question

rkppt-4902 avatar image
0 Votes"
rkppt-4902 asked saldana-msft edited

About internet-based agent installation

Using Configuration manager 2107
I am testing internet based client management.

The client is a Windows 10 client in a workgroup.
The following command is entered for agent installation.

ccmsetup.exe / usePKICert / NoCRLCheck SMSSITECODE = XXX CCMHOSTNAME = "ServerName" CCMALWAYSINF = 1

I don't see any errors in ccmsetup.log,
It is not output to the device list of the Configuration manger console.

When you launch the Configuration manger from the client control panel,
PKI is "None". Is this the cause?

139736-image.png

How to display in the Configuration manger console,
I want some advice.

After introducing the agent,
I'm planning to distribute scripts and applications, so
If you have any information, I would be grateful if you could provide it.


configuration-manager-generalconfiguration-manager-site-deploymentconfiguration-manager-application
image.png (20.1 KiB)
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

RahulJindal-2267 avatar image
0 Votes"
RahulJindal-2267 answered rkppt-4902 commented

How are you managing clients over Internet? Do have a CMG instance?

· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

thank you for your answer.

It is an ibcm configuration.
cmg is not configured.

I'm checking the log again,
The following was output to Clientidmanagerstatup.log.
RegTask: Failed to refresh site code. Error: 0x8000ffff

0 Votes 0 ·
rkppt-4902 avatar image
0 Votes"
rkppt-4902 answered

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

RahulJindal-2267 avatar image
0 Votes"
RahulJindal-2267 answered rkppt-4902 commented

Ok, then is the PKI cert enrolled for client authentication?

· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

The client certificate is issued by the enterprise CA and imported to the target PC.

0 Votes 0 ·
AllenLiu-MSFT avatar image
0 Votes"
AllenLiu-MSFT answered AllenLiu-MSFT commented

Hi, @rkppt-4902
Thank you for posting in Microsoft Q&A forum.

For IBCM, we need to set CCMHOSTNAME to specify an internet accessible/facing MP.
You may try the command:
ccmsetup.exe /usePKICert /NoCRLCheck CCMHOSTNAME=inetdpmp.xxxxxx.com DNSSUFFIX=xxxxxx.com SMSSITECODE=XXX CCMALWAYSINF=1 SMSMP=https://inetdpmp.xxxxxx.com CCMFIRSTCERT=1


If the response is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.


· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

It seems there is no update for a couple of days. May we know the current status of the problem?

0 Votes 0 ·
RahulJindal-2267 avatar image
0 Votes"
RahulJindal-2267 answered

"No Location Reply received from ibcm.japaneast.cloudapp.azure.com" - This doesn't seem right. If you are using IBCM and not CMG, then this should reflect FQDN of your on-prem internet facing MP. Are you sure you have configured your internet facing on-prem MP correctly?

On a side note, I will suggest against using IBCM and setup CMG instead.

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.