3" thread="2724" file="msiutil.cpp:583">
  <![LOG[Sending Fallback Status Point message to 'SCCMSRV-02', STATEID='318'.]LOG]!><time="07:29:35.049-120" date="04-17-2014" component="ccmsetup" context="" type="1" thread="2724" file="ccmsetup.cpp:9756">
  <![LOG[Failed to get client version for sending messages to FSP. Error 0x80041010]LOG]!><time="07:29:35.054-120" date="04-17-2014" component="ccmsetup" context="" type="2" thread="2724" file="ccmsetup.cpp:9838">
  <![LOG[Params to send FSP message '5.0.7958.1000 Deployment ']LOG]!><time="07:29:35.054-120" date="04-17-2014" component="ccmsetup" context="" type="0" thread="2724" file="ccmsetup.cpp:9887">
  <![LOG[State message with TopicType 800 and TopicId {5FF017B3-AF3F-4D38-B037-0A7EE1F479C5} has been sent to the FSP]LOG]!><time="07:29:35.075-120" date="04-17-2014" component="FSPStateMessage" context="" type="1" thread="2724" file="fsputillib.cpp:752">
  <![LOG[InstallFromManifest failed 0x80004005]LOG]!><time="07:29:35.084-120" date="04-17-2014" component="ccmsetup" context="" type="3" thread="2724" file="ccmsetup.cpp:7202">
  <![LOG[CcmSetup failed with error code 0x80004005]LOG]!><time="07:29:35.086-120" date="04-17-2014" component="ccmsetup" context="" type="1" thread="7532" file="ccmsetup.cpp:10879">
  I hope someone can help me with this.
  Kind regards

  I agree with Idan. You can easily remove the Management Point Site System role and add it again with no adverse effect. This should solve your problem.
  Gerry Hampson | Blog:
  www.gerryhampsoncm.blogspot.ie | LinkedIn:
  Gerry Hampson | Twitter:
  @gerryhampson

• SCCM 2012 R2 Configuration Manager Client Package - stuck "In Progress"

