SCCM 2007 Client troubleshooting – Part 8: Internet Client installation

• Author
• Recent Posts

David Stein

David is an author and consultant, working for Endurance IT Services in Virginia Beach, Virginia, specializing in Microsoft enterprise systems and Business Process Automation.

Latest posts by David Stein (see all)

• How to deploy a scripted application installation with SCCM 2012 - Mon, Sep 23 2013
• How to deploy an MSI package with SCCM 2012 - Mon, Aug 19 2013
• SCCM 2007 – General client troubleshooting tips - Tue, Aug 6 2013

Also, because the client agent is essentially identical to an “internal” client agent, you have to perform all of the same diagnostic steps as you would for any other client, in addition to the additional layer of issues inherent with managing a computer outside of your internal network environment.

I will freely admit this is not my strongest area within the Configuration Manager realm. For that reason, I reached out to my customers and colleagues to gather their headaches.

Configuration Manager Properties - Internet

Symptoms

1. Remote / Off-site devices are not reporting in or showing in the Management console
2. Remote devices are not getting policy updates, or software installations
3. Remote devices begin falling out of inventory due to aging records

Potential causes

Based on my experience and learning from customers, the vast majority of Internet-Based Client Management issues are related to one of three basic problems:

1. Corrupted or Missing Client PKI certificate on Client computer
2. Improperly configured or faulty PKI environment (also in DMZ)
3. DNS configuration or publishing issues (in DMZ as well)
4. Network Connectivity or Firewall configuration issues
5. The Site Server isn’t joined to an AD domain
6. Site Server Shares exist on the Site server system managing Internet Clients
7. Missing or Unavailable CRL in perimeter network (DMZ)
8. Not testing thoroughly before going to production!

Suggestions

Having a properly-configured, reliable and available PKI environment is essential to both Native Mode operations, as well as Internet Client management. But because PKI is so intertwined with DNS and Active Directory, I would usually start by eliminating the obvious: DNS. The familiar tools like NSLOOKUP and PING, or PATHPING, can be very helpful in diagnosing the most basic DNS configuration or functional issues.

• Verify Internet connectivity from remote clients
• Verify Name Resolution from outside your network (DNS)
• Verify PKI certificates are properly configured, provisioned and installed

Helpful links

• Prerequisites for Internet-Based Client Management
• Supported Scenarios for Internet-Based Client Management
• Deploying Configuration Manager Sites to Support Internet-Based Clients
• Certificate Requirements for Native Mode
• Site System Roles that Support Internet-Based Client Management
• Determine Server Placement for Internet-Based Client Management
• Configuring DNS for Configuration Manager Site System Roles
• How to Configure the Internet FQDN of Site Systems that Support Internet-Based Client Management
• List of Log Files in Configuration Manager 2007
• Troubleshooting Configuration Manager Client Issues