Sccm 2012- remote access to client
Hi
We have SCCM 2012 and enabled the remote tools to the workstation
I noticed when I used a ccount with local admin I able to access the machine properly
But when I used account "without" local admin account in the computer I'm getting "prompt" to enter user name and password and even I input the account I;m getting still prompt option.
Please advise why the NON/Without "local admin" can't access the machine and pompting a user name and password
The remot tools required local admin ???
although the user have local admin can do ..
Robert
When I add the "remote control or remote viewer in local administrator of the machine, the thing work smoothly
The only issues are , when the remote viewer is NOT part of local administrator I can't able to remote the machine
addiotinal info for port listening for further troubleshooting
need your help .. is there any relation for the gpo ? because if local admin it work fine
Active Connections
Proto Local Address Foreign Address State
TCP 0.0.0.0:135 SCCMTEST05:0 LISTENING
TCP 0.0.0.0:445 SCCMTEST05:0 LISTENING
TCP 0.0.0.0:2701 SCCMTEST05:0 LISTENING
TCP 0.0.0.0:49152 SCCMTEST05:0 LISTENING
TCP 0.0.0.0:49153 SCCMTEST05:0 LISTENING
TCP 0.0.0.0:49154 SCCMTEST05:0 LISTENING
TCP 0.0.0.0:49182 SCCMTEST05:0 LISTENING
TCP 0.0.0.0:49183 SCCMTEST05:0 LISTENING
TCP 0.0.0.0:49184 SCCMTEST05:0 LISTENING
TCP 192.168.24.218:139 SCCMTEST05:0 LISTENING
TCP 192.168.24.218:2701 server6032:60104 TIME_WAIT
TCP 192.168.24.218:57163 server5092:10123 ESTABLISHED
TCP 192.168.24.218:57265 server06:microsoft-ds ESTABLISHED
TCP 127.0.0.1:57280 SCCMTEST05:0 LISTENING
TCP [::]:135 SCCMTEST05:0 LISTENING
TCP [::]:445 SCCMTEST05:0 LISTENING
TCP [::]:2701 SCCMTEST05:0 LISTENING
TCP [::]:49152 SCCMTEST05:0 LISTENING
TCP [::]:49153 SCCMTEST05:0 LISTENING
TCP [::]:49154 SCCMTEST05:0 LISTENING
TCP [::]:49182 SCCMTEST05:0 LISTENING
TCP [::]:49183 SCCMTEST05:0 LISTENING
TCP [::]:49184 SCCMTEST05:0 LISTENING
UDP 0.0.0.0:123 *:*
UDP 0.0.0.0:500 *:*
UDP 0.0.0.0:4500 *:*
UDP 0.0.0.0:5355 *:*
UDP 192.168.24.218:137 *:*
UDP 192.168.24.218:138 *:*
UDP 192.168.24.218:1900 *:*
UDP 192.168.24.218:54661 *:*
UDP 127.0.0.1:1900 *:*
UDP 127.0.0.1:52574 *:*
UDP 127.0.0.1:54575 *:*
UDP 127.0.0.1:54662 *:*
UDP 127.0.0.1:56463 *:*
UDP 127.0.0.1:59546 *:*
UDP 127.0.0.1:59642 *:*
UDP 127.0.0.1:63001 *:*
UDP 127.0.0.1:63986 *:*
UDP [::]:123 *:*
UDP [::]:500 *:*
UDP [::]:4500 *:*
UDP [::]:5355 *:*
UDP [::1]:1900 *:*
UDP [::1]:54660 *:*
UDP [fe80::9ddb:5483:f053:126e%11]:1900 *:*
UDP [fe80::9ddb:5483:f053:126e%11]:54659 *:*
Robert
Similar Messages
-
SCCM 2012 Remote control with NON admin ID
When trying to remote a machine via SCCM 2012 remote control using a non admin ID it does not connect. Get the following in the CmRcService log file:
HandshakeWorker failed..
The logon attempt failed (Error: 8009030C; Source: Windows) CmRcService 2014-12-10 01:19:41 PM 2632 (0x0A48)
Security filter server: DoHandshake failed..
The logon attempt failed (Error: 8009030C; Source: Windows) CmRcService 2014-12-10 01:19:41 PM 2632 (0x0A48)
m_pSecFilter DoHandshake() failed. CmRcService 2014-12-10 01:19:41 PM 2632 (0x0A48)
DoHandshake failed on server side.
The logon attempt failed (Error: 8009030C; Source: Windows) CmRcService 2014-12-10 01:19:41 PM 2632 (0x0A48)
Failed to do Handshake in Server.
The logon attempt failed (Error: 8009030C; Source: Windows) CmRcService 2014-12-10 01:19:41 PM 2632 (0x0A48)
Failed to create security context.. Security Handshake failed.
The logon attempt failed (Error: 8009030C; Source: Windows) CmRcService 2014-12-10 01:19:41 PM 2632 (0x0A48)
Failed to validate Security requirement..
The logon attempt failed (Error: 8009030C; Source: Windows) CmRcService 2014-12-10 01:19:41 PM 2632 (0x0A48)
Failed to complete the RDP connection..
The logon attempt failed (Error: 8009030C; Source: Windows) CmRcService 2014-12-10 01:19:41 PM 2632 (0x0A48)Hi,
Please check the similar thread below that is a Group Policy issue.
Quote:
our group policy is allowing only the local administrator to access the network , so the normal user will not able to access the machine even the sccm remote tools member
https://social.technet.microsoft.com/Forums/en-US/77c865c2-7602-4234-a4cd-52d54ab6d653/sccm-2012-remote-access-to-client?forum=configmanagerdeployment
Best Regards,
Joyce -
SCCM 2012 Remote Control Viewer - Multiple Session
Hello Guys,
We have faced one issue that there have only one session can be connected if we are using the SCCM 2012 remote control viewer. The problem is that we have two support team may require to remote the same desktop in the same time via the remote control viewer.
Do anyone know how we can activate more session for remote control viewer in SCCM 2012?
Thanks,
SCCM usersFYI – If you need to have 2 technicians remoted into the same device, we found a workaround, this works with SCCM 2012 SP1 CU3, and Windows 7 clients.
For tech1, using the ConfigMgr console, right-click the device, Start -> Remote Control
For tech2, using the ConfigMgr console, right-click the device, Start -> Remote Assistance -
Can ASA5505 forward remote-access-VPN clients to LAN
I currently have ASA-5505 and 2911-Router and I'm trying to configure VPN topology.
Can ASA5505 forward remote-access-VPN clients to LAN operated by a different router?
Are these two cases possible?:
(1) ASA-5505 and 2911-Router are on separate WAN interfaces, each directly connected to ISP. But then can I connect one of other LAN interfaces of ASA-5505 into a switch managed by 2911-Router to inject remote-SSL-VPN clients into the LAN managed by the router?
(2) ASA-5505 is behind 2911-Router. Can 2911 Router assign a public ip address or have public ip address VPN-access attempts directly be forwarded to ASA-5505 when there is only one public ip address available?
Long put short, can ASA-5505 inject its remote-access-VPN clients as one of hosts on the LAN managed by 2911-router?
Thanks.I could help you more if you can explain the purpose of this setup and the connectivity between the ASA and router.
You can enable reverse-route on the Dynamic map on the ASA. The ASA will install a static route for the client on the routing table. You can use a Routing protocol to redistribute the static routes to your switch on the LAN side of the ASA. -
SCCM 2012 - Network requirements for Client communication to primary in a Cross Forest Environment
Hello, I have been trying to get some definitive answers on what network traffic is required between a client and a primary site versus a secondary in a cross forest scenario.
Here is the scenario:
Company A has an existing SCCM 2012 primary Site. Company B (Separate Forest) has now been brought in. One subnet on each side can route to each other and using that one subnet a two way forest
trust has been setup. But the remote offices have IP address overlaps between companies. At some point in the future all assets on company B will be re-IP and brought over to Company A domain. But in the interim it would be nice to get SCCM cross forest clients
working. Upgrading to a CAS model with two Primaries would not be preferred here as this is a temporary solution.
My questions are as follows.
If a secondary site is deployed into Company B Forest/Network. I have seen people online elude to that clients will still need to communicate to the Primary located at Company A, even though they
are assigned to a secondary on Company B’s network. Is this true? Is there any workarounds for this? Is a NAT back to the primary acceptable, or is reverse lookup required?
Will the Primary need to communicate directly to the clients in Company B? If this is in fact a requirement, then this would be a show stopper. But if its only needed for things like client pushes,
then we could work around it.
Thanks"But the remote offices have IP address overlaps between companies"
Technically, this is unsupported because clients, depending upon your boundaries, will not be able to find a local DP since they use IP addresses for this. The only way to work around this is to use AD Site boundaries.
"though they are assigned to a secondary"
Clients are *never* assigned to a secondary site -- that's not what secondary sites are for. Yes, clients require communication with an MP in the primary site where they are assigned. There is no way to change this or work-around this except to put
an MP from the primary site closer to those clients and use the new MP affinity option in R2 CU3.
Reverse lookups are only used to verify names by applications that wish to have this type of functionality (which are very few in number) and have nothing to do with true network traffic. NATing is an issue for the reason I gave above -- DP location.
Remote control, client push, and WoL won't work either because there is no way for the traffic to reach the destination behind the NAT.
All client *agent* communication in ConfigMgr is client initiated in ConfigMgr (remote control, client push, and WoL -- as just mentioned -- are sort of exceptions to this but they don't really involve the client *agent*.)
Jason | http://blog.configmgrftw.com | @jasonsandys -
Allowing the domain users Group to SCCM 2012 Remote Control
Hi There,
been working on this issue for the last few days now and its frustrating the crap out of me. My company has requested for all Domain users to be allowed to Remote Control to everyone's computer. This is so that users will be able to show each other how to
use in house application. In SCCM 2012 console, I've added the Domain users to the Premitted viewer tab. I've also added the domain user group to the administrative user section, added the Remote operator role and assigned the
ALL security scope to it. On another machine, i run the CMRCviewer to this machine and it prompts for username advising me the one i provided isn't authorized. when i check on the targeted machine, i can see domain users populated in the ConfigMgr
remote control user group
It seems only domain admins have rights to Remote control in. i've only got one client setting defined (default policy).
the interesting thing is the following layout
WINDOWS XP ---> WINDOWS 7 prompts for username
WINDOWS 7 -----> WINDOWS XP works
WINDOWS XP -----> WINDOWS XP works
WINDOWS 7 ------> WINDOWS 7 prompts for usernameHi Dave,
1) yes domain users is part of the configMgr remote control users". CMRCSERVICE.log shows the following
=== Starting security handshake ===
CmRcService
11/03/2013 10:44:29 AM
4808 (0x12C8)
HandshakeWorker failed..
The logon attempt failed (Error: 8009030C; Source: Windows)
CmRcService 11/03/2013 10:44:29 AM
4808 (0x12C8)
Security filter server: DoHandshake failed..
The logon attempt failed (Error: 8009030C; Source: Windows)
CmRcService 11/03/2013 10:44:29 AM
4808 (0x12C8)
m_pSecFilter DoHandshake() failed. CmRcService
11/03/2013 10:44:29 AM 4808 (0x12C8)
DoHandshake failed on server side.
The logon attempt failed (Error: 8009030C; Source: Windows)
CmRcService 11/03/2013 10:44:29 AM
4808 (0x12C8)
Failed to do Handshake in Server.
The logon attempt failed (Error: 8009030C; Source: Windows)
CmRcService 11/03/2013 10:44:29 AM
4808 (0x12C8)
Failed to create security context.. Security Handshake failed.
The logon attempt failed (Error: 8009030C; Source: Windows)
CmRcService 11/03/2013 10:44:29 AM
4808 (0x12C8)
Failed to validate Security requirement..
The logon attempt failed (Error: 8009030C; Source: Windows)
CmRcService 11/03/2013 10:44:29 AM
4808 (0x12C8)
Failed to complete the RDP connection..
The logon attempt failed (Error: 8009030C; Source: Windows)
CmRcService 11/03/2013 10:44:29 AM
4808 (0x12C8)
i've confirmed this user is part of domain users as well. -
In SCCM 2012 if it integrates with 1E Nomad SCCM 2012 nomad how many clients it can handle
Hi All
Its about SCCM 2012 R2 with NOmad , we have around 300 and 500 users in WAN link remote locations ,if we use NOMAD
it will handle more then 300 user in a remote locationThanks for the question. The quick answer is it will work JUST fine for any SW Dist scenario you throw at it... the better answer is it will also depend on which version of Nomad you are using. Our current version is instrumented to handle VERY large remote
offices across the WAN. Features like FanOut will dramatically improve performance with a large number of systems on a single subnet (on the order of 1,000's). Single Site Download further scales it out to having a scenario like a remote office with many thousands
of systems, like an office building or site with many subnets there, each with many clients per subnet. You can manage that scenario easily with just a single instance of the content being downloaded and then replicated throughout the building/site very rapidly
by a single Nomad master machine.
Feel free to reach out to me directly (Ed.Aldrich AT 1e.com) if you wish to know more, or take a look at
http://www.1e.com/nomad/ for a public facing look at all the usual sort of material and info.
Ed Aldrich | 1E | Pre-Sales Solutions Engineer | ConfigManager MVP 2003-2012 -
Windows 2012 Remote Access Log
Hello,
is there a setting or configuration in Windows Server 2012 which excludes some sort of "grey Clock+Date screen" asking for Ctrl+Alt+Del for sign in, when accessing in the Server via Remote Access?
Actually this screen appears, and it is not receiving my Ctrl+Alt+Del remotely, so I can't sign in...
Thank you!!Here’s a list commonly used keyboard shortcut key combinations to use in Remote Desktop Connection navigation, together with the action the shortcuts perform and equivalent keyboard shortcuts on local desktop.