  Hi Team; I’m having 2 issues with SCCM 2012 R2:
  Issue 1: I'm having a strange issue with the default XXX00002 package - "Configuration Manager Client Package",
  it will not deploy to the Secondary Site DP. The console is saying "In Progress" - below is the output from the
  distmgr.log file.
  ~Package BDC00002 does not have a preferred sender. 
  $$<SMS_DISTRIBUTION_MANAGER><03-17-2014 16:00:23.443+240><thread=6032 (0x1790)>
  ~CDistributionSrcSQL::UpdateAvailableVersion PackageID=BDC00002, Version=1, Status=2301 
  $$<SMS_DISTRIBUTION_MANAGER><03-17-2014 16:00:23.444+240><thread=6032 (0x1790)>
  ~StoredPkgVersion (1) of package BDC00002. StoredPkgVersion in database is 1. 
  $$<SMS_DISTRIBUTION_MANAGER><03-17-2014 16:00:23.462+240><thread=6032 (0x1790)>
  ~SourceVersion (1) of package BDC00002. SourceVersion in database is 1. 
  $$<SMS_DISTRIBUTION_MANAGER><03-17-2014 16:00:23.462+240><thread=6032 (0x1790)>
  ~Package BDC00003 does not have a preferred sender. 
  $$<SMS_DISTRIBUTION_MANAGER><03-17-2014 16:00:23.443+240><thread=6092 (0x17CC)>
  ~CDistributionSrcSQL::UpdateAvailableVersion PackageID=BDC00003, Version=1, Status=2301 
  $$<SMS_DISTRIBUTION_MANAGER><03-17-2014 16:00:23.464+240><thread=6092 (0x17CC)>
  STATMSG: ID=2301 SEV=I LEV=M SOURCE="SMS Server" COMP="SMS_DISTRIBUTION_MANAGER" SYS=BBK-SCCM-PRI.bbk2310.com SITE=PRI PID=2768 TID=6032 GMTDATE=Mon Mar 17 20:00:23.476 2014
  ISTR0="Configuration Manager Client Package" ISTR1="BDC00002" ISTR2="" ISTR3="" ISTR4="" ISTR5="" ISTR6="" ISTR7="" ISTR8="" ISTR9="" NUMATTRS=1 AID0=400 AVAL0="BDC00002" 
  $$<SMS_DISTRIBUTION_MANAGER><03-17-2014 16:00:23.477+240><thread=6032 (0x1790)>
  StateTable::CState::Handle - (2301:1 2014-03-17 20:00:23.476+00:00) >> (0:0 2014-02-28 16:33:45.383+00:00) 
  $$<SMS_DISTRIBUTION_MANAGER><03-17-2014 16:00:23.484+240><thread=6032 (0x1790)>
  CStateMsgReporter::DeliverMessages - Queued message: TT=1401 TIDT=0 TID='8ACCAE01-5079-4FCD-A988-C1CD3004B698' SID=2301 MUF=0 PCNT=2, P1='PRI' P2='2014-03-17 20:00:23.476+00:00' P3='' P4=''
  P5=''  $$<SMS_DISTRIBUTION_MANAGER><03-17-2014 16:00:23.495+240><thread=6032 (0x1790)>
  ~StoredPkgVersion (1) of package BDC00003. StoredPkgVersion in database is 1. 
  $$<SMS_DISTRIBUTION_MANAGER><03-17-2014 16:00:23.496+240><thread=6092 (0x17CC)>
  ~SourceVersion (1) of package BDC00003. SourceVersion in database is 1. 
  $$<SMS_DISTRIBUTION_MANAGER><03-17-2014 16:00:23.497+240><thread=6092 (0x17CC)>
  STATMSG: ID=2301 SEV=I LEV=M SOURCE="SMS Server" COMP="SMS_DISTRIBUTION_MANAGER" SYS=BBK-SCCM-PRI.bbk2310.com SITE=PRI PID=2768 TID=6092 GMTDATE=Mon Mar 17 20:00:23.510 2014
  ISTR0="Configuration Manager Client Upgrade Package" ISTR1="BDC00003" ISTR2="" ISTR3="" ISTR4="" ISTR5="" ISTR6="" ISTR7="" ISTR8="" ISTR9="" NUMATTRS=1 AID0=400
  AVAL0="BDC00003"  $$<SMS_DISTRIBUTION_MANAGER><03-17-2014 16:00:23.510+240><thread=6092 (0x17CC)>
  StateTable::CState::Handle - (2301:1 2014-03-17 20:00:23.510+00:00) >> (0:0 2014-02-28 16:33:45.383+00:00)
   $$<SMS_DISTRIBUTION_MANAGER><03-17-2014 16:00:23.515+240><thread=6092 (0x17CC)>
  CStateMsgReporter::DeliverMessages - Queued message: TT=1401 TIDT=0 TID='8ACCAE01-5079-4FCD-A988-C1CD3004B698' SID=2301 MUF=0 PCNT=2, P1='PRI' P2='2014-03-17 20:00:23.510+00:00' P3='' P4=''
  P5=''  $$<SMS_DISTRIBUTION_MANAGER><03-17-2014 16:00:23.526+240><thread=6092 (0x17CC)>
  CStateMsgReporter::DeliverMessages - Created state message file: D:\Program Files\Microsoft Configuration Manager\inboxes\auth\statesys.box\incoming\1sfb1dbj.SMX  
