question

karthikpalani-9530 avatar image
0 Votes"
karthikpalani-9530 asked karthikpalani-9530 answered

SCCM - VPN Client Communication

HI All,

I am using SCCM CB 2006 and i am trying to manage VPN client subnets. Seems the ports are all opened but the communication or policy request is not getting updated. I have configured the boundary group with IP range and assigned to primary site. Still it is not showing active in the console. Please suggest. Below are the logs

128752-log1.jpg


128734-log2.jpg


mem-cm-generalmem-cm-site-deployment
log1.jpg (96.9 KiB)
log2.jpg (85.3 KiB)
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

AlexZhu-MSFT avatar image
0 Votes"
AlexZhu-MSFT answered AlexZhu-MSFT commented

Hi,

Clientlocation.log showing Unable to retrieve AD forest + domain membership may indicate some network/authentication issue, other than sccm itself.

As yannara suggested, we may check the communication first, by running gpupdate or nltest.

128890-sccm-communication-01.png


If it succeeds, we may try the following in a web browser of a client computer to see if the communication with MP is ok

http://<MPFQDN>/sms_mp/.sms_aut?mplist

128878-sccm-communication-02.png


Alex
If the response is helpful, please click "Accept Answer" and upvote it.



· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Hi,

It seems there is no update for a couple of days. May we know the current status of the problem? Or is there any other assistance we can provide?

Regards,

Alex
If the response is helpful, please click "Accept Answer" and upvote it.

0 Votes 0 ·
yannara avatar image
0 Votes"
yannara answered

Based on your screens, make first sure that your AD connection via VPN works. What happends if you write gpupdate on a vpn client, will it fail?

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

karthikpalani-9530 avatar image
0 Votes"
karthikpalani-9530 answered

Thanks for your quick reply

Yes Gpupdate is not happening. Seems all ports are opened like below. Anything missing please advice

Server Port (DC) Service
123/UDP W32Time
135/TCP RPC Endpoint Mapper
464/TCP/UDP Kerberos password change
49152-65535/TCP RPC for LSA, SAM, NetLogon ()
389/TCP/UDP LDAP
636/TCP LDAP SSL
3268/TCP LDAP GC
3269/TCP LDAP GC SSL
53/TCP/UDP DNS
49152 -65535/TCP FRS RPC (
)
88/TCP/UDP Kerberos
445/TCP SMB (**)
49152-65535/TCP DFSR RPC (*)

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

RahulJindal-2267 avatar image
0 Votes"
RahulJindal-2267 answered

This is clearly a networking issue at this point. You should first get this sorted out with your networks team.

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

karthikpalani-9530 avatar image
0 Votes"
karthikpalani-9530 answered

I will work with Network team

Thanks for your support

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.