CTRL+ALT+END: Open the Microsoft Windows NT Security dialog box (CTRL+ALT+DEL)
ALT+PAGE UP: Switch between programs from left to right (CTRL+PAGE UP)
ALT+PAGE DOWN: Switch between programs from right to left (CTRL+PAGE DOWN)
ALT+INSERT: Cycle through the programs in most recently used order (ALT+TAB)
ALT+HOME: Display the Start menu (CTRL+ESC)
CTRL+ALT+BREAK: Switch the client computer between a window and a full screen
ALT+DELETE: Display the Windows menu
CTRL+ALT+Minus sign (-): Place a snapshot of the entire client window area on the Terminal server clipboard and provide the same functionality as pressing ALT+PRINT SCREEN on a local computer (ALT+PRT SC)
CTRL+ALT+Plus sign (+): Place a snapshot of the active window in the client on the Terminal server clipboard and provide the same functionality as pressing PRINT SCREEN on a local computer (PRT SC)
. : | : . : | : . tim -
Remote Access VPN Clients Cannot Access inside LAN
I have been asked to set up remote access VPN on an ASA 5505 that I previously had no invlovement with. I have set it up the VPN using the wizard, they way I normally do, but the clients have no access to anything in the inside subnet, not even the inside interface IP address of the ASA. Thay can ping each other. The remote access policy below that I am working on is labeled VPNPHONE, address pool 172.16.20.1-10. I do not need split tunneling to be enabled. The active WAN interface is the one labeled outside_cable.
: Saved
ASA Version 8.2(1)
hostname ASA5505
domain-name default.domain.invalid
enable password eelnBRz68aYSzHyz encrypted
passwd eelnBRz68aYSzHyz encrypted
names
interface Vlan1
nameif inside
security-level 100
ip address 192.168.100.1 255.255.255.0
interface Vlan2
nameif outside
security-level 0
pppoe client vpdn group dataDSL
ip address 76.244.75.57 255.255.255.255 pppoe
interface Vlan3
nameif dmz
security-level 50
ip address 192.168.9.1 255.255.255.0
interface Vlan10
nameif outside_cable
security-level 0
ip address 50.84.96.178 255.255.255.240
interface Ethernet0/0
switchport access vlan 2
interface Ethernet0/1
switchport access vlan 10
interface Ethernet0/2
switchport access vlan 3
interface Ethernet0/3
interface Ethernet0/4
interface Ethernet0/5
interface Ethernet0/6
interface Ethernet0/7
ftp mode passive
clock timezone CST -6
clock summer-time CDT recurring
dns server-group DefaultDNS
domain-name default.domain.invalid
same-security-traffic permit intra-interface
object-group service Netbios udp
port-object eq 139
port-object eq 445
port-object eq netbios-ns
object-group service Netbios_TCP tcp
port-object eq 445
port-object eq netbios-ssn
object-group network DM_INLINE_NETWORK_1
network-object host 192.168.100.177
network-object host 192.168.100.249
object-group service Web_Services tcp
port-object eq ftp
port-object eq ftp-data
port-object eq www
port-object eq https
object-group network DM_INLINE_NETWORK_10
network-object host 192.168.9.10
network-object host 192.168.9.4
object-group network DM_INLINE_NETWORK_11
network-object host 192.168.9.10
network-object host 192.168.9.4
object-group network DM_INLINE_NETWORK_2
network-object host 192.168.9.10
network-object host 192.168.9.4
object-group network DM_INLINE_NETWORK_3
network-object host 192.168.9.10
network-object host 192.168.9.4
object-group network DM_INLINE_NETWORK_4
network-object host 192.168.9.10
network-object host 192.168.9.4
object-group network DM_INLINE_NETWORK_5
network-object host 192.168.9.10
network-object host 192.168.9.4
object-group network DM_INLINE_NETWORK_6
network-object host 192.168.9.10
network-object host 192.168.9.4
object-group network DM_INLINE_NETWORK_7
network-object host 192.168.9.10
network-object host 192.168.9.4
object-group network DM_INLINE_NETWORK_8
network-object host 192.168.9.10
network-object host 192.168.9.4
object-group network DM_INLINE_NETWORK_9
network-object host 192.168.9.10
network-object host 192.168.9.4
object-group network VPN
network-object 192.168.255.0 255.255.255.0
access-list outside_access_in extended permit icmp any host 76.244.75.61
access-list outside_access_in extended permit tcp any host 76.244.75.61 eq ftp
access-list outside_access_in extended permit tcp any host 76.244.75.61 eq ftp-data
access-list outside_access_in extended permit tcp any host 76.244.75.62 eq www
access-list outside_access_in extended permit tcp any host 76.244.75.62 eq https
access-list outside_access_in extended permit tcp any host 76.244.75.59 eq www
access-list outside_access_in extended permit tcp any host 76.244.75.59 eq https
access-list outside_access_in extended permit tcp any host 76.244.75.60 eq www
access-list outside_access_in extended permit tcp any host 76.244.75.60 eq https
access-list outside_access_in extended permit tcp any host 76.244.75.58 eq www
access-list outside_access_in extended permit tcp any host 76.244.75.58 eq https
access-list dmz_access_in remark Quickbooks
access-list dmz_access_in extended permit tcp object-group DM_INLINE_NETWORK_6 host 192.168.100.5 eq 56719
access-list dmz_access_in remark Quickbooks range
access-list dmz_access_in extended permit tcp object-group DM_INLINE_NETWORK_7 host 192.168.100.5 range 55333 55337
access-list dmz_access_in extended permit udp object-group DM_INLINE_NETWORK_8 host 192.168.100.5 eq 1434
access-list dmz_access_in extended permit tcp object-group DM_INLINE_NETWORK_9 host 192.168.100.5 eq 49398
access-list dmz_access_in remark QB
access-list dmz_access_in extended permit tcp object-group DM_INLINE_NETWORK_10 host 192.168.100.5 eq 8019
access-list dmz_access_in extended permit udp object-group DM_INLINE_NETWORK_2 host 192.168.100.5 eq 2638
access-list dmz_access_in extended permit udp object-group DM_INLINE_NETWORK_11 host 192.168.100.5 object-group Netbios
access-list dmz_access_in extended permit tcp object-group DM_INLINE_NETWORK_3 host 192.168.100.5 object-group Netbios_TCP
access-list dmz_access_in extended deny ip host 192.168.9.4 host 192.168.100.5 inactive
access-list dmz_access_in extended permit udp object-group DM_INLINE_NETWORK_4 any
access-list dmz_access_in extended permit tcp object-group DM_INLINE_NETWORK_5 any
access-list dmz_access_in remark Printer
access-list dmz_access_in extended permit ip 192.168.9.0 255.255.255.0 object-group DM_INLINE_NETWORK_1
access-list dmz_access_in extended permit tcp 192.168.9.0 255.255.255.0 any object-group Web_Services
access-list dmz_access_in extended permit udp 192.168.9.0 255.255.255.0 any eq domain
access-list dmz_access_in extended permit icmp 192.168.9.0 255.255.255.0 192.168.255.0 255.255.255.0 echo-reply
access-list dmz_access_in extended permit icmp 192.168.9.0 255.255.255.0 192.168.100.0 255.255.255.0 echo-reply log disable
access-list dmz_access_in remark QB probably does not need any udp
access-list dmz_access_in extended permit udp host 192.168.9.4 host 192.168.100.5 eq 55333 inactive
access-list dmz_access_in remark QB included in other rule range
access-list dmz_access_in extended permit tcp host 192.168.9.4 host 192.168.100.5 eq 55333 inactive
access-list dmz_access_in remark May be required for Quickbooks
access-list dmz_access_in extended permit icmp host 192.168.9.4 host 192.168.100.5
access-list CAD_capture extended permit ip host 192.168.9.4 host 192.168.100.5
access-list CAD_capture extended permit ip host 192.168.100.5 host 192.168.9.4
access-list inside_nat0_outbound extended permit ip any 192.168.255.0 255.255.255.0
access-list inside_nat0_outbound extended permit ip any 192.168.255.0 255.255.255.240
access-list inside_nat0_outbound extended permit ip any 172.16.10.0 255.255.255.240
access-list inside_nat0_outbound extended permit ip any 172.16.20.0 255.255.255.240
access-list cad_supplies_RAVPN_splitTunnelAcl standard permit 192.168.100.0 255.255.255.0
access-list cad_supplies_RAVPN_splitTunnelAcl standard permit 192.168.9.0 255.255.255.0
access-list dmz_nat0_outbound extended permit ip any 192.168.255.0 255.255.255.0
access-list outside_cable_access_in extended permit icmp any host 50.84.96.182
access-list outside_cable_access_in extended permit tcp any host 50.84.96.182 eq ftp
access-list outside_cable_access_in extended permit tcp any host 50.84.96.182 eq ftp-data
access-list outside_cable_access_in extended permit tcp any host 50.84.96.183 eq www
access-list outside_cable_access_in extended permit tcp any host 50.84.96.183 eq https
access-list outside_cable_access_in extended permit tcp any host 50.84.96.180 eq www
access-list outside_cable_access_in extended permit tcp any host 50.84.96.180 eq https
access-list outside_cable_access_in extended permit tcp any host 50.84.96.181 eq www
access-list outside_cable_access_in extended permit tcp any host 50.84.96.181 eq https
access-list outside_cable_access_in extended permit tcp any host 50.84.96.179 eq www
access-list outside_cable_access_in extended permit tcp any host 50.84.96.179 eq https
access-list Local_LAN_Access standard permit host 0.0.0.0
access-list vpnusers_spitTunnelACL extended permit ip 192.168.100.0 255.255.255.0 any
access-list nonat-in extended permit ip 192.168.100.0 255.255.255.0 172.16.20.0 255.255.255.0
pager lines 24
logging enable
logging buffered informational
logging asdm informational
mtu inside 1500
mtu outside 1500
mtu dmz 1500
mtu outside_cable 1500
ip local pool VPN_IP_range 192.168.255.1-192.168.255.10 mask 255.255.255.0
ip local pool VPN_Phone 172.16.20.1-172.16.20.10 mask 255.255.255.0
no failover
icmp unreachable rate-limit 1 burst-size 1
no asdm history enable
arp timeout 14400
nat-control
global (outside) 10 interface
global (outside_cable) 10 interface
nat (inside) 0 access-list nonat-in
nat (inside) 10 0.0.0.0 0.0.0.0
nat (dmz) 0 access-list dmz_nat0_outbound
nat (dmz) 10 0.0.0.0 0.0.0.0
static (inside,outside) 76.244.75.62 192.168.100.25 netmask 255.255.255.255 dns
static (dmz,outside) 76.244.75.61 192.168.9.123 netmask 255.255.255.255 dns
static (dmz,outside) 76.244.75.59 192.168.9.124 netmask 255.255.255.255 dns
static (dmz,outside) 76.244.75.58 192.168.9.4 netmask 255.255.255.255 dns
static (inside,dmz) 192.168.100.0 192.168.100.0 netmask 255.255.255.0
static (dmz,outside) 76.244.75.60 192.168.9.10 netmask 255.255.255.255 dns
static (inside,outside_cable) 50.84.96.183 192.168.100.25 netmask 255.255.255.255 dns
static (dmz,outside_cable) 50.84.96.182 192.168.9.123 netmask 255.255.255.255 dns
static (dmz,outside_cable) 50.84.96.180 192.168.9.124 netmask 255.255.255.255 dns
static (dmz,outside_cable) 50.84.96.179 192.168.9.4 netmask 255.255.255.255 dns
static (dmz,outside_cable) 50.84.96.181 192.168.9.10 netmask 255.255.255.255 dns
access-group outside_access_in in interface outside
access-group dmz_access_in in interface dmz
access-group outside_cable_access_in in interface outside_cable
route outside_cable 0.0.0.0 0.0.0.0 50.84.96.177 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
dynamic-access-policy-record DfltAccessPolicy
http server enable
http 192.168.1.0 255.255.255.0 inside
http 192.168.100.0 255.255.255.0 inside
http 204.107.173.0 255.255.255.0 outside
http 204.107.173.0 255.255.255.0 outside_cable
http 0.0.0.0 0.0.0.0 outside_cable
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
crypto ipsec transform-set TRANS_ESP_3DES_SHA esp-3des esp-sha-hmac
crypto ipsec transform-set TRANS_ESP_3DES_SHA mode transport
crypto ipsec transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac
crypto ipsec transform-set ESP-DES-SHA esp-des esp-sha-hmac
crypto ipsec transform-set ESP-DES-MD5 esp-des esp-md5-hmac
crypto ipsec transform-set ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac
crypto ipsec transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac
crypto ipsec transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac
crypto ipsec transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac
crypto ipsec transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac
crypto ipsec transform-set ESP-AES-128-MD5 esp-aes esp-md5-hmac
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto ipsec security-association lifetime seconds 28800
crypto ipsec security-association lifetime kilobytes 4608000
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set pfs
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA ESP-3DES-MD5 ESP-DES-SHA ESP-DES-MD5
crypto map outside_cable_map 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP
crypto map outside_cable_map interface outside_cable
crypto map outside_map 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP
crypto map outside_map interface outside
crypto map inside_map 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP
crypto map inside_map interface inside
crypto isakmp enable inside
crypto isakmp enable outside
crypto isakmp enable outside_cable
crypto isakmp policy 10
authentication pre-share
encryption 3des
hash sha
group 2
lifetime 86400
crypto isakmp policy 30
authentication pre-share
encryption 3des
hash md5
group 2
lifetime 86400
telnet 192.168.100.0 255.255.255.0 inside
telnet timeout 5
ssh 192.168.100.0 255.255.255.0 inside
ssh 204.107.173.0 255.255.255.0 outside
ssh 204.107.173.0 255.255.255.0 outside_cable
ssh 0.0.0.0 0.0.0.0 outside_cable
ssh timeout 15
console timeout 0
vpdn group dataDSL request dialout pppoe
vpdn group dataDSL localname [email protected]
vpdn group dataDSL ppp authentication pap
vpdn username [email protected] password *********
dhcpd address 192.168.100.30-192.168.100.99 inside
dhcpd dns 192.168.100.5 68.94.156.1 interface inside
threat-detection basic-threat
threat-detection statistics port
threat-detection statistics protocol
threat-detection statistics access-list
threat-detection statistics tcp-intercept rate-interval 30 burst-rate 400 average-rate 200
webvpn
group-policy DefaultRAGroup internal
group-policy DefaultRAGroup attributes
dns-server value 192.168.100.5
vpn-tunnel-protocol IPSec l2tp-ipsec
group-policy cad_supplies_RAVPN internal
group-policy cad_supplies_RAVPN attributes
vpn-tunnel-protocol IPSec
split-tunnel-policy tunnelspecified
split-tunnel-network-list value cad_supplies_RAVPN_splitTunnelAcl
group-policy VPNPHONE internal
group-policy VPNPHONE attributes
dns-server value 192.168.100.5
vpn-tunnel-protocol IPSec
split-tunnel-policy excludespecified
split-tunnel-network-list value Local_LAN_Access
client-firewall none
client-access-rule none
username swinc password BlhBNWfh7XoeHcQC encrypted
username swinc attributes
vpn-group-policy cad_supplies_RAVPN
username meredithp password L3lRjzwb7TnwOyZ1 encrypted
username meredithp attributes
vpn-group-policy cad_supplies_RAVPN
service-type remote-access
username ipphone1 password LOjpmeIOshVdCSOU encrypted privilege 0
username ipphone1 attributes
vpn-group-policy VPNPHONE
username ipphone2 password LOjpmeIOshVdCSOU encrypted privilege 0
username ipphone2 attributes
vpn-group-policy VPNPHONE
username ipphone3 password LOjpmeIOshVdCSOU encrypted privilege 0
username ipphone3 attributes
vpn-group-policy VPNPHONE
username oethera password WKJxJq7L6wmktFNt encrypted
username oethera attributes
vpn-group-policy cad_supplies_RAVPN
service-type remote-access
username markh password nqH+bk6vj0fR83ai0SAxkg== nt-encrypted
username markh attributes
vpn-group-policy cad_supplies_RAVPN
tunnel-group DefaultRAGroup general-attributes
default-group-policy DefaultRAGroup
tunnel-group DefaultRAGroup ipsec-attributes
pre-shared-key *
tunnel-group DefaultRAGroup ppp-attributes
authentication ms-chap-v2
tunnel-group cad_supplies_RAVPN type remote-access
tunnel-group cad_supplies_RAVPN general-attributes
address-pool VPN_IP_range
default-group-policy cad_supplies_RAVPN
tunnel-group cad_supplies_RAVPN ipsec-attributes
pre-shared-key *
tunnel-group VPNPHONE type remote-access
tunnel-group VPNPHONE general-attributes
address-pool VPN_Phone
default-group-policy VPNPHONE
tunnel-group VPNPHONE ipsec-attributes
pre-shared-key *
class-map inspection_default
match default-inspection-traffic
policy-map type inspect dns preset_dns_map
parameters
message-length maximum 1500
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect h323 h225
inspect h323 ras
inspect rsh
inspect rtsp
inspect sqlnet
inspect skinny
inspect sunrpc
inspect xdmcp
inspect sip
inspect netbios
inspect tftp
service-policy global_policy global
prompt hostname context
Cryptochecksum:8b25ecc61861a2baa6d2556a3679cc7c
: endHi,
You have your "group-policy" set so that you have excluding some networks from being tunneled.