  $$<SMS_DISTRIBUTION_MANAGER><03-17-2014 16:00:23.571+240><thread=6032 (0x1790)>
  Successfully send state change notification 8ACCAE01-5079-4FCD-A988-C1CD3004B698 
  $$<SMS_DISTRIBUTION_MANAGER><03-17-2014 16:00:23.572+240><thread=6032 (0x1790)>
  ~Exiting package processing thread. 
  $$<SMS_DISTRIBUTION_MANAGER><03-17-2014 16:00:23.574+240><thread=6032 (0x1790)>
  CStateMsgReporter::DeliverMessages - Created state message file: D:\Program Files\Microsoft Configuration Manager\inboxes\auth\statesys.box\incoming\abaibh8y.SMX  
  $$<SMS_DISTRIBUTION_MANAGER><03-17-2014 16:00:23.637+240><thread=6092 (0x17CC)>
  Successfully send state change notification 8ACCAE01-5079-4FCD-A988-C1CD3004B698 
  $$<SMS_DISTRIBUTION_MANAGER><03-17-2014 16:00:23.683+240><thread=6092 (0x17CC)>
  ~Exiting package processing thread. 
  $$<SMS_DISTRIBUTION_MANAGER><03-17-2014 16:00:23.685+240><thread=6092 (0x17CC)>
  Sleep 30 minutes... 
  $$<SMS_DISTRIBUTION_MANAGER><03-17-2014 16:00:26.886+240><thread=2936 (0xB78)>
  ~Used 0 out of 3 allowed processing threads. 
  $$<SMS_DISTRIBUTION_MANAGER><03-17-2014 16:00:27.948+240><thread=4900 (0x1324)>
  ~Sleep 3600 seconds... 
  $$<SMS_DISTRIBUTION_MANAGER><03-17-2014 16:00:27.950+240><thread=4900 (0x1324)>
  Sleep 30 minutes... 
  $$<SMS_DISTRIBUTION_MANAGER><03-17-2014 16:00:31.934+240><thread=2936 (0xB78)>
  ~Used 0 out of 3 allowed processing threads. 
  $$<SMS_DISTRIBUTION_MANAGER><03-17-2014 16:00:33.021+240><thread=4900 (0x1324)>
  ~Sleep 3600 seconds... 
  $$<SMS_DISTRIBUTION_MANAGER><03-17-2014 16:00:33.023+240><thread=4900 (0x1324)>
  ~Used 0 out of 3 allowed processing threads. 
  $$<SMS_DISTRIBUTION_MANAGER><03-17-2014 16:00:38.108+240><thread=4900 (0x1324)>
  ~Sleep 3600 seconds... 
  $$<SMS_DISTRIBUTION_MANAGER><03-17-2014 16:00:38.111+240><thread=4900 (0x1324)>
  Sleeping for 60 minutes before content cleanup task starts.~ 
  $$<SMS_DISTRIBUTION_MANAGER><03-17-2014 16:06:28.094+240><thread=4968 (0x1368)>
  Sleep 30 minutes... 
  $$<SMS_DISTRIBUTION_MANAGER><03-17-2014 16:30:52.271+240><thread=2936 (0xB78)>
  Sleep 30 minutes... 
  $$<SMS_DISTRIBUTION_MANAGER><03-17-2014 17:01:10.002+240><thread=2936 (0xB78)>
  ~Used 0 out of 3 allowed processing threads. 
  $$<SMS_DISTRIBUTION_MANAGER><03-17-2014 17:01:10.977+240><thread=4900 (0x1324)>
  ~Sleep 3600 seconds... 
  $$<SMS_DISTRIBUTION_MANAGER><03-17-2014 17:01:10.979+240><thread=4900 (0x1324)>
  Sleeping for 60 minutes before content cleanup task starts.~ 
  $$<SMS_DISTRIBUTION_MANAGER><03-17-2014 17:06:55.337+240><thread=4968 (0x1368)>
  Issue 2: I'm trying to deploy a couple of Packages/Applications using SCCM 2012 R2 running on Win2K8 R2 with no luck, knowing that I could install the packages
  on a test VM “in the DataCenter site”, but when trying to deploy the packages to production PC “in the Office Site”,
   the status is packages deployment compliance stuck at 0%
  Infrastructure:
  3 SCCM servers: CAS, PRI & SEC. Both CAS and PRI are in the DataCenter site, and SEC is in the Office site. The office site has several IP subnets.
  Boundaries are configured through Forest Discovery “IP Ranges and AD Sites” since that the AD site should contain all the IP subnets that the AD site contains, Boundaries groups are also configured and a site reference
  server is configured for each group respectively.
  A OU based Collection has been configured that contains 13 PC "the collection contains the PCs that the packages should be installed.
