Internet Clients can be particularly difficult to troubleshoot for several reasons. Foremost, they are usually off-site, so that can present logistical challenges.

Also, because the client agent is essentially identical to an “internal” client agent, you have to perform all of the same diagnostic steps as you would for any other client, in addition to the additional layer of issues inherent with managing a computer outside of your internal network environment.

I will freely admit this is not my strongest area within the Configuration Manager realm. For that reason, I reached out to my customers and colleagues to gather their headaches.

Configuration Manager Properties - Internet

Configuration Manager Properties - Internet


  1. Remote / Off-site devices are not reporting in or showing in the Management console
  2. Remote devices are not getting policy updates, or software installations
  3. Remote devices begin falling out of inventory due to aging records

Potential causes

Based on my experience and learning from customers, the vast majority of Internet-Based Client Management issues are related to one of three basic problems:

  1. Corrupted or Missing Client PKI certificate on Client computer
  2. Improperly configured or faulty PKI environment (also in DMZ)
  3. DNS configuration or publishing issues (in DMZ as well)
  4. Network Connectivity or Firewall configuration issues
  5. The Site Server isn’t joined to an AD domain
  6. Site Server Shares exist on the Site server system managing Internet Clients
  7. Missing or Unavailable CRL in perimeter network (DMZ)
  8. Not testing thoroughly before going to production!


Having a properly-configured, reliable and available PKI environment is essential to both Native Mode operations, as well as Internet Client management. But because PKI is so intertwined with DNS and Active Directory, I would usually start by eliminating the obvious: DNS. The familiar tools like NSLOOKUP and PING, or PATHPING, can be very helpful in diagnosing the most basic DNS configuration or functional issues.

  • Verify Internet connectivity from remote clients
  • Verify Name Resolution from outside your network (DNS)
  • Verify PKI certificates are properly configured, provisioned and installed

Helpful links


Leave a reply

Your email address will not be published. Required fields are marked *


© 4sysops 2006 - 2023


Please ask IT administration questions in the forums. Any other messages are welcome.


Log in with your credentials


Forgot your details?

Create Account