In this access-list named Local_LAN_Access you specify "0.0.0.0"
Doesnt this mean you are excluding all networks from being tunneled? In other words no traffic goes to your tunnel.
This access-list should only contain your local LAN network from where you are connecting with the VPN Client. If you dont need to access anything on your local LAN while having the VPN on, you don't even need this setting on. You could just tunnel all traffic instead of excluding some networks.
- Jouni -
Hello,
When I try to install the client on the site server itself it gives me this error message and fails the ccmsetup. I only have this on the site server. Clients to other servers and computers are pushed fine. If I check the version of the MP it says 5.00.7958.1000
in ADSI. I removed the MP object in CN=System, CN=System Management. Waited for it to be regenerated automatically by SCCM but the installation doesn't work still.
I tried to install with several methods including directly from ccmsetup.exe in ccmsetup folder, pushing by sccm itself, running from commandline, ...
I run SCCM 2012 R2 on Windows Server 2008 R2 and the database on SQL 2008 on Server 2008 R2
Below you find the ccmsetup.log:
<![LOG[==========[ ccmsetup started in process 5072 ]==========]LOG]!><time="07:29:25.392-120" date="04-17-2014" component="ccmsetup" context="" type="1" thread="7532" file="ccmsetup.cpp:9437">
<![LOG[Running on platform X64]LOG]!><time="07:29:25.393-120" date="04-17-2014" component="ccmsetup" context="" type="1" thread="7532" file="util.cpp:1837">
<![LOG[Updated security on object C:\Windows\ccmsetup\cache\.]LOG]!><time="07:29:25.394-120" date="04-17-2014" component="ccmsetup" context="" type="0" thread="7532" file="ccmsetup.cpp:9281">
<![LOG[Launch from folder C:\Windows\ccmsetup\]LOG]!><time="07:29:25.394-120" date="04-17-2014" component="ccmsetup" context="" type="1" thread="7532" file="ccmsetup.cpp:721">
<![LOG[CcmSetup version: 5.0.7958.1000]LOG]!><time="07:29:25.395-120" date="04-17-2014" component="ccmsetup" context="" type="1" thread="7532" file="ccmsetup.cpp:727">
<![LOG[In ServiceMain]LOG]!><time="07:29:25.397-120" date="04-17-2014" component="ccmsetup" context="" type="0" thread="2724" file="ccmsetup.cpp:3365">
<![LOG[Running on 'Microsoft Windows Server 2008 R2 Enterprise ' (6.1.7601). Service Pack (1.0). SuiteMask = 274. Product Type = 18]LOG]!><time="07:29:25.490-120" date="04-17-2014" component="ccmsetup" context="" type="1" thread="2724" file="util.cpp:1919">
<![LOG[Ccmsetup command line: "C:\Windows\ccmsetup\ccmsetup.exe" /runservice /config:MobileClient.tcf]LOG]!><time="07:29:25.491-120" date="04-17-2014" component="ccmsetup" context="" type="1" thread="2724" file="ccmsetup.cpp:3590">
<![LOG[Command line parameters for ccmsetup have been specified. No registry lookup for command line parameters is required.]LOG]!><time="07:29:25.491-120" date="04-17-2014" component="ccmsetup" context="" type="1" thread="2724" file="ccmsetup.cpp:3775">
<![LOG[Command line: "C:\Windows\ccmsetup\ccmsetup.exe" /runservice /config:MobileClient.tcf]LOG]!><time="07:29:25.491-120" date="04-17-2014" component="ccmsetup" context="" type="1" thread="2724" file="ccmsetup.cpp:3776">
<![LOG[SslState value: 224]LOG]!><time="07:29:25.499-120" date="04-17-2014" component="ccmsetup" context="" type="0" thread="2724" file="ccmsetup.cpp:4425">
<![LOG[CCMHTTPPORT: 80]LOG]!><time="07:29:25.511-120" date="04-17-2014" component="ccmsetup" context="" type="1" thread="2724" file="ccmsetup.cpp:8617">
<![LOG[CCMHTTPSPORT: 443]LOG]!><time="07:29:25.511-120" date="04-17-2014" component="ccmsetup" context="" type="1" thread="2724" file="ccmsetup.cpp:8632">
<![LOG[CCMHTTPSSTATE: 224]LOG]!><time="07:29:25.511-120" date="04-17-2014" component="ccmsetup" context="" type="1" thread="2724" file="ccmsetup.cpp:8650">
<![LOG[CCMHTTPSCERTNAME: ]LOG]!><time="07:29:25.511-120" date="04-17-2014" component="ccmsetup" context="" type="1" thread="2724" file="ccmsetup.cpp:8668">
<![LOG[FSP: SCCMSRV-02]LOG]!><time="07:29:25.511-120" date="04-17-2014" component="ccmsetup" context="" type="1" thread="2724" file="ccmsetup.cpp:8720">
<![LOG[CCMFIRSTCERT: 1]LOG]!><time="07:29:25.511-120" date="04-17-2014" component="ccmsetup" context="" type="1" thread="2724" file="ccmsetup.cpp:8778">
<![LOG[Config file: C:\Windows\ccmsetup\MobileClientUnicode.tcf]LOG]!><time="07:29:25.513-120" date="04-17-2014" component="ccmsetup" context="" type="1" thread="2724" file="ccmsetup.cpp:4539">
<![LOG[Retry time: 10 minute(s)]LOG]!><time="07:29:25.513-120" date="04-17-2014" component="ccmsetup" context="" type="1" thread="2724" file="ccmsetup.cpp:4540">
<![LOG[MSI log file: C:\Windows\ccmsetup\Logs\client.msi.log]LOG]!><time="07:29:25.513-120" date="04-17-2014" component="ccmsetup" context="" type="1" thread="2724" file="ccmsetup.cpp:4541">
<![LOG[MSI properties: INSTALL="ALL" SMSSITECODE="ZAV" FSP="SCCMSRV-02" DISABLESITEOPT="TRUE" SMSCACHEDIR="CACHE" SMSCACHEFLAGS="MAXDRIVE" SMSCACHESIZE="20000" CCMHTTPPORT="80" CCMHTTPSPORT="443" CCMHTTPSSTATE="224" CCMFIRSTCERT="1"]LOG]!><time="07:29:25.514-120" date="04-17-2014" component="ccmsetup" context="" type="1" thread="2724" file="ccmsetup.cpp:4542">
<![LOG[Source List:]LOG]!><time="07:29:25.514-120" date="04-17-2014" component="ccmsetup" context="" type="1" thread="2724" file="ccmsetup.cpp:4550">
<![LOG[ \\SCCMSRV-02.snba.be\SMSClient]LOG]!><time="07:29:25.514-120" date="04-17-2014" component="ccmsetup" context="" type="1" thread="2724" file="ccmsetup.cpp:4557">
<![LOG[ \\SCCMSRV-02.SNBA.BE\SMSClient]LOG]!><time="07:29:25.514-120" date="04-17-2014" component="ccmsetup" context="" type="1" thread="2724" file="ccmsetup.cpp:4566">
<![LOG[MPs:]LOG]!><time="07:29:25.514-120" date="04-17-2014" component="ccmsetup" context="" type="1" thread="2724" file="ccmsetup.cpp:4569">
<![LOG[ SCCMSRV-02.snba.be]LOG]!><time="07:29:25.514-120" date="04-17-2014" component="ccmsetup" context="" type="1" thread="2724" file="ccmsetup.cpp:4584">
<![LOG[No version of the client is currently detected.]LOG]!><time="07:29:25.520-120" date="04-17-2014" component="ccmsetup" context="" type="1" thread="2724" file="ccmsetup.cpp:2748">
<![LOG[Task 'Configuration Manager Client Retry Task' does not exist]LOG]!><time="07:29:25.525-120" date="04-17-2014" component="ccmsetup" context="" type="0" thread="2724" file="wintask.cpp:634">
<![LOG[Updated security on object C:\Windows\ccmsetup\.]LOG]!><time="07:29:25.529-120" date="04-17-2014" component="ccmsetup" context="" type="0" thread="2724" file="ccmsetup.cpp:9281">
<![LOG[Sending Fallback Status Point message to 'SCCMSRV-02', STATEID='100'.]LOG]!><time="07:29:25.530-120" date="04-17-2014" component="ccmsetup" context="" type="1" thread="2724" file="ccmsetup.cpp:9756">
<![LOG[Failed to get client version for sending messages to FSP. Error 0x80041010]LOG]!><time="07:29:25.534-120" date="04-17-2014" component="ccmsetup" context="" type="2" thread="2724" file="ccmsetup.cpp:9838">
<![LOG[Params to send FSP message '5.0.7958.1000 Deployment ']LOG]!><time="07:29:25.535-120" date="04-17-2014" component="ccmsetup" context="" type="0" thread="2724" file="ccmsetup.cpp:9887">
<![LOG[State message with TopicType 800 and TopicId {C6441082-A993-4410-9F89-D4CCB6624ED0} has been sent to the FSP]LOG]!><time="07:29:25.676-120" date="04-17-2014" component="FSPStateMessage" context="" type="1" thread="2724" file="fsputillib.cpp:752">
<![LOG[Running as user "SYSTEM"]LOG]!><time="07:29:25.693-120" date="04-17-2014" component="ccmsetup" context="" type="1" thread="2724" file="ccmsetup.cpp:1995">
<![LOG[Detected 20167 MB free disk space on system drive.]LOG]!><time="07:29:25.693-120" date="04-17-2014" component="ccmsetup" context="" type="1" thread="2724" file="util.cpp:628">
<![LOG[Checking Write Filter Status.]LOG]!><time="07:29:25.694-120" date="04-17-2014" component="ccmsetup" context="" type="1" thread="2724" file="ccmsetup.cpp:2024">
<![LOG[This is not a supported write filter device. We are not in a write filter maintenance mode.]LOG]!><time="07:29:25.694-120" date="04-17-2014" component="ccmsetup" context="" type="1" thread="2724" file="ccmsetup.cpp:2051">
<![LOG[Performing AD query: '(&(ObjectCategory=mSSMSManagementPoint)(mSSMSDefaultMP=TRUE)(mSSMSSiteCode=ZAV))']LOG]!><time="07:29:25.716-120" date="04-17-2014" component="ccmsetup" context="" type="0" thread="2724" file="lsad.cpp:656">
<![LOG[OperationalXml '<ClientOperationalSettings><Version>5.00.7958.1000</Version><SecurityConfiguration><SecurityModeMask>0</SecurityModeMask><SecurityModeMaskEx>224</SecurityModeMaskEx><HTTPPort>80</HTTPPort><HTTPSPort>443</HTTPSPort><CertificateStoreName></CertificateStoreName><CertificateIssuers></CertificateIssuers><CertificateSelectionCriteria></CertificateSelectionCriteria><CertificateSelectFirstFlag>1</CertificateSelectFirstFlag><SiteSigningCert>308202EF308201D7A00302010202102F8856AD510DC3AB4F4908160FC3185E300D06092A864886F70D01010B05003016311430120603550403130B53697465205365727665723020170D3133303830373134323233325A180F32313133303731353134323233325A3016311430120603550403130B536974652053657276657230820122300D06092A864886F70D01010105000382010F003082010A0282010100DDAAEB161F4ACB759E0E56C6F784F3BEDD4DA0303B40657298A41D7F9714E112CC80272A238E605DADD2D409658211D40590BD92D0DFE4E50E8F5AF482BF747E8D00636C41F7F939EF53FA6581B173A15BE25BC24DB9E3620D78612650415DF862AFA17F75128A601A011358B27CFB9989EEBD128485F167A5E378A0A3A106DEE3DD6CE7C5804B0BA3724C4455D2EA8D646B47D989AFC7D2BACC6AD0E62FA0D6B338C2CD3B5879B4794F5D29A89ADC93489E43237E4C3BA30F645F4E4FE0E3B562ABCFC73F52C33B7D179DD10888D2EB00F6F4E121009F1CB80BCF4FA0F5CAA5BA167AE7DC0A767BC3C9031A95A42C791B100D7F15144B4FE5AC104C2BEB3EAB0203010001A3373035301D0603551D110416301482125343434D5352562D30322E736E62612E626530140603551D25040D300B06092B060104018237650B300D06092A864886F70D01010B050003820101004802B9C3A3A9EA0DB5C6624F9152C60CA38F2857691234B5FE13DDED32DB3BADF4C847F5EA097DB9918537F40A94D56A06364775E62B9F75C51189BC510EE8F2848B264C41A4E941C9CD996BEF70B9F72345BEB05F39B87BF88B3A461333BD61CD50E6E16B15709D58B78A7B385E914DF2C7949AA5BEEFC8199D69CD6DCA312DBCFE64AC43D6F13B80FED4967447532E1A65F5E0588CA7246B417DD8530E28E3DAD170F71C00B6D79645EC49332CD9F8815DB65AAB441E6C41F72C37F432E5B5E23065B6D308486C398F340B1FF2361F3C342A50EA9A02D01138BACEDCFA0E7FAA681C1FC6157797171A0593EA0ACE0BD7BBBEB26E2F34FFD461210C76669FE1</SiteSigningCert></SecurityConfiguration><RootSiteCode>ZAV</RootSiteCode><CCM> <CommandLine>SMSSITECODE=ZAV FSP=SCCMSRV-02 DISABLESITEOPT=True SMSCACHEDIR=Cache SMSCACHEFLAGS=MAXDRIVE SMSCACHESIZE=20000</CommandLine> </CCM><FSP> <FSPServer>SCCMSRV-02.snba.be</FSPServer> </FSP><Capabilities SchemaVersion ="1.0"><Property Name="SSLState" Value="0" /></Capabilities><Domain Value="snba.be" /><Forest Value="snba.be" /></ClientOperationalSettings>']LOG]!><time="07:29:26.401-120" date="04-17-2014" component="ccmsetup" context="" type="0" thread="2724" file="lsadcache.cpp:236">