  Packages/Applications are configured correctly since that I could successfully deploy the packages to the test VM which is on the same subnet as the CAS and the PRI servers "the DataCenter subnet". The issue
  is that I can't deploy the packages to production PCs in the Office subnet!
  Firewall rules are configured and applied via GP, and I even turned Windows Firewall off, and still nothing! I tried to manually initiate Computer Policy download via the SCCM GUI and via a script, still no luck!
  I tried configuring IP Subnet Boundaries, still no luck!!
  Here are the last 2 lines in the LocationServices.log of a client PC at the Office Site:
  <![LOG[MPLIST requests are throttled for 00:00:44]LOG]!><time="14:47:00.766+240" date="03-17-2014" component="LocationServices" context="" type="2" thread="5776"
  file="lssecurity.cpp:4528"> <![LOG[Current AD site of machine is Default-First-Site-Name]LOG]!><time="14:47:00.777+240" date="03-17-2014" component="LocationServices" context="" type="1"
  thread="4884" file="lsad.cpp:770">
  And here are the last 4 lines in the ClientLocation.log
  <![LOG[Rotating assigned management point, new management point [1] is: BBK-SCCM-PRI.bbk2310.com (7958) with capabilities: <Capabilities SchemaVersion="1.0"><Property Name="SSLState"
  Value="0"/></Capabilities>]LOG]!><time="14:49:04.880+240" date="03-17-2014" component="ClientLocation" context="" type="1" thread="3600" file="lsad.cpp:6311">
  <![LOG[Assigned MP changed from <BBK-SCCM-PRI.bbk2310.com> to <BBK-SCCM-PRI.bbk2310.com>.]LOG]!><time="14:49:04.891+240" date="03-17-2014" component="ClientLocation" context="" type="1"
  thread="3600" file="lsad.cpp:1532"> <![LOG[Rotating proxy management point, new management point [1] is: BBK-SCCM-SEC.bbk2310.com (7958) with capabilities: <Capabilities SchemaVersion="1.0"><Property Name="SSLState"
  Value="0"/></Capabilities>]LOG]!><time="14:49:05.345+240" date="03-17-2014" component="ClientLocation" context="" type="1" thread="3600" file="lsad.cpp:6374">
  <![LOG[Rotating local management point, new management point [1] is: BBK-SCCM-SEC.bbk2310.com (7958) with capabilities: <Capabilities SchemaVersion="1.0"><Property Name="SSLState" Value="0"/></Capabilities>]LOG]!><time="14:49:05.786+240"
  date="03-17-2014" component="ClientLocation" context="" type="1" thread="3600" file="lsad.cpp:6436">
  It looks like clients in the Office Site can’t connect to the DP/MP of the Secondary Site server which is also a DP.
  While on the PC that the application was installed on I see the folowing in the LocationService.log:
  <![LOG[Distribution Point='http://BBK-SCCM-PRI.bbk2310.com/SMS_DP_SMSPKG$/Content_69547d2a-339f-4ac4-9523-238c79ff8a52.1', Locality='LOCAL', DPType='SERVER', Version='7958', Capabilities='<Capabilities SchemaVersion="1.0"><Property
  Name="SSLState" Value="0"/></Capabilities>', Signature='http://BBK-SCCM-PRI.bbk2310.com/SMS_DP_SMSSIG$/Content_69547d2a-339f-4ac4-9523-238c79ff8a52.1.tar', ForestTrust='TRUE',]LOG]!><time="14:42:59.506+240"
  date="03-17-2014" component="LocationServices" context="" type="1" thread="224" file="lsutils.cpp:415"> <![LOG[Calling back with locations for location request {144620BC-4BF0-4878-9554-F67D305ECCF8}]LOG]!><time="14:42:59.522+240"
  date="03-17-2014" component="LocationServices" context="" type="1" thread="224" file="replylocationsendpoint.cpp:220">
  Is there something wrong with the Distribution point on the Secondary Site server?
  Please help…
  Thanks..

