question

ConstantineJKoulis-7449 avatar image
0 Votes"
ConstantineJKoulis-7449 asked ·

SCCM push Windows 2004 and Edge new version over VPN

hello all,

I have SCCM 2010 and desktops which are powered on at the office as well as Laptops which are connecting through Palo Alto VPN.

For the Laptops which are connecting over VPN I can see the client is communicating at the SCCM.

I have set up to upgrade the Windwos 1809 to 2204 and also the legacy Edge to new Edge. At the office desktop computers it worked great but I don't seem to make it work at the Laptops over VPN.

I was looking over at the Laptop SCCM logs which are connected by VPN and I had an issue with the "LocationServices.log" cause I noticed there the error message "Unable to retrieve AD site membership", but that got resolved with the assistance of @YoussefSaad at another forum question.

can someone assist me where to look (which client SCCM log) to understand what is needed in order to make the windwos 2004 update go over VPN?

thank you

mem-cm-generalmem-cm-updates
10 |1000 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

YoussefSaad avatar image
0 Votes"
YoussefSaad answered ·

Hi @ConstantineJKoulis-7449,

It's me again.

Did you see the application in the software center?

Start the troubleshoot from the following log files:

  • AppDiscovery.log

  • AppEnforce.log

  • CAS.log

Regards,
Youssef Saad - New blog: https://youssef-saad.blogspot.com

· 2 · Share
10 |1000 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

thank you @YoussefSaad again for assisting,

concerning the logs:

  1. AppDiscovery.log - has not been updated since 12/12/2019

  2. AppEnforce.log - has not been updated since 12/12/2019

  3. CAS.log - below is part of the log


49899-screenshot-2020-12-21-085535.png




let me know your thoughts pls.

0 Votes 0 ·
YoussefSaad avatar image YoussefSaad ConstantineJKoulis-7449 ·

The client doesn't receive the policy correctly from its management point.

Did you have specified the MP/DP in the boundary group?

If it's possible to share also with us the LocationServices.log & ClientLocation.log files.

Regards,


Youssef Saad | New blog: https://youssef-saad.blogspot.com
Please remember to “Accept answer” for useful answers, thank you!



0 Votes 0 ·
ConstantineJKoulis-7449 avatar image
0 Votes"
ConstantineJKoulis-7449 answered ·

@YoussefSaad

here is the boundary and you can see the IP

50023-screenshot-2020-12-21-085535.png


here is the Boundary groups - CHICAGO

49880-screenshot-2020-12-21-085535-2.png

and here is the IP defined in the CHICAGO Boundary

49946-screenshot-2020-12-21-085535-3.png

concerning the logs

here is the "LocationServices.log"


50051-screenshot-2020-12-21-091136.png

and here is the "ClientLocation.log"


49929-screenshot-2020-12-21-091248.png


let me know your thoughts pls


· 4 · Share
10 |1000 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Are you using PKI for the SCCM communication? Could you please add CertificateMaintenance.log too?

What is your SCCM version? Client version?

Regards,


Youssef Saad | New blog: https://youssef-saad.blogspot.com
Please remember to “Accept answer” for useful answers, thank you!

0 Votes 0 ·

@YoussefSaad

  • no I am not using PKI, see below "Communication security" from the proprieties for the site

49920-screenshot-2020-12-21-100714.png


  • CertificateMaintenance.log is below


49900-screenshot-2020-12-21-101142.png

  • SCCM Version is 2004

  • Client version at my laptop (Ove VPN) is 5.0.9040.1010


let me know pls





0 Votes 0 ·

@YoussefSaad want to mention something else,

over the weekend I added another laptop (over VPN also) which is also in VPN to received the latest EDGE upgrade and it seemed to work today...

I don't understand why my laptop is having issues and the other today received it...

wanted to mention it... do you want to see any logs from the laptop which got the update?

0 Votes 0 ·
YoussefSaad avatar image YoussefSaad ConstantineJKoulis-7449 ·

You can compare those log files with to other one which still not working.

If you have only one device with communication issue trough VPN, I suggest to you to repair the client on this machine and check again if it will receive the assigned MP/SUP if the LocationServices.log.

Regards,


Youssef Saad | New blog: https://youssef-saad.blogspot.com
Please remember to “Accept answer” for useful answers, thank you!


0 Votes 0 ·