<![LOG[HTTP is selected for Client. The current state is 0.]LOG]!><time="07:29:26.403-120" date="04-17-2014" component="ccmsetup" context="" type="1" thread="2724" file="ccmutillib.cpp:420">
<![LOG[The MP name retrieved is 'SCCMSRV-02.snba.be' with version '7958' and capabilities '<Capabilities SchemaVersion="1.0"><Property Name="SSLState" Value="0"/></Capabilities>']LOG]!><time="07:29:26.404-120" date="04-17-2014" component="ccmsetup" context="" type="1" thread="2724" file="lsadcache.cpp:334">
<![LOG[MP 'SCCMSRV-02.snba.be' is compatible]LOG]!><time="07:29:26.404-120" date="04-17-2014" component="ccmsetup" context="" type="1" thread="2724" file="lsadcache.cpp:339">
<![LOG[Retrieved 1 MP records from AD for site 'ZAV']LOG]!><time="07:29:26.404-120" date="04-17-2014" component="ccmsetup" context="" type="0" thread="2724" file="lsadcache.cpp:287">
<![LOG[Retrived site version '5.00.7958.1000' from AD for site 'ZAV']LOG]!><time="07:29:26.405-120" date="04-17-2014" component="ccmsetup" context="" type="1" thread="2724" file="siteinfo.cpp:575">
<![LOG[SiteCode: ZAV]LOG]!><time="07:29:26.405-120" date="04-17-2014" component="ccmsetup" context="" type="1" thread="2724" file="ccmsetup.cpp:2076">
<![LOG[SiteVersion: 5.00.7958.1000]LOG]!><time="07:29:26.406-120" date="04-17-2014" component="ccmsetup" context="" type="1" thread="2724" file="ccmsetup.cpp:2077">
<![LOG[Ccmsetup is being restarted due to an administrative action. Installation files will be reset and downloaded again.]LOG]!><time="07:29:26.406-120" date="04-17-2014" component="ccmsetup" context="" type="1" thread="2724" file="ccmsetup.cpp:2111">
<![LOG[Deleted file C:\Windows\ccmsetup\client.msi]LOG]!><time="07:29:26.413-120" date="04-17-2014" component="ccmsetup" context="" type="1" thread="2724" file="ccmsetup.cpp:9493">
<![LOG[Only one MP SCCMSRV-02.snba.be is specified. Use it.]LOG]!><time="07:29:26.414-120" date="04-17-2014" component="ccmsetup" context="" type="1" thread="2724" file="ccmsetup.cpp:10080">
<![LOG[Searching for DP locations from MP(s)...]LOG]!><time="07:29:26.414-120" date="04-17-2014" component="ccmsetup" context="" type="1" thread="2724" file="ccmsetup.cpp:11018">
<![LOG[Current AD site of machine is DAT]LOG]!><time="07:29:26.415-120" date="04-17-2014" component="LocationServices" context="" type="1" thread="2724" file="lsad.cpp:770">
<![LOG[Local Machine is joined to an AD domain]LOG]!><time="07:29:26.415-120" date="04-17-2014" component="LocationServices" context="" type="0" thread="2724" file="lsad.cpp:714">
<![LOG[Current AD forest name is snba.be, domain name is snba.be]LOG]!><time="07:29:26.419-120" date="04-17-2014" component="LocationServices" context="" type="1" thread="2724" file="lsad.cpp:842">
<![LOG[DhcpGetOriginalSubnetMask entry point is supported.]LOG]!><time="07:29:26.424-120" date="04-17-2014" component="LocationServices" context="" type="0" thread="2724" file="ccmiputil.cpp:117">
<![LOG[Begin checking Alternate Network Configuration]LOG]!><time="07:29:26.424-120" date="04-17-2014" component="LocationServices" context="" type="0" thread="2724" file="ccmiputil.cpp:1095">
<![LOG[Finished checking Alternate Network Configuration]LOG]!><time="07:29:26.433-120" date="04-17-2014" component="LocationServices" context="" type="0" thread="2724" file="ccmiputil.cpp:1172">
<![LOG[Sending message body '<ContentLocationRequest SchemaVersion="1.00">
<AssignedSite SiteCode="ZAV"/>
<ClientPackage/>
<ClientLocationInfo LocationType="SMSPACKAGE" DistributeOnDemand="0" UseProtected="0" AllowCaching="0" BranchDPFlags="0" AllowHTTP="1" AllowSMB="0" AllowMulticast="0" UseInternetDP="0">
<ADSite Name="DAT"/>
<Forest Name="snba.be"/>
<Domain Name="snba.be"/>
<IPAddresses>
<IPAddress SubnetAddress="172.31.20.0" Address="172.31.20.101"/>
<IPAddress SubnetAddress="172.31.105.0" Address="172.31.105.17"/>
<IPAddress SubnetAddress="172.31.109.0" Address="172.31.109.135"/>
</IPAddresses>
</ClientLocationInfo>
</ContentLocationRequest>
']LOG]!><time="07:29:26.441-120" date="04-17-2014" component="ccmsetup" context="" type="0" thread="2724" file="siteinfo.cpp:96">
<![LOG[Sending message header '<Msg SchemaVersion="1.1"><ID>{76CC1A6C-D696-4C32-82D6-4F56FCA9E926}</ID><SourceHost>SCCMSRV-02</SourceHost><TargetAddress>mp:[http]MP_LocationManager</TargetAddress><ReplyTo>direct:SCCMSRV-02:LS_ReplyLocations</ReplyTo><Priority>3</Priority><Timeout>600</Timeout><ReqVersion>5931</ReqVersion><TargetHost>SCCMSRV-02.snba.be</TargetHost><TargetEndpoint>MP_LocationManager</TargetEndpoint><ReplyMode>Sync</ReplyMode><Protocol>http</Protocol><SentTime>2014-04-17T05:29:26Z</SentTime><Body Type="ByteRange" Offset="0" Length="1338"/><Hooks><Hook3 Name="zlib-compress"/></Hooks><Payload Type="inline"/></Msg>']LOG]!><time="07:29:26.441-120" date="04-17-2014" component="ccmsetup" context="" type="0" thread="2724" file="siteinfo.cpp:177">
<![LOG[CCM_POST 'HTTP://SCCMSRV-02.snba.be/ccm_system/request']LOG]!><time="07:29:26.442-120" date="04-17-2014" component="ccmsetup" context="" type="1" thread="2724" file="httphelper.cpp:807">
<![LOG[Content boundary is '--aAbBcCdDv1234567890VxXyYzZ']LOG]!><time="07:29:27.999-120" date="04-17-2014" component="ccmsetup" context="" type="0" thread="2724" file="httphelper.cpp:1972">
<![LOG[Received header '<Msg SchemaVersion="1.1">
<ID>{431A4120-7DA1-4EF2-8A6C-2EDEF4D9E169}</ID>
<SourceID>GUID:1C3F455F-F166-4B50-BE8E-68FD4F565096</SourceID>
<SourceHost>SCCMSRV-02</SourceHost>
<TargetAddress>direct:SCCMSRV-02:LS_ReplyLocations</TargetAddress>
<ReplyTo>MP_LocationManager</ReplyTo>
<CorrelationID>{00000000-0000-0000-0000-000000000000}</CorrelationID>
<Priority>3</Priority>
<Timeout>600</Timeout>
<TargetHost>SCCMSRV-02</TargetHost><TargetEndpoint>LS_ReplyLocations</TargetEndpoint><ReplyMode>Sync</ReplyMode><Protocol>http</Protocol><SentTime>2014-04-17T05:29:27Z</SentTime><Body Type="ByteRange" Offset="0" Length="2504"/><Hooks><Hook3 Name="zlib-compress"/><Hook Name="authenticate"><Property Name="Signature">3082019206092A864886F70D010702A08201833082017F020101310B300906052B0E03021A0500300B06092A864886F70D0107013182015E3082015A02010130373023311330110603550403130A5343434D5352562D3032310C300A06035504031303534D5302104BA58C43C476A39E491A7F539E935ED8300906052B0E03021A0500300D06092A864886F70D010101050004820100B7018B6C14F24335592C864FDFAC6E038A9B2AC9AF3819C692F3DE515F97BF701A47E8595CE6CAD80F209EFFF3B1009F5AE60858FA6839B32C36FF9514D291895613A1A447C27E2BB8B05D71775FF770FF962DCC98AD3FC0DE0D45DD6BC16C9BAB0F697EF098FFC99228E26C52E661D3F6C929FEF527383DEBFA9C15027C58BAF8A7FFE4205C0198A9163E86535716E344D5012887A6AD8F563F2528DE6BD62BF2BF20DFDA4DA061EF57E755178827DAD0CB6CFC65FF4AB235E5EAAFBA565DC1B6E4AE7C093199B95CFE792F5FA6D0625D0938DC4EAF1BE70E708864B1E79B00FB32A1E6E37CF94FF54AC10C7FF994B5945E9CA1A3FA16B2F9D35462AFFAC001</Property><Property Name="AuthSenderMachine">SCCMSRV-02;SCCMSRV-02.snba.be;</Property><Property Name="MPSiteCode">ZAV</Property></Hook></Hooks><Payload Type="inline"/></Msg>']LOG]!><time="07:29:27.999-120" date="04-17-2014" component="ccmsetup" context="" type="0" thread="2724" file="httphelper.cpp:1724">
<![LOG[Received reply body '<ContentLocationReply SchemaVersion="1.00"><ContentInfo PackageFlags="16777216"><ContentHashValues/></ContentInfo><Sites><Site><MPSite SiteCode="ZAV" MasterSiteCode="ZAV" SiteLocality="LOCAL" IISPreferedPort="80" IISSSLPreferedPort="443"/><LocationRecords><LocationRecord><URL Name="http://SCCMSRV-02.snba.be/SMS_DP_SMSPKG$/ZAV00114" Signature="http://SCCMSRV-02.snba.be/SMS_DP_SMSSIG$/ZAV00114"/><ADSite Name="DAT"/><IPSubnets><IPSubnet Address="172.31.20.0"/><IPSubnet Address="172.31.109.0"/><IPSubnet Address="172.31.105.0"/><IPSubnet Address=""/></IPSubnets><Metric Value=""/><Version>7958</Version><Capabilities SchemaVersion="1.0"><Property Name="SSLState" Value="0"/></Capabilities><ServerRemoteName>SCCMSRV-02.snba.be</ServerRemoteName><DPType>SERVER</DPType><Windows Trust="1"/><Locality>LOCAL</Locality></LocationRecord></LocationRecords></Site></Sites><ClientPackage FullPackageID="ZAV00114" FullPackageVersion="1" FullPackageHash="BFC11E099E8F451107B43E0DBEFD93B01DB2D6453DA74F8A2CB94B73D676C1CD" MinimumClientVersion="5.00.7958.1000" RandomizeMaxDays="7" ProgramEnabled="false" LastModifiedTime="30357216;2152392064" SiteVersionMatch="true" SiteVersion="5.00.7958.1000" EnablePeerCache="true"/><RelatedContentIDs/></ContentLocationReply>']LOG]!><time="07:29:28.000-120" date="04-17-2014" component="ccmsetup" context="" type="0" thread="2724" file="siteinfo.cpp:221">
<![LOG[Found local location 'http://SCCMSRV-02.snba.be/SMS_DP_SMSPKG$/ZAV00114']LOG]!><time="07:29:28.001-120" date="04-17-2014" component="ccmsetup" context="" type="0" thread="2724" file="siteinfo.cpp:351">
<![LOG[Discovered 1 local DP locations.]LOG]!><time="07:29:28.002-120" date="04-17-2014" component="ccmsetup" context="" type="1" thread="2724" file="ccmsetup.cpp:11153">
<![LOG[PROPFIND 'http://SCCMSRV-02.snba.be/SMS_DP_SMSPKG$/ZAV00114']LOG]!><time="07:29:28.002-120" date="04-17-2014" component="ccmsetup" context="" type="1" thread="2724" file="httphelper.cpp:807">
<![LOG[Using DP location http://SCCMSRV-02.snba.be/SMS_DP_SMSPKG$/ZAV00114]LOG]!><time="07:29:28.009-120" date="04-17-2014" component="ccmsetup" context="" type="1" thread="2724" file="ccmsetup.cpp:11395">
<![LOG[GET 'http://SCCMSRV-02.snba.be/SMS_DP_SMSPKG$/ZAV00114/ccmsetup.cab']LOG]!><time="07:29:28.009-120" date="04-17-2014" component="ccmsetup" context="" type="1" thread="2724" file="httphelper.cpp:807">