  Update:
  I fixed the issue with the default XXX00002 package - "Configuration Manager Client Package", it will not deploy to the Secondary Site DP. I did that through "Update Distribution Points" option, and after a while the status was 100%.
  However; the second issue is still unsolved...
  Please help..

• NAT for remote access VPN clients

  Hello,
  I have a simple remote access VPN setup on a 2811 router. The remote subnet of the clients connecting have access to the local LAN subnet, but I am wondering if it is possible to somehow NAT those remote access users, so that they can go beyond the local LAN, and through the VPN routers outside connection, giving them access to other resources.
  The remote subnet would need to be added to the NAT overload pool that the local LAN is on somehow, but since no interface is created, I am unsure where I would need to put "ip nat inside" if it even needs to be done, or if I am just missing something.
  I guess really what I want to do is tunnel all traffic, and have that remote client IP translate to the NAT pool on the router for internet access.
  Thanks.

  Have a look here for solution
  http://www.cisco.com/en/US/products/sw/secursw/ps2308/products_configuration_example09186a008073b06b.shtml
  Regards

• ASA Remote Access VPN Clients - Multiple DNS Suffixes?

  Hi community!
  I am setting up a new remote access VPN using the traditional IPSec client via ASA 5515-X runnning OS 8.6.1(5).
  We require to provide each client multiple DNS suffixes, but are only to provide a single DNS suffix in the grouip policy.
  I have tested using an external DHCP server, but using our Windows Server 2008 infrastructure and Option 119 the list is not provided to clients, and I have read that Windows 7 clietns may ignore this option anyway.
  Other than umanually configuring the clients , does anybody have any other suggestions on how we may get this to work?
  Full marks for helpful posts!
  Kind regards, Ash.

  Hi
  I am looking into the same issue, and I am finding conflicting documentation about this and wondered if you got the answers you were looking for.
  I have a remote access requirement for users from separate AD's to authenticate through an ASA.
  I was reading about Global Catalogue Server but this is not specifically what I want; and also creating a new AAA server group but the user would need to accept which group to use when they log in
  Regards

• Remote access VPN client gets connected fails on hosts in LAN

  Hi,
  VPN client gets connected fine, I have a inter VLAN routing happening on the switch in the LAN so all the LAN hosts have gateway IP on the switch, I have the defult route pointing to ASA inside interface on the switch, the switch I can reach after Remote Access VPN is connected how ever I cannot ping/connect to other hosts in the LAN and if I make the gateway point to the ASA then that host is accessible, any suggestions? I really want to have gateway to be the Switch as I have other networks reachable through the Switch (Intranet routing)

  Hi Mashal,
  Thanks for your time,
  VPN Pool(Client) 192.168.100.0/24
  Internal Subnets 192.9.200.0/24(VLAN 4000) and 192.168.2.0/24 (VLAN 1000)
  =============
  On the Switch
  =============
  Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
         D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
         N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
         E1 - OSPF external type 1, E2 - OSPF external type 2
         i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
         ia - IS-IS inter area, * - candidate default, U - per-user static route
         o - ODR, P - periodic downloaded static route
  Gateway of last resort is 192.168.2.5 to network 0.0.0.0
       172.32.0.0/24 is subnetted, 1 subnets
  C       172.32.0.0 is directly connected, Vlan101
  C    192.168.200.0/24 is directly connected, Vlan2000
  C    192.9.200.0/24 is directly connected, Vlan4000
  S    192.168.250.0/24 [1/0] via 192.9.200.125
  S    192.168.1.0/24 [1/0] via 192.9.200.125
  C    192.168.2.0/24 is directly connected, Vlan1000
  S    192.168.252.0/24 [1/0] via 192.9.200.125
  S*   0.0.0.0/0 [1/0] via 192.168.2.5
  ===============
  On ASA
  ===============
  Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP
         D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
         N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
         E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
         i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area
         * - candidate default, U - per-user static route, o - ODR
         P - periodic downloaded static route
  Gateway of last resort is 172.32.0.2 to network 0.0.0.0
  C    172.32.0.0 255.255.255.0 is directly connected, outside
  C    192.9.200.0 255.255.255.0 is directly connected, inside
  C    192.168.168.0 255.255.255.0 is directly connected, failover
  C    192.168.2.0 255.255.255.0 is directly connected, MGMT
  S    192.168.100.2 255.255.255.255 [1/0] via 172.32.0.2, outside
  S    192.168.100.3 255.255.255.255 [1/0] via 172.32.0.2, outside
  S*   0.0.0.0 0.0.0.0 [1/0] via 172.32.0.2, outside
  We don't need route print on the PC for now as I can explain what is happening I can get complete access to the 192.168.2.0/24 (VLAN 1000) but for 192.9.200.0/24 (VLAN 4000) above from the switch I can only ping IP's on the switches/pair but cannot have any tcp connections, which explains the default route being pointed on the switch is on VLAN 1000, now my issue is How do I get access to VLAN 4000 as you can see these two are on different Interfaces/zones on the ASA and please note with default gateway pointing to ASA I will have access to both the VLAN's it is only when I move the gateway pointing to Switch I loose tcp connections to one VLAN depending on the default route  on the being pointing to on the switch.
  So we are left to do with how to on the switch with default route.

