SCCM 2007 Client troubleshooting – Part 8: Internet Client installation

Internet Clients can be particularly difficult to troubleshoot for several reasons. Foremost, they are usually off-site, so that can present logistical challenges.

David Stein By David Stein - Thu, May 9, 2013 - 0 comments google+ icon

David is an author and consultant, working for Endurance IT Services in Virginia Beach, Virginia, specializing in Microsoft enterprise systems and Business Process Automation.

Articles in this series

SCCM 2007 Client troubleshooting

Also, because the client agent is essentially identical to an “internal” client agent, you have to perform all of the same diagnostic steps as you would for any other client, in addition to the additional layer of issues inherent with managing a computer outside of your internal network environment.

I will freely admit this is not my strongest area within the Configuration Manager realm. For that reason, I reached out to my customers and colleagues to gather their headaches.

Configuration Manager Properties - Internet

Configuration Manager Properties – Internet

Symptoms

  1. Remote / Off-site devices are not reporting in or showing in the Management console
  2. Remote devices are not getting policy updates, or software installations
  3. Remote devices begin falling out of inventory due to aging records

Potential causes

Based on my experience and learning from customers, the vast majority of Internet-Based Client Management issues are related to one of three basic problems:

  1. Corrupted or Missing Client PKI certificate on Client computer
  2. Improperly configured or faulty PKI environment (also in DMZ)
  3. DNS configuration or publishing issues (in DMZ as well)
  4. Network Connectivity or Firewall configuration issues
  5. The Site Server isn’t joined to an AD domain
  6. Site Server Shares exist on the Site server system managing Internet Clients
  7. Missing or Unavailable CRL in perimeter network (DMZ)
  8. Not testing thoroughly before going to production!

Suggestions

Having a properly-configured, reliable and available PKI environment is essential to both Native Mode operations, as well as Internet Client management. But because PKI is so intertwined with DNS and Active Directory, I would usually start by eliminating the obvious: DNS. The familiar tools like NSLOOKUP and PING, or PATHPING, can be very helpful in diagnosing the most basic DNS configuration or functional issues.

  • Verify Internet connectivity from remote clients
  • Verify Name Resolution from outside your network (DNS)
  • Verify PKI certificates are properly configured, provisioned and installed

Helpful links

Series NavigationSCCM 2007 Client Troubleshooting – Part 7: Mobile device clients installation - SCCM 2007 Client Troubleshooting – Part 9: R3 Client Power Management

-1+1 - Rate this post
Loading ... Loading ...
Your question wasn't answered? Ask in the new 4sysops forum!
===Leave a Comment===

Login

Lost your password?