<![LOG[C:\Windows\ccmsetup\ccmsetup.cab is Microsoft trusted.]LOG]!><time="07:29:28.090-120" date="04-17-2014" component="ccmsetup" context="" type="1" thread="2724" file="util.cpp:1465">
<![LOG[Successfully extracted manifest file C:\Windows\ccmsetup\ccmsetup.xml from file C:\Windows\ccmsetup\ccmsetup.cab.]LOG]!><time="07:29:28.101-120" date="04-17-2014" component="ccmsetup" context="" type="1" thread="2724" file="ccmsetup.cpp:6670">
<![LOG[Retrieved client version '5.00.7958.1000' and minimum assignable site version '5.00.7845.1000' from manifest]LOG]!><time="07:29:28.104-120" date="04-17-2014" component="ccmsetup" context="" type="0" thread="2724" file="siteinfo.cpp:668">
<![LOG[Checking compatibility of site version '5.00.7958.1000', expect newer than '5.00.7845.1000']LOG]!><time="07:29:28.104-120" date="04-17-2014" component="ccmsetup" context="" type="1" thread="2724" file="siteinfo.cpp:703">
<![LOG[Site version '5.00.7958.1000' is compatible. Client deployment will continue.]LOG]!><time="07:29:28.104-120" date="04-17-2014" component="ccmsetup" context="" type="1" thread="2724" file="siteinfo.cpp:726">
<![LOG[Location 'http://SCCMSRV-02.snba.be/SMS_DP_SMSPKG$/ZAV00114' passed site version check.]LOG]!><time="07:29:28.104-120" date="04-17-2014" component="ccmsetup" context="" type="1" thread="2724" file="ccmsetup.cpp:6809">
<![LOG[Loading manifest file: C:\Windows\ccmsetup\ccmsetup.xml]LOG]!><time="07:29:28.104-120" date="04-17-2014" component="ccmsetup" context="" type="1" thread="2724" file="manifest.cpp:153">
<![LOG[Successfully loaded ccmsetup manifest file.]LOG]!><time="07:29:28.106-120" date="04-17-2014" component="ccmsetup" context="" type="1" thread="2724" file="manifest.cpp:171">
<![LOG[Checking if manifest version '5.00.7958.1000' is newer than the ccmsetup version '5.0.7958.1000']LOG]!><time="07:29:28.106-120" date="04-17-2014" component="ccmsetup" context="" type="1" thread="2724" file="ccmsetup.cpp:10475">
<![LOG[Running from temp downloaded folder or manifest is not newer than ccmsetup.]LOG]!><time="07:29:28.107-120" date="04-17-2014" component="ccmsetup" context="" type="1" thread="2724" file="ccmsetup.cpp:2213">
<![LOG[Item 'i386/vcredist_x86.exe' is applicable. Add to the list.]LOG]!><time="07:29:28.212-120" date="04-17-2014" component="ccmsetup" context="" type="1" thread="2724" file="manifest.cpp:343">
<![LOG[Item 'x64/vcredist_x64.exe' is applicable. Add to the list.]LOG]!><time="07:29:28.269-120" date="04-17-2014" component="ccmsetup" context="" type="1" thread="2724" file="manifest.cpp:343">
<![LOG[Item 'i386/vc50727_x86.exe' is not applicable.]LOG]!><time="07:29:28.269-120" date="04-17-2014" component="ccmsetup" context="" type="1" thread="2724" file="manifest.cpp:348">
<![LOG[Item 'x64/vc50727_x64.exe' is applicable. Add to the list.]LOG]!><time="07:29:28.325-120" date="04-17-2014" component="ccmsetup" context="" type="1" thread="2724" file="manifest.cpp:343">
<![LOG[Item 'i386/WindowsUpdateAgent30-x86.exe' is not applicable.]LOG]!><time="07:29:28.325-120" date="04-17-2014" component="ccmsetup" context="" type="1" thread="2724" file="manifest.cpp:348">
<![LOG[Item 'x64/WindowsUpdateAgent30-x64.exe' is applicable. Add to the list.]LOG]!><time="07:29:28.380-120" date="04-17-2014" component="ccmsetup" context="" type="1" thread="2724" file="manifest.cpp:343">
<![LOG[Item 'i386/msxml6.msi' is not applicable.]LOG]!><time="07:29:28.380-120" date="04-17-2014" component="ccmsetup" context="" type="1" thread="2724" file="manifest.cpp:348">
<![LOG[Item 'x64/msxml6_x64.msi' is applicable. Add to the list.]LOG]!><time="07:29:28.433-120" date="04-17-2014" component="ccmsetup" context="" type="1" thread="2724" file="manifest.cpp:343">
<![LOG[Item 'i386/msrdcoob_x86.exe' is not applicable.]LOG]!><time="07:29:28.433-120" date="04-17-2014" component="ccmsetup" context="" type="1" thread="2724" file="manifest.cpp:348">
<![LOG[Item 'x64/msrdcoob_amd64.exe' is not applicable.]LOG]!><time="07:29:28.434-120" date="04-17-2014" component="ccmsetup" context="" type="1" thread="2724" file="manifest.cpp:348">
<![LOG[Item 'pkgmgr.exe' is not applicable.]LOG]!><time="07:29:28.434-120" date="04-17-2014" component="ccmsetup" context="" type="1" thread="2724" file="manifest.cpp:348">
<![LOG[Item 'dism.exe' is applicable. Add to the list.]LOG]!><time="07:29:28.504-120" date="04-17-2014" component="ccmsetup" context="" type="1" thread="2724" file="manifest.cpp:343">
<![LOG[Item 'wimgapi.msi' is not applicable.]LOG]!><time="07:29:28.504-120" date="04-17-2014" component="ccmsetup" context="" type="1" thread="2724" file="manifest.cpp:348">
<![LOG[Item 'i386/MicrosoftPolicyPlatformSetup.msi' is not applicable.]LOG]!><time="07:29:28.504-120" date="04-17-2014" component="ccmsetup" context="" type="1" thread="2724" file="manifest.cpp:348">
<![LOG[Item 'x64/MicrosoftPolicyPlatformSetup.msi' is applicable. Add to the list.]LOG]!><time="07:29:28.560-120" date="04-17-2014" component="ccmsetup" context="" type="1" thread="2724" file="manifest.cpp:343">
<![LOG[Item 'i386/WindowsFirewallConfigurationProvider.msi' is not applicable.]LOG]!><time="07:29:28.561-120" date="04-17-2014" component="ccmsetup" context="" type="1" thread="2724" file="manifest.cpp:348">
<![LOG[Item 'x64/WindowsFirewallConfigurationProvider.msi' is applicable. Add to the list.]LOG]!><time="07:29:28.615-120" date="04-17-2014" component="ccmsetup" context="" type="1" thread="2724" file="manifest.cpp:343">
<![LOG[Item 'i386/Silverlight.exe' is applicable. Add to the list.]LOG]!><time="07:29:28.670-120" date="04-17-2014" component="ccmsetup" context="" type="1" thread="2724" file="manifest.cpp:343">
<![LOG[Item 'i386/wic_x86_enu.exe' is not applicable.]LOG]!><time="07:29:28.670-120" date="04-17-2014" component="ccmsetup" context="" type="1" thread="2724" file="manifest.cpp:348">
<![LOG[Item 'x64/wic_x64_enu.exe' is not applicable.]LOG]!><time="07:29:28.670-120" date="04-17-2014" component="ccmsetup" context="" type="1" thread="2724" file="manifest.cpp:348">
<![LOG[Item 'i386/dotNetFx40_Client_x86_x64.exe' is applicable. Add to the list.]LOG]!><time="07:29:28.723-120" date="04-17-2014" component="ccmsetup" context="" type="1" thread="2724" file="manifest.cpp:343">
<![LOG[Item 'SCEPInstall.exe' is applicable. Add to the list.]LOG]!><time="07:29:28.779-120" date="04-17-2014" component="ccmsetup" context="" type="1" thread="2724" file="manifest.cpp:343">
<![LOG[Item 'i386/client.msi' is not applicable.]LOG]!><time="07:29:28.779-120" date="04-17-2014" component="ccmsetup" context="" type="1" thread="2724" file="manifest.cpp:348">
<![LOG[Item 'x64/client.msi' is applicable. Add to the list.]LOG]!><time="07:29:28.841-120" date="04-17-2014" component="ccmsetup" context="" type="1" thread="2724" file="manifest.cpp:343">
<![LOG[Default CSP is Microsoft Enhanced RSA and AES Cryptographic Provider]LOG]!><time="07:29:28.842-120" date="04-17-2014" component="ccmsetup" context="" type="0" thread="2724" file="ccmutillib.cpp:1363">
<![LOG[Default CSP Type is 24]LOG]!><time="07:29:28.842-120" date="04-17-2014" component="ccmsetup" context="" type="0" thread="2724" file="ccmutillib.cpp:1364">
<![LOG[Discovering whether item 'i386/vcredist_x86.exe' exists.]LOG]!><time="07:29:28.842-120" date="04-17-2014" component="ccmsetup" context="" type="1" thread="2724" file="manifest.cpp:553">
<![LOG[Detected item 'i386/vcredist_x86.exe']LOG]!><time="07:29:28.842-120" date="04-17-2014" component="ccmsetup" context="" type="1" thread="2724" file="manifest.cpp:614">
<![LOG[Discovering whether item 'x64/vcredist_x64.exe' exists.]LOG]!><time="07:29:28.842-120" date="04-17-2014" component="ccmsetup" context="" type="1" thread="2724" file="manifest.cpp:553">
<![LOG[Detected item 'x64/vcredist_x64.exe']LOG]!><time="07:29:28.843-120" date="04-17-2014" component="ccmsetup" context="" type="1" thread="2724" file="manifest.cpp:614">
<![LOG[Discovering whether item 'x64/vc50727_x64.exe' exists.]LOG]!><time="07:29:28.843-120" date="04-17-2014" component="ccmsetup" context="" type="1" thread="2724" file="manifest.cpp:553">
<![LOG[Upgrade code '{A8D19029-8E5C-4E22-8011-48070F9E796E}': product = '{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}', installed = 1, version = 8.0.61000]LOG]!><time="07:29:28.843-120" date="04-17-2014" component="ccmsetup" context="" type="0" thread="2724" file="msiutil.cpp:1273">
<![LOG[Checking '{A8D19029-8E5C-4E22-8011-48070F9E796E}' version '8.0.61000' expecting >= '8.0.61000'.]LOG]!><time="07:29:28.844-120" date="04-17-2014" component="ccmsetup" context="" type="0" thread="2724" file="manifest.cpp:873">
<![LOG[Detected item 'x64/vc50727_x64.exe']LOG]!><time="07:29:28.844-120" date="04-17-2014" component="ccmsetup" context="" type="1" thread="2724" file="manifest.cpp:614">
<![LOG[Discovering whether item 'x64/WindowsUpdateAgent30-x64.exe' exists.]LOG]!><time="07:29:28.844-120" date="04-17-2014" component="ccmsetup" context="" type="1" thread="2724" file="manifest.cpp:553">
<![LOG[Checking file 'C:\Windows\system32\wuapi.dll' version '7.6.7600.0256' expecting >= '7.4.7600.226'.]LOG]!><time="07:29:28.846-120" date="04-17-2014" component="ccmsetup" context="" type="0" thread="2724" file="manifest.cpp:1278">
<![LOG[Detected item 'x64/WindowsUpdateAgent30-x64.exe']LOG]!><time="07:29:28.846-120" date="04-17-2014" component="ccmsetup" context="" type="1" thread="2724" file="manifest.cpp:614">
<![LOG[Discovering whether item 'x64/msxml6_x64.msi' exists.]LOG]!><time="07:29:28.846-120" date="04-17-2014" component="ccmsetup" context="" type="1" thread="2724" file="manifest.cpp:553">
<![LOG[Checking file 'C:\Windows\system32\msxml6.dll' version '6.30.7601.17857' expecting >= '6.10.1129.0'.]LOG]!><time="07:29:28.847-120" date="04-17-2014" component="ccmsetup" context="" type="0" thread="2724" file="manifest.cpp:1278">
<![LOG[Detected item 'x64/msxml6_x64.msi']LOG]!><time="07:29:28.847-120" date="04-17-2014" component="ccmsetup" context="" type="1" thread="2724" file="manifest.cpp:614">
<![LOG[Discovering whether item 'dism.exe' exists.]LOG]!><time="07:29:28.847-120" date="04-17-2014" component="ccmsetup" context="" type="1" thread="2724" file="manifest.cpp:553">
<![LOG[File 'C:\Windows\system32\msrdc.dll' exists. Discovery passed]LOG]!><time="07:29:28.848-120" date="04-17-2014" component="ccmsetup" context="" type="0" thread="2724" file="manifest.cpp:1250">