• Remote access VPN client gets connected no access to LAN

  : Saved
  ASA Version 8.6(1)2
  hostname COL-ASA-01
  domain-name dr.test.net
  enable password i/RAo1iZPOnp/BK7 encrypted
  passwd i/RAo1iZPOnp/BK7 encrypted
  names
  interface GigabitEthernet0/0
  nameif outside
  security-level 0
  ip address 172.32.0.11 255.255.255.0
  interface GigabitEthernet0/1
  nameif inside
  security-level 100
  ip address 192.9.200.126 255.255.255.0
  interface GigabitEthernet0/2
  shutdown
  no nameif
  no security-level
  no ip address
  interface GigabitEthernet0/3
  shutdown
  no nameif
  no security-level
  no ip address
  interface GigabitEthernet0/4
  shutdown
  no nameif
  no security-level
  no ip address
  interface GigabitEthernet0/5
  nameif failover
  security-level 0
  ip address 192.168.168.1 255.255.255.0 standby 192.168.168.2
  interface Management0/0
  nameif management
  security-level 0
  ip address 192.168.2.11 255.255.255.0
  ftp mode passive
  dns server-group DefaultDNS
  domain-name dr.test.net
  object network RAVPN
  subnet 192.168.0.0 255.255.255.0
  object network NETWORK_OBJ_192.168.200.0_24
  subnet 192.168.200.0 255.255.255.0
  object network NETWORK_OBJ_192.9.200.0_24
  subnet 192.9.200.0 255.255.255.0
  object-group network inside_network
  network-object 192.9.200.0 255.255.255.0
  object-group network Outside
  network-object host 172.32.0.25
  access-list RAVPN_splitTunnelAcl standard permit 192.9.200.0 255.255.255.0
  access-list test123 extended permit ip host 192.168.200.1 host 192.9.200.190
  access-list test123 extended permit ip host 192.9.200.190 host 192.168.200.1
  access-list test123 extended permit ip object NETWORK_OBJ_192.168.200.0_24 192.9.200.0 255.255.255.0
  access-list test123 extended permit ip 192.9.200.0 255.255.255.0 object NETWORK_OBJ_192.9.200.0_24
  pager lines 24
  mtu management 1500
  mtu outside 1500
  mtu inside 1500
  mtu failover 1500
  ip local pool RAVPN 192.168.200.1-192.168.200.254 mask 255.255.255.0
  no failover
  icmp unreachable rate-limit 1 burst-size 1
  asdm image disk0:/asdm-66114.bin
  no asdm history enable
  arp timeout 14400
  nat (inside,outside) source dynamic any interface
  nat (any,inside) source static NETWORK_OBJ_192.168.200.0_24 NETWORK_OBJ_192.168.200.0_24 destination static NETWORK_OBJ_192.9.200.0_24 NETWORK_OBJ_192.9.200.0_24
  route outside 0.0.0.0 0.0.0.0 172.32.0.2 1
  timeout xlate 3:00:00
  timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
  timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
  timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
  timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
  timeout tcp-proxy-reassembly 0:01:00
  timeout floating-conn 0:00:00
  dynamic-access-policy-record DfltAccessPolicy
  user-identity default-domain LOCAL
  aaa authentication ssh console LOCAL
  http server enable
  http 0.0.0.0 0.0.0.0 outside
  http 0.0.0.0 0.0.0.0 inside
  no snmp-server location
  no snmp-server contact
  snmp-server enable traps snmp authentication linkup linkdown coldstart warmstart
  crypto ipsec ikev1 transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac
  crypto ipsec ikev1 transform-set ESP-DES-SHA esp-des esp-sha-hmac
  crypto ipsec ikev1 transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
  crypto ipsec ikev1 transform-set ESP-DES-MD5 esp-des esp-md5-hmac
  crypto ipsec ikev1 transform-set ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac
  crypto ipsec ikev1 transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac
  crypto ipsec ikev1 transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac
  crypto ipsec ikev1 transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac
  crypto ipsec ikev1 transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac
  crypto ipsec ikev1 transform-set ESP-AES-128-MD5 esp-aes esp-md5-hmac
  crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set pfs group1
  crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set ikev1 transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA ESP-3DES-MD5 ESP-DES-SHA ESP-DES-MD5
  crypto map outside_map 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP
  crypto map outside_map interface outside
  crypto ca trustpoint ASDM_TrustPoint0
  enrollment terminal
  subject-name CN=KWI-COL-ASA-01.dr.test.net,O=KWI,C=US
  crl configure
  crypto ikev1 enable outside
  crypto ikev1 policy 10
  authentication crack
  encryption aes-256
  hash sha
  group 2
  lifetime 86400
  crypto ikev1 policy 20
  authentication rsa-sig
  encryption aes-256
  hash sha
  group 2
  lifetime 86400
  crypto ikev1 policy 30
  authentication pre-share
  encryption aes-256
  hash sha
  group 2
  lifetime 86400
  crypto ikev1 policy 40
  authentication crack
  encryption aes-192
  hash sha
  group 2
  lifetime 86400
  crypto ikev1 policy 50
  authentication rsa-sig
  encryption aes-192
  hash sha
  group 2
  lifetime 86400
  crypto ikev1 policy 60
  authentication pre-share
