Installing SCCM client on internet connected device

Skip B 91 Reputation points
2021-02-05T18:52:26.82+00:00

I am working on upgrading the SCCM client on devices that either connect only to our IBCM server or are very rarely connected to our network via VPN.

I have noticed that when trying to do a manual install of the client on an internet connected device, the process fails. When I connect it to VPN, the install succeeds.

When connected via VPN, I see these lines in the ccmsetup.log:

Adding file '<primary site server>:80/SMS_DP_SMSPKG$/DOT00003/x64/WindowsFirewallConfigurationProvider.msi' to BITS job, saving as 'C:\windows\ccmsetup\WindowsFirewallConfigurationProvider.msi'.

Adding file '<primary site server>:80/SMS_DP_SMSPKG$/DOT00003/x64/client.msi' to BITS job, saving as 'C:\windows\ccmsetup\client.msi'.

Starting BITS download for client deployment files.
Download Update: 1120 out of 61009408 bytes transferred.
Successfully completed BITS download for client deployment files.

It looks like there are 2 files missing from the install package that I am manually running.

These files end up in the C:\windows\ccmsetup folder even though they already exist in the x64 folder.

The command line I use is:

ccmsetup.exe /UsePKICert /NoCRLCheck /mp:<site server> SMSMP="<site server>" CCMHOSTNAME="<IBCM server, external facing name>" SMSSITECODE="<site code>"

Do I have to specify something else?

Skip

Microsoft Configuration Manager
{count} votes

3 answers

Sort by: Most helpful
  1. Youssef Saad 3,401 Reputation points
    2021-02-05T20:08:44.007+00:00

    You have to check the configuration of your boundaries and boundary group in order to specify which DP will be used for which IP Address range/subnet.

    Regards,


    Youssef Saad | New blog: https://youssef-saad.blogspot.com
    Please remember to ** “Accept answer” ** or upvote for useful answers, thank you!

    1 person found this answer helpful.
    0 comments No comments

  2. Youssef Saad 3,401 Reputation points
    2021-02-05T19:00:59.723+00:00

    What says the ccmsetup.log & client.msi.log files when you are trying the installation in the internet context?

    Regards,


    Youssef Saad | New blog: https://youssef-saad.blogspot.com
    Please remember to ** “Accept answer” ** or upvote for useful answers, thank you!


  3. AllenLiu-MSFT 41,371 Reputation points Microsoft Vendor
    2021-02-08T08:06:04.56+00:00

    @Skip B
    Thank you for posting in Microsoft Q&A forum.
    When we use /mp, if the client connects to a management point using HTTPS, specify the FQDN not the computer name. The value must match the management point PKI certificate's Subject or Subject Alternative Name.

    When we use /source, the Windows user account for client installation needs Read permissions to the location.

    So when you use /source, it works now, right?


    If the response is helpful, please click "Accept Answer" and upvote it.
    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.