<![LOG[Detected item 'dism.exe']LOG]!><time="07:29:28.848-120" date="04-17-2014" component="ccmsetup" context="" type="1" thread="2724" file="manifest.cpp:614">
<![LOG[Discovering whether item 'x64/MicrosoftPolicyPlatformSetup.msi' exists.]LOG]!><time="07:29:28.848-120" date="04-17-2014" component="ccmsetup" context="" type="1" thread="2724" file="manifest.cpp:553">
<![LOG[Upgrade code '{19B9818B-7432-49E9-BC02-B126025EE235}': product = '{90D295B8-BA08-487E-B904-0E624209A410}', installed = 1, version = 1.2.3602.0]LOG]!><time="07:29:28.849-120" date="04-17-2014" component="ccmsetup" context="" type="0" thread="2724" file="msiutil.cpp:1273">
<![LOG[Checking '{19B9818B-7432-49E9-BC02-B126025EE235}' version '1.2.3602.0' expecting >= '1.2.3602.0'.]LOG]!><time="07:29:28.849-120" date="04-17-2014" component="ccmsetup" context="" type="0" thread="2724" file="manifest.cpp:873">
<![LOG[Detected item 'x64/MicrosoftPolicyPlatformSetup.msi']LOG]!><time="07:29:28.849-120" date="04-17-2014" component="ccmsetup" context="" type="1" thread="2724" file="manifest.cpp:614">
<![LOG[Discovering whether item 'x64/WindowsFirewallConfigurationProvider.msi' exists.]LOG]!><time="07:29:28.849-120" date="04-17-2014" component="ccmsetup" context="" type="1" thread="2724" file="manifest.cpp:553">
<![LOG[Validated file 'C:\Windows\ccmsetup\WindowsFirewallConfigurationProvider.msi' hash '3BF0651FD4A01170925CEF694468D4EF6F64D76FD3413DEBD14CB8DE019AA10E']LOG]!><time="07:29:28.868-120" date="04-17-2014" component="ccmsetup" context="" type="0" thread="2724" file="util.cpp:2609">
<![LOG[File 'C:\Windows\ccmsetup\WindowsFirewallConfigurationProvider.msi' exists. Discovery passed]LOG]!><time="07:29:28.868-120" date="04-17-2014" component="ccmsetup" context="" type="0" thread="2724" file="manifest.cpp:1250">
<![LOG[Detected item 'x64/WindowsFirewallConfigurationProvider.msi']LOG]!><time="07:29:28.868-120" date="04-17-2014" component="ccmsetup" context="" type="1" thread="2724" file="manifest.cpp:614">
<![LOG[Discovering whether item 'i386/Silverlight.exe' exists.]LOG]!><time="07:29:28.869-120" date="04-17-2014" component="ccmsetup" context="" type="1" thread="2724" file="manifest.cpp:553">
<![LOG[32-bit Hive selected]LOG]!><time="07:29:28.869-120" date="04-17-2014" component="ccmsetup" context="" type="1" thread="2724" file="manifest.cpp:948">
<![LOG[Detected item 'i386/Silverlight.exe']LOG]!><time="07:29:28.869-120" date="04-17-2014" component="ccmsetup" context="" type="1" thread="2724" file="manifest.cpp:614">
<![LOG[Discovering whether item 'i386/dotNetFx40_Client_x86_x64.exe' exists.]LOG]!><time="07:29:28.869-120" date="04-17-2014" component="ccmsetup" context="" type="1" thread="2724" file="manifest.cpp:553">
<![LOG[Detected item 'i386/dotNetFx40_Client_x86_x64.exe']LOG]!><time="07:29:28.869-120" date="04-17-2014" component="ccmsetup" context="" type="1" thread="2724" file="manifest.cpp:614">
<![LOG[Discovering whether item 'SCEPInstall.exe' exists.]LOG]!><time="07:29:28.870-120" date="04-17-2014" component="ccmsetup" context="" type="1" thread="2724" file="manifest.cpp:553">
<![LOG[Validated file 'C:\Windows\ccmsetup\SCEPInstall.exe' hash 'FDDB17A148D8358B5BFBF63BBB3CDE902DCE807366081FE16B8E6042DCB47C71']LOG]!><time="07:29:29.649-120" date="04-17-2014" component="ccmsetup" context="" type="0" thread="2724" file="util.cpp:2609">
<![LOG[Checking file 'C:\Windows\ccmsetup\SCEPInstall.exe' version '4.3.0220.0000' expecting >= '4.3.220.0'.]LOG]!><time="07:29:29.651-120" date="04-17-2014" component="ccmsetup" context="" type="0" thread="2724" file="manifest.cpp:1278">
<![LOG[Detected item 'SCEPInstall.exe']LOG]!><time="07:29:29.651-120" date="04-17-2014" component="ccmsetup" context="" type="1" thread="2724" file="manifest.cpp:614">
<![LOG[Discovering whether item 'x64/client.msi' exists.]LOG]!><time="07:29:29.651-120" date="04-17-2014" component="ccmsetup" context="" type="1" thread="2724" file="manifest.cpp:553">
<![LOG[Item x64/client.msi has not been installed yet. Put to pending install list.]LOG]!><time="07:29:29.651-120" date="04-17-2014" component="ccmsetup" context="" type="1" thread="2724" file="manifest.cpp:609">
<![LOG[PROPFIND 'http://SCCMSRV-02.snba.be/SMS_DP_SMSPKG$/ZAV00114']LOG]!><time="07:29:29.651-120" date="04-17-2014" component="ccmsetup" context="" type="1" thread="2724" file="httphelper.cpp:807">
<![LOG[No client patches are detected.]LOG]!><time="07:29:29.658-120" date="04-17-2014" component="ccmsetup" context="" type="0" thread="2724" file="ccmsetup.cpp:1736">
<![LOG[PROPFIND 'http://SCCMSRV-02.snba.be/SMS_DP_SMSPKG$/ZAV00114']LOG]!><time="07:29:29.658-120" date="04-17-2014" component="ccmsetup" context="" type="1" thread="2724" file="httphelper.cpp:807">
<![LOG[No client language packs are detected.]LOG]!><time="07:29:29.664-120" date="04-17-2014" component="ccmsetup" context="" type="0" thread="2724" file="ccmsetup.cpp:1777">
<![LOG[Searching for available transform]LOG]!><time="07:29:29.665-120" date="04-17-2014" component="ccmsetup" context="" type="1" thread="2724" file="ccmsetup.cpp:1807">
<![LOG[PROPFIND 'http://SCCMSRV-02.snba.be/SMS_DP_SMSPKG$/ZAV00114']LOG]!><time="07:29:29.665-120" date="04-17-2014" component="ccmsetup" context="" type="1" thread="2724" file="httphelper.cpp:807">
<![LOG[No transform available for this locale. Installation will proceed with no transformation.]LOG]!><time="07:29:29.671-120" date="04-17-2014" component="ccmsetup" context="" type="1" thread="2724" file="ccmsetup.cpp:1892">
<![LOG[File 'C:\Windows\ccmsetup\client.msi' doesn't exist.]LOG]!><time="07:29:29.672-120" date="04-17-2014" component="ccmsetup" context="" type="2" thread="2724" file="util.cpp:2595">
<![LOG[Using branch cache option.]LOG]!><time="07:29:29.690-120" date="04-17-2014" component="ccmsetup" context="" type="1" thread="2724" file="ccmsetup.cpp:6443">
<![LOG[Adding file 'http://SCCMSRV-02.snba.be:80/SMS_DP_SMSPKG$/ZAV00114/x64/client.msi' to BITS job, saving as 'C:\Windows\ccmsetup\client.msi'.]LOG]!><time="07:29:29.690-120" date="04-17-2014" component="ccmsetup" context="" type="1" thread="2724" file="ccmsetup.cpp:6474">
<![LOG[Starting BITS download for client deployment files.]LOG]!><time="07:29:29.698-120" date="04-17-2014" component="ccmsetup" context="" type="1" thread="2724" file="ccmsetup.cpp:6487">
<![LOG[Download Update: 32616448 out of 32616448 bytes transferred.]LOG]!><time="07:29:30.700-120" date="04-17-2014" component="ccmsetup" context="" type="1" thread="2724" file="ccmsetup.cpp:6578">
<![LOG[Successfully completed BITS download for client deployment files.]LOG]!><time="07:29:32.701-120" date="04-17-2014" component="ccmsetup" context="" type="1" thread="2724" file="ccmsetup.cpp:6536">
<![LOG[Retrieved client version '5.00.7958.1000' and minimum assignable site version '5.00.7845.1000' from client package]LOG]!><time="07:29:34.020-120" date="04-17-2014" component="ccmsetup" context="" type="0" thread="2724" file="siteinfo.cpp:678">
<![LOG[Checking compatibility of site version '5.00.7958.1000', expect newer than '5.00.7845.1000']LOG]!><time="07:29:34.020-120" date="04-17-2014" component="ccmsetup" context="" type="1" thread="2724" file="siteinfo.cpp:703">
<![LOG[Site version '5.00.7958.1000' is compatible. Client deployment will continue.]LOG]!><time="07:29:34.020-120" date="04-17-2014" component="ccmsetup" context="" type="1" thread="2724" file="siteinfo.cpp:726">
<![LOG[Successfully downloaded client files via BITS.]LOG]!><time="07:29:34.020-120" date="04-17-2014" component="ccmsetup" context="" type="1" thread="2724" file="ccmsetup.cpp:1396">
<![LOG[Validated file 'C:\Windows\ccmsetup\client.msi' hash 'A5732CE24F2B1545E9FBA458971E0A5504093E0F743CA9E8BD9C047582902878']LOG]!><time="07:29:35.032-120" date="04-17-2014" component="ccmsetup" context="" type="0" thread="2724" file="util.cpp:2609">
<![LOG[An MP exists on this machine.]LOG]!><time="07:29:35.048-120" date="04-17-2014" component="ccmsetup" context="" type="1" thread="2724" file="msiutil.cpp:565">
<![LOG[The client version 5.00.7958.1000 does not match the MP version 5.00.7804.1000. The client will not be installed.]LOG]!><time="07:29:35.048-120" date="04-17-2014" component="ccmsetup" context="" type="3" thread="2724" file="msiutil.cpp:583">
<![LOG[Sending Fallback Status Point message to 'SCCMSRV-02', STATEID='318'.]LOG]!><time="07:29:35.049-120" date="04-17-2014" component="ccmsetup" context="" type="1" thread="2724" file="ccmsetup.cpp:9756">
<![LOG[Failed to get client version for sending messages to FSP. Error 0x80041010]LOG]!><time="07:29:35.054-120" date="04-17-2014" component="ccmsetup" context="" type="2" thread="2724" file="ccmsetup.cpp:9838">
<![LOG[Params to send FSP message '5.0.7958.1000 Deployment ']LOG]!><time="07:29:35.054-120" date="04-17-2014" component="ccmsetup" context="" type="0" thread="2724" file="ccmsetup.cpp:9887">
<![LOG[State message with TopicType 800 and TopicId {5FF017B3-AF3F-4D38-B037-0A7EE1F479C5} has been sent to the FSP]LOG]!><time="07:29:35.075-120" date="04-17-2014" component="FSPStateMessage" context="" type="1" thread="2724" file="fsputillib.cpp:752">
<![LOG[InstallFromManifest failed 0x80004005]LOG]!><time="07:29:35.084-120" date="04-17-2014" component="ccmsetup" context="" type="3" thread="2724" file="ccmsetup.cpp:7202">
<![LOG[CcmSetup failed with error code 0x80004005]LOG]!><time="07:29:35.086-120" date="04-17-2014" component="ccmsetup" context="" type="1" thread="7532" file="ccmsetup.cpp:10879">
I hope someone can help me with this.
Kind regardsI agree with Idan. You can easily remove the Management Point Site System role and add it again with no adverse effect. This should solve your problem.
Gerry Hampson | Blog:
www.gerryhampsoncm.blogspot.ie | LinkedIn:
Gerry Hampson | Twitter:
@gerryhampson -
SCCM 2012 R2 Configuration Manager Client Package - stuck "In Progress"
Hi Team; I’m having 2 issues with SCCM 2012 R2:
Issue 1: I'm having a strange issue with the default XXX00002 package - "Configuration Manager Client Package",
it will not deploy to the Secondary Site DP. The console is saying "In Progress" - below is the output from the
distmgr.log file.