  encryption aes-192
  hash sha
  group 2
  lifetime 86400
  crypto ikev1 policy 70
  authentication crack
  encryption aes
  hash sha
  group 2
  lifetime 86400
  crypto ikev1 policy 80
  authentication rsa-sig
  encryption aes
  hash sha
  group 2
  lifetime 86400
  crypto ikev1 policy 90
  authentication pre-share
  encryption aes
  hash sha
  group 2
  lifetime 86400
  crypto ikev1 policy 100
  authentication crack
  encryption 3des
  hash sha
  group 2
  lifetime 86400
  crypto ikev1 policy 110
  authentication rsa-sig
  encryption 3des
  hash sha
  group 2
  lifetime 86400
  crypto ikev1 policy 120
  authentication pre-share
  encryption 3des
  hash sha
  group 2
  lifetime 86400
  crypto ikev1 policy 130
  authentication crack
  encryption des
  hash sha
  group 2
  lifetime 86400
  crypto ikev1 policy 140
  authentication rsa-sig
  encryption des
  hash sha
  group 2
  lifetime 86400
  crypto ikev1 policy 150
  authentication pre-share
  encryption des
  hash sha
  group 2
  lifetime 86400
  crypto ikev1 policy 65535
  authentication pre-share
  encryption 3des
  hash sha
  group 2
  lifetime 86400
  telnet 192.9.200.0 255.255.255.0 inside
  telnet timeout 30
  ssh 0.0.0.0 0.0.0.0 management
  ssh 0.0.0.0 0.0.0.0 outside
  ssh 66.35.45.128 255.255.255.192 outside
  ssh 0.0.0.0 0.0.0.0 inside
  ssh timeout 30
  ssh version 2
  console timeout 0
  threat-detection basic-threat
  threat-detection statistics access-list
  no threat-detection statistics tcp-intercept
  webvpn
  enable outside
  anyconnect image disk0:/anyconnect-win-2.5.2014-k9.pkg 1
  anyconnect enable
  tunnel-group-list enable
  group-policy DfltGrpPolicy attributes
  group-policy RAVPN internal
  group-policy RAVPN attributes
  wins-server value 192.9.200.164
  dns-server value 66.35.46.84 66.35.47.12
  vpn-filter value test123
  vpn-tunnel-protocol ikev1
  split-tunnel-policy tunnelspecified
  split-tunnel-network-list value test123
  default-domain value dr.kligerweiss.net
  username test password xxxxxxx encrypted
  username admin password aaaaaaaaaaaa encrypted privilege 15
  username vpntest password ddddddddddd encrypted
  tunnel-group RAVPN type remote-access
  tunnel-group RAVPN general-attributes
  address-pool RAVPN
  default-group-policy RAVPN
  tunnel-group RAVPN ipsec-attributes
  ikev1 pre-shared-key *****
  class-map inspection_default
  match default-inspection-traffic
  policy-map type inspect dns preset_dns_map
  parameters
    message-length maximum client auto
    message-length maximum 512
  policy-map global_policy
  class inspection_default
    inspect dns preset_dns_map
    inspect ftp
    inspect h323 h225
    inspect h323 ras
    inspect ip-options
    inspect netbios
    inspect rsh
    inspect rtsp
    inspect skinny
    inspect esmtp
    inspect sqlnet
    inspect sunrpc
    inspect tftp
    inspect sip
    inspect xdmcp
  service-policy global_policy global
  prompt hostname context
  no call-home reporting anonymous
  call-home
  profile CiscoTAC-1
    no active
    destination address http https://tools.cisco.com/its/service/oddce/services/DDCEService
    destination address email [email protected]
    destination transport-method http
    subscribe-to-alert-group diagnostic
    subscribe-to-alert-group environment
    subscribe-to-alert-group inventory periodic monthly 2
    subscribe-to-alert-group configuration periodic monthly 2
    subscribe-to-alert-group telemetry periodic daily
  password encryption aes
  Cryptochecksum:b001e526a239af2c73fa56f3ca7667ea
  : end
  COL-ASA-01#
  Here is some capture done on the inside interface which may help too, I tried pointing the gateway to inside interface on the target device but I think this was a switch without ip route available on it I believe that is still sending packet back to Cisco inside interface
  COL-ASA-01# sho cap test | in 192.168.200
  25: 23:45:55.570618 192.168.200.1 > 192.9.200.190: icmp: echo request
    29: 23:45:56.582794 192.168.200.1.137 > 192.9.200.164.137:  udp 68
    38: 23:45:58.081050 192.168.200.1.137 > 192.9.200.164.137:  udp 68
    56: 23:45:59.583176 192.168.200.1.137 > 192.9.200.164.137:  udp 68
    69: 23:46:00.573517 192.168.200.1 > 192.9.200.190: icmp: echo request
    98: 23:46:05.578110 192.168.200.1 > 192.9.200.190: icmp: echo request
    99: 23:46:05.590057 192.168.200.1.137 > 192.9.200.164.137:  udp 68
  108: 23:46:07.092310 192.168.200.1.137 > 192.9.200.164.137:  udp 68
  115: 23:46:08.592468 192.168.200.1.137 > 192.9.200.164.137:  udp 68
  116: 23:46:10.580795 192.168.200.1 > 192.9.200.190: icmp: echo request
  COL-ASA-01#
  Any help or pointers greatly appreciated, I am doing this config after a long gap on Cisco last time I was working it was all PIX so just need some expert eyes to let me know if I am missing something.
  And Yes I do not have a Host in Inside network to test against, all I have is a switch which cannot route and ip default gateway is not helping too...

