question

abdulkhader-8564 avatar image
0 Votes"
abdulkhader-8564 asked Jason-MSFT commented

Firewall port requirements for SCCM remote control

Firewall port requirements for SCCM remote control. I heard that port TCP – 135. TCP – 2701. TCP – 2702 are needed for this requirement . I need source and destinations computers like source is client computers and destinations is SCCM primary server? Please help on this

mem-cm-general
· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

The case seems to be related with SCCM, so I change the tag to CM-general.

0 Votes 0 ·
abdulkhader-8564 avatar image
0 Votes"
abdulkhader-8564 answered Jason-MSFT commented

Yes I agreed , Suppose I am accessing the user computers from my local laptop , so I need to run CmRcViewer.exe in my laptop.

So here is Source is my computers IP and destination is users computers right ? so we need to open the port between these subnet? . So my question is do I need to open any port for primary server either giving as source or destination ?

· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

So here is Source is my computers IP and destination is users computers right ?

Correct.

So my question is do I need to open any port for primary server either giving as source or destination ?

If you are just running CmRcViewer.exe, then no (unless you launch CmRcViewer.exe with the switch to connect to the site server for auditing purposes). If you are running the console, then the console must be able to communicate with the SMS Provider (and not the primary site server unless the SMS Provider is co-located on the primary site server).

1 Vote 1 ·
Amandayou-MSFT avatar image
1 Vote"
Amandayou-MSFT answered

Hi @abdulkhader-8564,

The source could be Configuration Manager console, the destination is client, and we should open TCP Port 2701 on the side of client.

About the details of port, please refer to this link:
https://docs.microsoft.com/en-us/mem/configmgr/core/plan-design/hierarchy/ports#BKMK_PortsConsole-Client



If the response is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.


5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

abdulkhader-8564 avatar image
0 Votes"
abdulkhader-8564 answered Garth commented

Thanks Amandayou,

Here is the My confusion. Source is Client and destination is Primary server? Could you please triple confirm

· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

No, you have it backwards, source will be any computer with the cm console.
Destination will be the computer you are trying to remote control.

1 Vote 1 ·
abdulkhader-8564 avatar image
0 Votes"
abdulkhader-8564 answered Garth commented

thanks Garth,

"source will be any computer with the cm console." which means SCCM Primary servers?

· 2
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

The connection comes the system running the console that initiates the connection. If that happens to be the primary site server, then yes, those are one in the same however that's generally a bad practice (running the console on the primary site server). You should be installing and running the console on your workstation(s) and performing your admin work there including initiating remote control.

2 Votes 2 ·
  • to what jason says!

0 Votes 0 ·