~Package BDC00002 does not have a preferred sender.
$$<SMS_DISTRIBUTION_MANAGER><03-17-2014 16:00:23.443+240><thread=6032 (0x1790)>
~CDistributionSrcSQL::UpdateAvailableVersion PackageID=BDC00002, Version=1, Status=2301
$$<SMS_DISTRIBUTION_MANAGER><03-17-2014 16:00:23.444+240><thread=6032 (0x1790)>
~StoredPkgVersion (1) of package BDC00002. StoredPkgVersion in database is 1.
$$<SMS_DISTRIBUTION_MANAGER><03-17-2014 16:00:23.462+240><thread=6032 (0x1790)>
~SourceVersion (1) of package BDC00002. SourceVersion in database is 1.
$$<SMS_DISTRIBUTION_MANAGER><03-17-2014 16:00:23.462+240><thread=6032 (0x1790)>
~Package BDC00003 does not have a preferred sender.
$$<SMS_DISTRIBUTION_MANAGER><03-17-2014 16:00:23.443+240><thread=6092 (0x17CC)>
~CDistributionSrcSQL::UpdateAvailableVersion PackageID=BDC00003, Version=1, Status=2301
$$<SMS_DISTRIBUTION_MANAGER><03-17-2014 16:00:23.464+240><thread=6092 (0x17CC)>
STATMSG: ID=2301 SEV=I LEV=M SOURCE="SMS Server" COMP="SMS_DISTRIBUTION_MANAGER" SYS=BBK-SCCM-PRI.bbk2310.com SITE=PRI PID=2768 TID=6032 GMTDATE=Mon Mar 17 20:00:23.476 2014
ISTR0="Configuration Manager Client Package" ISTR1="BDC00002" ISTR2="" ISTR3="" ISTR4="" ISTR5="" ISTR6="" ISTR7="" ISTR8="" ISTR9="" NUMATTRS=1 AID0=400 AVAL0="BDC00002"
$$<SMS_DISTRIBUTION_MANAGER><03-17-2014 16:00:23.477+240><thread=6032 (0x1790)>
StateTable::CState::Handle - (2301:1 2014-03-17 20:00:23.476+00:00) >> (0:0 2014-02-28 16:33:45.383+00:00)
$$<SMS_DISTRIBUTION_MANAGER><03-17-2014 16:00:23.484+240><thread=6032 (0x1790)>
CStateMsgReporter::DeliverMessages - Queued message: TT=1401 TIDT=0 TID='8ACCAE01-5079-4FCD-A988-C1CD3004B698' SID=2301 MUF=0 PCNT=2, P1='PRI' P2='2014-03-17 20:00:23.476+00:00' P3='' P4=''
P5='' $$<SMS_DISTRIBUTION_MANAGER><03-17-2014 16:00:23.495+240><thread=6032 (0x1790)>
~StoredPkgVersion (1) of package BDC00003. StoredPkgVersion in database is 1.
$$<SMS_DISTRIBUTION_MANAGER><03-17-2014 16:00:23.496+240><thread=6092 (0x17CC)>
~SourceVersion (1) of package BDC00003. SourceVersion in database is 1.
$$<SMS_DISTRIBUTION_MANAGER><03-17-2014 16:00:23.497+240><thread=6092 (0x17CC)>
STATMSG: ID=2301 SEV=I LEV=M SOURCE="SMS Server" COMP="SMS_DISTRIBUTION_MANAGER" SYS=BBK-SCCM-PRI.bbk2310.com SITE=PRI PID=2768 TID=6092 GMTDATE=Mon Mar 17 20:00:23.510 2014
ISTR0="Configuration Manager Client Upgrade Package" ISTR1="BDC00003" ISTR2="" ISTR3="" ISTR4="" ISTR5="" ISTR6="" ISTR7="" ISTR8="" ISTR9="" NUMATTRS=1 AID0=400
AVAL0="BDC00003" $$<SMS_DISTRIBUTION_MANAGER><03-17-2014 16:00:23.510+240><thread=6092 (0x17CC)>
StateTable::CState::Handle - (2301:1 2014-03-17 20:00:23.510+00:00) >> (0:0 2014-02-28 16:33:45.383+00:00)
$$<SMS_DISTRIBUTION_MANAGER><03-17-2014 16:00:23.515+240><thread=6092 (0x17CC)>
CStateMsgReporter::DeliverMessages - Queued message: TT=1401 TIDT=0 TID='8ACCAE01-5079-4FCD-A988-C1CD3004B698' SID=2301 MUF=0 PCNT=2, P1='PRI' P2='2014-03-17 20:00:23.510+00:00' P3='' P4=''
P5='' $$<SMS_DISTRIBUTION_MANAGER><03-17-2014 16:00:23.526+240><thread=6092 (0x17CC)>
CStateMsgReporter::DeliverMessages - Created state message file: D:\Program Files\Microsoft Configuration Manager\inboxes\auth\statesys.box\incoming\1sfb1dbj.SMX
$$<SMS_DISTRIBUTION_MANAGER><03-17-2014 16:00:23.571+240><thread=6032 (0x1790)>
Successfully send state change notification 8ACCAE01-5079-4FCD-A988-C1CD3004B698
$$<SMS_DISTRIBUTION_MANAGER><03-17-2014 16:00:23.572+240><thread=6032 (0x1790)>
~Exiting package processing thread.
$$<SMS_DISTRIBUTION_MANAGER><03-17-2014 16:00:23.574+240><thread=6032 (0x1790)>
CStateMsgReporter::DeliverMessages - Created state message file: D:\Program Files\Microsoft Configuration Manager\inboxes\auth\statesys.box\incoming\abaibh8y.SMX
$$<SMS_DISTRIBUTION_MANAGER><03-17-2014 16:00:23.637+240><thread=6092 (0x17CC)>
Successfully send state change notification 8ACCAE01-5079-4FCD-A988-C1CD3004B698
$$<SMS_DISTRIBUTION_MANAGER><03-17-2014 16:00:23.683+240><thread=6092 (0x17CC)>
~Exiting package processing thread.
$$<SMS_DISTRIBUTION_MANAGER><03-17-2014 16:00:23.685+240><thread=6092 (0x17CC)>
Sleep 30 minutes...
$$<SMS_DISTRIBUTION_MANAGER><03-17-2014 16:00:26.886+240><thread=2936 (0xB78)>
~Used 0 out of 3 allowed processing threads.
$$<SMS_DISTRIBUTION_MANAGER><03-17-2014 16:00:27.948+240><thread=4900 (0x1324)>
~Sleep 3600 seconds...
$$<SMS_DISTRIBUTION_MANAGER><03-17-2014 16:00:27.950+240><thread=4900 (0x1324)>
Sleep 30 minutes...
$$<SMS_DISTRIBUTION_MANAGER><03-17-2014 16:00:31.934+240><thread=2936 (0xB78)>
~Used 0 out of 3 allowed processing threads.
$$<SMS_DISTRIBUTION_MANAGER><03-17-2014 16:00:33.021+240><thread=4900 (0x1324)>
~Sleep 3600 seconds...
$$<SMS_DISTRIBUTION_MANAGER><03-17-2014 16:00:33.023+240><thread=4900 (0x1324)>
~Used 0 out of 3 allowed processing threads.
$$<SMS_DISTRIBUTION_MANAGER><03-17-2014 16:00:38.108+240><thread=4900 (0x1324)>
~Sleep 3600 seconds...
$$<SMS_DISTRIBUTION_MANAGER><03-17-2014 16:00:38.111+240><thread=4900 (0x1324)>
Sleeping for 60 minutes before content cleanup task starts.~
$$<SMS_DISTRIBUTION_MANAGER><03-17-2014 16:06:28.094+240><thread=4968 (0x1368)>
Sleep 30 minutes...
$$<SMS_DISTRIBUTION_MANAGER><03-17-2014 16:30:52.271+240><thread=2936 (0xB78)>
Sleep 30 minutes...
$$<SMS_DISTRIBUTION_MANAGER><03-17-2014 17:01:10.002+240><thread=2936 (0xB78)>
~Used 0 out of 3 allowed processing threads.
$$<SMS_DISTRIBUTION_MANAGER><03-17-2014 17:01:10.977+240><thread=4900 (0x1324)>
~Sleep 3600 seconds...
$$<SMS_DISTRIBUTION_MANAGER><03-17-2014 17:01:10.979+240><thread=4900 (0x1324)>
Sleeping for 60 minutes before content cleanup task starts.~
$$<SMS_DISTRIBUTION_MANAGER><03-17-2014 17:06:55.337+240><thread=4968 (0x1368)>
Issue 2: I'm trying to deploy a couple of Packages/Applications using SCCM 2012 R2 running on Win2K8 R2 with no luck, knowing that I could install the packages
on a test VM “in the DataCenter site”, but when trying to deploy the packages to production PC “in the Office Site”,
the status is packages deployment compliance stuck at 0%
Infrastructure:
3 SCCM servers: CAS, PRI & SEC. Both CAS and PRI are in the DataCenter site, and SEC is in the Office site. The office site has several IP subnets.
Boundaries are configured through Forest Discovery “IP Ranges and AD Sites” since that the AD site should contain all the IP subnets that the AD site contains, Boundaries groups are also configured and a site reference
server is configured for each group respectively.
A OU based Collection has been configured that contains 13 PC "the collection contains the PCs that the packages should be installed.
Packages/Applications are configured correctly since that I could successfully deploy the packages to the test VM which is on the same subnet as the CAS and the PRI servers "the DataCenter subnet". The issue
is that I can't deploy the packages to production PCs in the Office subnet!
Firewall rules are configured and applied via GP, and I even turned Windows Firewall off, and still nothing! I tried to manually initiate Computer Policy download via the SCCM GUI and via a script, still no luck!
I tried configuring IP Subnet Boundaries, still no luck!!
Here are the last 2 lines in the LocationServices.log of a client PC at the Office Site:
<![LOG[MPLIST requests are throttled for 00:00:44]LOG]!><time="14:47:00.766+240" date="03-17-2014" component="LocationServices" context="" type="2" thread="5776"
file="lssecurity.cpp:4528"> <![LOG[Current AD site of machine is Default-First-Site-Name]LOG]!><time="14:47:00.777+240" date="03-17-2014" component="LocationServices" context="" type="1"
thread="4884" file="lsad.cpp:770">
And here are the last 4 lines in the ClientLocation.log
<![LOG[Rotating assigned management point, new management point [1] is: BBK-SCCM-PRI.bbk2310.com (7958) with capabilities: <Capabilities SchemaVersion="1.0"><Property Name="SSLState"
Value="0"/></Capabilities>]LOG]!><time="14:49:04.880+240" date="03-17-2014" component="ClientLocation" context="" type="1" thread="3600" file="lsad.cpp:6311">
<![LOG[Assigned MP changed from <BBK-SCCM-PRI.bbk2310.com> to <BBK-SCCM-PRI.bbk2310.com>.]LOG]!><time="14:49:04.891+240" date="03-17-2014" component="ClientLocation" context="" type="1"
thread="3600" file="lsad.cpp:1532"> <![LOG[Rotating proxy management point, new management point [1] is: BBK-SCCM-SEC.bbk2310.com (7958) with capabilities: <Capabilities SchemaVersion="1.0"><Property Name="SSLState"
Value="0"/></Capabilities>]LOG]!><time="14:49:05.345+240" date="03-17-2014" component="ClientLocation" context="" type="1" thread="3600" file="lsad.cpp:6374">
<![LOG[Rotating local management point, new management point [1] is: BBK-SCCM-SEC.bbk2310.com (7958) with capabilities: <Capabilities SchemaVersion="1.0"><Property Name="SSLState" Value="0"/></Capabilities>]LOG]!><time="14:49:05.786+240"
date="03-17-2014" component="ClientLocation" context="" type="1" thread="3600" file="lsad.cpp:6436">
It looks like clients in the Office Site can’t connect to the DP/MP of the Secondary Site server which is also a DP.
While on the PC that the application was installed on I see the folowing in the LocationService.log:
<![LOG[Distribution Point='http://BBK-SCCM-PRI.bbk2310.com/SMS_DP_SMSPKG$/Content_69547d2a-339f-4ac4-9523-238c79ff8a52.1', Locality='LOCAL', DPType='SERVER', Version='7958', Capabilities='<Capabilities SchemaVersion="1.0"><Property
Name="SSLState" Value="0"/></Capabilities>', Signature='http://BBK-SCCM-PRI.bbk2310.com/SMS_DP_SMSSIG$/Content_69547d2a-339f-4ac4-9523-238c79ff8a52.1.tar', ForestTrust='TRUE',]LOG]!><time="14:42:59.506+240"
date="03-17-2014" component="LocationServices" context="" type="1" thread="224" file="lsutils.cpp:415"> <![LOG[Calling back with locations for location request {144620BC-4BF0-4878-9554-F67D305ECCF8}]LOG]!><time="14:42:59.522+240"
date="03-17-2014" component="LocationServices" context="" type="1" thread="224" file="replylocationsendpoint.cpp:220">
Is there something wrong with the Distribution point on the Secondary Site server?
Please help…
Thanks..Update:
I fixed the issue with the default XXX00002 package - "Configuration Manager Client Package", it will not deploy to the Secondary Site DP. I did that through "Update Distribution Points" option, and after a while the status was 100%.
However; the second issue is still unsolved...
Please help.. -
NAT for remote access VPN clients
Hello,
I have a simple remote access VPN setup on a 2811 router. The remote subnet of the clients connecting have access to the local LAN subnet, but I am wondering if it is possible to somehow NAT those remote access users, so that they can go beyond the local LAN, and through the VPN routers outside connection, giving them access to other resources.
The remote subnet would need to be added to the NAT overload pool that the local LAN is on somehow, but since no interface is created, I am unsure where I would need to put "ip nat inside" if it even needs to be done, or if I am just missing something.
I guess really what I want to do is tunnel all traffic, and have that remote client IP translate to the NAT pool on the router for internet access.
Thanks.Have a look here for solution
http://www.cisco.com/en/US/products/sw/secursw/ps2308/products_configuration_example09186a008073b06b.shtml
Regards -
ASA Remote Access VPN Clients - Multiple DNS Suffixes?
Hi community!
I am setting up a new remote access VPN using the traditional IPSec client via ASA 5515-X runnning OS 8.6.1(5).
We require to provide each client multiple DNS suffixes, but are only to provide a single DNS suffix in the grouip policy.
I have tested using an external DHCP server, but using our Windows Server 2008 infrastructure and Option 119 the list is not provided to clients, and I have read that Windows 7 clietns may ignore this option anyway.
Other than umanually configuring the clients , does anybody have any other suggestions on how we may get this to work?
Full marks for helpful posts!
Kind regards, Ash.Hi
I am looking into the same issue, and I am finding conflicting documentation about this and wondered if you got the answers you were looking for.
I have a remote access requirement for users from separate AD's to authenticate through an ASA.