  Hi,
  The first thing you should do to avoid problems is to change the VPN Pool to something else than the current LAN network as they are not really directly connected in the same network segment.
  You could try the following changes
  tunnel-group RAVPN general-attributes
    no address-pool RAVPN
  no ip local pool RAVPN 192.168.200.1-192.168.200.254 mask 255.255.255.0
  ip local pool RAVPN 192.168.201.1-192.168.201.254 mask 255.255.255.0
  tunnel-group RAVPN general-attributes
    address-pool RAVPN
  no nat  (any,inside) source static NETWORK_OBJ_192.168.200.0_24  NETWORK_OBJ_192.168.200.0_24 destination static  NETWORK_OBJ_192.9.200.0_24 NETWORK_OBJ_192.9.200.0_24
  In the above you first remove the VPN Pool from the "tunnel-group" and then remove and recreate the VPN Pool with another network and then insert it back to the same "tunnel-group". Nex you remove the current NAT configuration.
  object network LAN
  subnet 192.168.200.0 255.255.255.0
  object network VPN-POOL
  subnet 192.168.201.0 255.255.255.0
  nat (inside,outside) 1 source static LAN LAN destination static VPN-POOL VPN-POOL
  The above NAT configurations adds the correct NAT0 configuration for the changed VPN Pool. It also inserts the NAT rule to the very top before the Dynamic PAT rule you currently have. It is also one of the problems with the configurations as it will override your current NAT configurations.
  You have your Dynamic PAT rule at the very top of your NAT rules currently which is not a good idea. If you wish to change it to something else that wont override the other NAT configurations in the future you can do the following change.
  no nat (inside,outside) source dynamic any interface
  nat (inside,outside) after-auto source dynamic any interface
  NOTICE! Changing the above Dynamic PAT configuration will temporarily terminate all connections for users from the LAN as you reconfigure the Dynamic PAT rule. So if you do this change make sure that its ok to cause still small cut in the current connections of internal users
  Hope this helps
  Let me know if it works for you
  - Jouni