SCCM - VPN Client Communication

Question

HI All,

I am using SCCM CB 2006 and i am trying to manage VPN client subnets. Seems the ports are all opened but the communication or policy request is not getting updated. I have configured the boundary group with IP range and assigned to primary site. Still it is not showing active in the console. Please suggest. Below are the logs

Answer 1

Hi,

Clientlocation.log showing Unable to retrieve AD forest + domain membership may indicate some network/authentication issue, other than sccm itself.

As yannara suggested, we may check the communication first, by running gpupdate or nltest.

If it succeeds, we may try the following in a web browser of a client computer to see if the communication with MP is ok

http://<MPFQDN>/sms_mp/.sms_aut?mplist

Alex
If the response is helpful, please click "Accept Answer" and upvote it.

Answer 2

Based on your screens, make first sure that your AD connection via VPN works. What happends if you write gpupdate on a vpn client, will it fail?

Answer 3

Thanks for your quick reply

Yes Gpupdate is not happening. Seems all ports are opened like below. Anything missing please advice

Server Port (DC) Service
123/UDP W32Time
135/TCP RPC Endpoint Mapper
464/TCP/UDP Kerberos password change
49152-65535/TCP RPC for LSA, SAM, NetLogon ()
389/TCP/UDP LDAP
636/TCP LDAP SSL
3268/TCP LDAP GC
3269/TCP LDAP GC SSL
53/TCP/UDP DNS
49152 -65535/TCP FRS RPC ()
88/TCP/UDP Kerberos
445/TCP SMB (**)
49152-65535/TCP DFSR RPC (*)

Answer 4

This is clearly a networking issue at this point. You should first get this sorted out with your networks team.

Answer 5

I will work with Network team

Thanks for your support