I was reading about Global Catalogue Server but this is not specifically what I want; and also creating a new AAA server group but the user would need to accept which group to use when they log in
Regards -
Remote access VPN client gets connected fails on hosts in LAN
Hi,
VPN client gets connected fine, I have a inter VLAN routing happening on the switch in the LAN so all the LAN hosts have gateway IP on the switch, I have the defult route pointing to ASA inside interface on the switch, the switch I can reach after Remote Access VPN is connected how ever I cannot ping/connect to other hosts in the LAN and if I make the gateway point to the ASA then that host is accessible, any suggestions? I really want to have gateway to be the Switch as I have other networks reachable through the Switch (Intranet routing)Hi Mashal,
Thanks for your time,
VPN Pool(Client) 192.168.100.0/24
Internal Subnets 192.9.200.0/24(VLAN 4000) and 192.168.2.0/24 (VLAN 1000)
=============
On the Switch
=============
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route
Gateway of last resort is 192.168.2.5 to network 0.0.0.0
172.32.0.0/24 is subnetted, 1 subnets
C 172.32.0.0 is directly connected, Vlan101
C 192.168.200.0/24 is directly connected, Vlan2000
C 192.9.200.0/24 is directly connected, Vlan4000
S 192.168.250.0/24 [1/0] via 192.9.200.125
S 192.168.1.0/24 [1/0] via 192.9.200.125
C 192.168.2.0/24 is directly connected, Vlan1000
S 192.168.252.0/24 [1/0] via 192.9.200.125
S* 0.0.0.0/0 [1/0] via 192.168.2.5
===============
On ASA
===============
Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area
* - candidate default, U - per-user static route, o - ODR
P - periodic downloaded static route
Gateway of last resort is 172.32.0.2 to network 0.0.0.0
C 172.32.0.0 255.255.255.0 is directly connected, outside
C 192.9.200.0 255.255.255.0 is directly connected, inside
C 192.168.168.0 255.255.255.0 is directly connected, failover
C 192.168.2.0 255.255.255.0 is directly connected, MGMT
S 192.168.100.2 255.255.255.255 [1/0] via 172.32.0.2, outside
S 192.168.100.3 255.255.255.255 [1/0] via 172.32.0.2, outside
S* 0.0.0.0 0.0.0.0 [1/0] via 172.32.0.2, outside
We don't need route print on the PC for now as I can explain what is happening I can get complete access to the 192.168.2.0/24 (VLAN 1000) but for 192.9.200.0/24 (VLAN 4000) above from the switch I can only ping IP's on the switches/pair but cannot have any tcp connections, which explains the default route being pointed on the switch is on VLAN 1000, now my issue is How do I get access to VLAN 4000 as you can see these two are on different Interfaces/zones on the ASA and please note with default gateway pointing to ASA I will have access to both the VLAN's it is only when I move the gateway pointing to Switch I loose tcp connections to one VLAN depending on the default route on the being pointing to on the switch.
So we are left to do with how to on the switch with default route. -
Remote access VPN client gets connected no access to LAN
: Saved
ASA Version 8.6(1)2
hostname COL-ASA-01
domain-name dr.test.net
enable password i/RAo1iZPOnp/BK7 encrypted
passwd i/RAo1iZPOnp/BK7 encrypted
names
interface GigabitEthernet0/0
nameif outside
security-level 0
ip address 172.32.0.11 255.255.255.0
interface GigabitEthernet0/1
nameif inside
security-level 100
ip address 192.9.200.126 255.255.255.0
interface GigabitEthernet0/2
shutdown
no nameif
no security-level
no ip address
interface GigabitEthernet0/3
shutdown
no nameif
no security-level
no ip address
interface GigabitEthernet0/4
shutdown
no nameif
no security-level
no ip address
interface GigabitEthernet0/5
nameif failover
security-level 0
ip address 192.168.168.1 255.255.255.0 standby 192.168.168.2
interface Management0/0
nameif management
security-level 0
ip address 192.168.2.11 255.255.255.0
ftp mode passive
dns server-group DefaultDNS
domain-name dr.test.net
object network RAVPN
subnet 192.168.0.0 255.255.255.0
object network NETWORK_OBJ_192.168.200.0_24
subnet 192.168.200.0 255.255.255.0
object network NETWORK_OBJ_192.9.200.0_24
subnet 192.9.200.0 255.255.255.0
object-group network inside_network
network-object 192.9.200.0 255.255.255.0
object-group network Outside
network-object host 172.32.0.25
access-list RAVPN_splitTunnelAcl standard permit 192.9.200.0 255.255.255.0
access-list test123 extended permit ip host 192.168.200.1 host 192.9.200.190
access-list test123 extended permit ip host 192.9.200.190 host 192.168.200.1
access-list test123 extended permit ip object NETWORK_OBJ_192.168.200.0_24 192.9.200.0 255.255.255.0
access-list test123 extended permit ip 192.9.200.0 255.255.255.0 object NETWORK_OBJ_192.9.200.0_24
pager lines 24
mtu management 1500
mtu outside 1500
mtu inside 1500
mtu failover 1500
ip local pool RAVPN 192.168.200.1-192.168.200.254 mask 255.255.255.0
no failover
icmp unreachable rate-limit 1 burst-size 1
asdm image disk0:/asdm-66114.bin
no asdm history enable
arp timeout 14400
nat (inside,outside) source dynamic any interface
nat (any,inside) source static NETWORK_OBJ_192.168.200.0_24 NETWORK_OBJ_192.168.200.0_24 destination static NETWORK_OBJ_192.9.200.0_24 NETWORK_OBJ_192.9.200.0_24
route outside 0.0.0.0 0.0.0.0 172.32.0.2 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
timeout floating-conn 0:00:00
dynamic-access-policy-record DfltAccessPolicy
user-identity default-domain LOCAL
aaa authentication ssh console LOCAL
http server enable
http 0.0.0.0 0.0.0.0 outside
http 0.0.0.0 0.0.0.0 inside
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart warmstart
crypto ipsec ikev1 transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-DES-SHA esp-des esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-DES-MD5 esp-des esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-128-MD5 esp-aes esp-md5-hmac
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set pfs group1
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set ikev1 transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA ESP-3DES-MD5 ESP-DES-SHA ESP-DES-MD5
crypto map outside_map 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP
crypto map outside_map interface outside
crypto ca trustpoint ASDM_TrustPoint0
enrollment terminal
subject-name CN=KWI-COL-ASA-01.dr.test.net,O=KWI,C=US
crl configure
crypto ikev1 enable outside
crypto ikev1 policy 10
authentication crack
encryption aes-256
hash sha
group 2
lifetime 86400
crypto ikev1 policy 20
authentication rsa-sig
encryption aes-256
hash sha
group 2
lifetime 86400
crypto ikev1 policy 30
authentication pre-share
encryption aes-256
hash sha
group 2
lifetime 86400
crypto ikev1 policy 40
authentication crack
encryption aes-192
hash sha
group 2
lifetime 86400
crypto ikev1 policy 50
authentication rsa-sig
encryption aes-192
hash sha
group 2
lifetime 86400
crypto ikev1 policy 60
authentication pre-share
encryption aes-192
hash sha
group 2
lifetime 86400
crypto ikev1 policy 70
authentication crack
encryption aes
hash sha
group 2
lifetime 86400
crypto ikev1 policy 80
authentication rsa-sig
encryption aes
hash sha
group 2
lifetime 86400
crypto ikev1 policy 90
authentication pre-share
encryption aes
hash sha
group 2
lifetime 86400
crypto ikev1 policy 100
authentication crack
encryption 3des
hash sha
group 2
lifetime 86400
crypto ikev1 policy 110
authentication rsa-sig
encryption 3des
hash sha
group 2
lifetime 86400
crypto ikev1 policy 120
authentication pre-share
encryption 3des
hash sha
group 2
lifetime 86400
crypto ikev1 policy 130
authentication crack
encryption des
hash sha
group 2
lifetime 86400
crypto ikev1 policy 140
authentication rsa-sig
encryption des
hash sha
group 2
lifetime 86400
crypto ikev1 policy 150
authentication pre-share
encryption des
hash sha
group 2
lifetime 86400
crypto ikev1 policy 65535
authentication pre-share
encryption 3des
hash sha
group 2
lifetime 86400
telnet 192.9.200.0 255.255.255.0 inside
telnet timeout 30
ssh 0.0.0.0 0.0.0.0 management
ssh 0.0.0.0 0.0.0.0 outside
ssh 66.35.45.128 255.255.255.192 outside
ssh 0.0.0.0 0.0.0.0 inside
ssh timeout 30
ssh version 2
console timeout 0
threat-detection basic-threat
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
webvpn
enable outside
anyconnect image disk0:/anyconnect-win-2.5.2014-k9.pkg 1
anyconnect enable
tunnel-group-list enable
group-policy DfltGrpPolicy attributes
group-policy RAVPN internal
group-policy RAVPN attributes
wins-server value 192.9.200.164
dns-server value 66.35.46.84 66.35.47.12
vpn-filter value test123
vpn-tunnel-protocol ikev1
split-tunnel-policy tunnelspecified
split-tunnel-network-list value test123
default-domain value dr.kligerweiss.net
username test password xxxxxxx encrypted
username admin password aaaaaaaaaaaa encrypted privilege 15
username vpntest password ddddddddddd encrypted
tunnel-group RAVPN type remote-access
tunnel-group RAVPN general-attributes
address-pool RAVPN
default-group-policy RAVPN
tunnel-group RAVPN ipsec-attributes
ikev1 pre-shared-key *****
class-map inspection_default
match default-inspection-traffic
policy-map type inspect dns preset_dns_map
parameters
message-length maximum client auto
message-length maximum 512
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect h323 h225
inspect h323 ras
inspect ip-options
inspect netbios
inspect rsh
inspect rtsp
inspect skinny
inspect esmtp
inspect sqlnet
inspect sunrpc
inspect tftp
inspect sip
inspect xdmcp
service-policy global_policy global
prompt hostname context
no call-home reporting anonymous
call-home
profile CiscoTAC-1
no active
destination address http https://tools.cisco.com/its/service/oddce/services/DDCEService
destination address email [email protected]
destination transport-method http
subscribe-to-alert-group diagnostic
subscribe-to-alert-group environment
subscribe-to-alert-group inventory periodic monthly 2
subscribe-to-alert-group configuration periodic monthly 2
subscribe-to-alert-group telemetry periodic daily
password encryption aes
Cryptochecksum:b001e526a239af2c73fa56f3ca7667ea
: end
COL-ASA-01#
Here is some capture done on the inside interface which may help too, I tried pointing the gateway to inside interface on the target device but I think this was a switch without ip route available on it I believe that is still sending packet back to Cisco inside interface
COL-ASA-01# sho cap test | in 192.168.200
25: 23:45:55.570618 192.168.200.1 > 192.9.200.190: icmp: echo request
29: 23:45:56.582794 192.168.200.1.137 > 192.9.200.164.137: udp 68
38: 23:45:58.081050 192.168.200.1.137 > 192.9.200.164.137: udp 68
56: 23:45:59.583176 192.168.200.1.137 > 192.9.200.164.137: udp 68
69: 23:46:00.573517 192.168.200.1 > 192.9.200.190: icmp: echo request
98: 23:46:05.578110 192.168.200.1 > 192.9.200.190: icmp: echo request
99: 23:46:05.590057 192.168.200.1.137 > 192.9.200.164.137: udp 68
108: 23:46:07.092310 192.168.200.1.137 > 192.9.200.164.137: udp 68
115: 23:46:08.592468 192.168.200.1.137 > 192.9.200.164.137: udp 68
116: 23:46:10.580795 192.168.200.1 > 192.9.200.190: icmp: echo request
COL-ASA-01#
Any help or pointers greatly appreciated, I am doing this config after a long gap on Cisco last time I was working it was all PIX so just need some expert eyes to let me know if I am missing something.
And Yes I do not have a Host in Inside network to test against, all I have is a switch which cannot route and ip default gateway is not helping too...Hi,
The first thing you should do to avoid problems is to change the VPN Pool to something else than the current LAN network as they are not really directly connected in the same network segment.
You could try the following changes
tunnel-group RAVPN general-attributes
no address-pool RAVPN
no ip local pool RAVPN 192.168.200.1-192.168.200.254 mask 255.255.255.0
ip local pool RAVPN 192.168.201.1-192.168.201.254 mask 255.255.255.0
tunnel-group RAVPN general-attributes
address-pool RAVPN
no nat (any,inside) source static NETWORK_OBJ_192.168.200.0_24 NETWORK_OBJ_192.168.200.0_24 destination static NETWORK_OBJ_192.9.200.0_24 NETWORK_OBJ_192.9.200.0_24
In the above you first remove the VPN Pool from the "tunnel-group" and then remove and recreate the VPN Pool with another network and then insert it back to the same "tunnel-group". Nex you remove the current NAT configuration.
object network LAN
subnet 192.168.200.0 255.255.255.0
object network VPN-POOL
subnet 192.168.201.0 255.255.255.0
nat (inside,outside) 1 source static LAN LAN destination static VPN-POOL VPN-POOL
The above NAT configurations adds the correct NAT0 configuration for the changed VPN Pool. It also inserts the NAT rule to the very top before the Dynamic PAT rule you currently have. It is also one of the problems with the configurations as it will override your current NAT configurations.
You have your Dynamic PAT rule at the very top of your NAT rules currently which is not a good idea. If you wish to change it to something else that wont override the other NAT configurations in the future you can do the following change.
no nat (inside,outside) source dynamic any interface
nat (inside,outside) after-auto source dynamic any interface
NOTICE! Changing the above Dynamic PAT configuration will temporarily terminate all connections for users from the LAN as you reconfigure the Dynamic PAT rule. So if you do this change make sure that its ok to cause still small cut in the current connections of internal users
Hope this helps
Let me know if it works for you
- Jouni
Maybe you are looking for
-
Hard Drive that Won't Show Up Wirelessly
I've posted this elsewhere, but under a topic that was solved, so I'm trying my luck again here. Up until the most recent update of AEBS firmware, I could access my hard drive, connected via a hub to the AEBS, from my wireless laptop G4. Now, althoug
-
HT1414 my apps have not been restored from backup
I can see my apps on iTunes but how do I get them back onto my iPhone?
-
[urgent]inbound java proxy
Hi how can i know if receiver XI adapter touch inbound EJB by registering url? my scenario is ABAP Proxy to Java proxy Sync. i can see mapping error on moni because payload inbound adapter has empty , my issue, XI seems not to call inbound EJB? on ad
-
Hi I am new to muse, and have a question. I have watched the great training videos at lynda.com, but it leaves me wit one question though. When I place graphics, I know I can scale it to lets say 50% inside Muse. I could also scale it inside Photosho
-
Applications close unexpectedly when asked to print
MacMini from 2/06 running Tiger (10.4.11) has decided it no longer wants to print. The application (Safari, Pages) that I want to print from "closes unexpectedly" every time I ask it to print to my Brother HL5240. Downloaded fresh print driver - no