?
Solved

SCCM Client Installation Failed

Posted on 2009-05-15
6
Medium Priority
?
2,140 Views
Last Modified: 2013-11-21
I have installed SCCM 2007 in out environmnet. SCCM discovered all resourses in the network. I pushed client via Client Push. After some time it shows me iin SCCM console that on some machines client couldnt be installed. I did some reasearch and I came to know that firewall is protecting the installation. I turned of windows firewall on one machine to test and after that client installed perfactly.
As per the company's policy we cannot turn of firewall on some machines.
So if someone can tell me which specifically which port's expection I should add to install client and how can i push that setting thru GPO to all clients.
0
Comment
Question by:didba
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 3
6 Comments
 
LVL 8

Assisted Solution

by:U_Mansson
U_Mansson earned 1000 total points
ID: 24411534
Hi

you need to create exceptions for WMI and File/Print.

http://technet.microsoft.com/en-ca/library/bb680737.aspx

Another option is to install the client with GPO instead.

Regards

Ulf M.
0
 

Author Comment

by:didba
ID: 24411754
Thank you for your reply!
 File and Printer Sharing exception already there in firewall setting but I am not sure how to add WMI to that list. What is the exe for WMI or which ports I need to add in exceptions. Thanks in advance.
0
 
LVL 8

Assisted Solution

by:U_Mansson
U_Mansson earned 1000 total points
ID: 24411814
I think you have to use the WMI exception in the firewall.

On a single Vista machine:
1.In the Control Panel, click Security and then click Windows Firewall.
2.Click Change Settings and then click the Exceptions tab.
3.In the Exceptions window, select the check box for Windows Management Instrumentation (WMI) to enable WMI traffic through the firewall

I don't have access to my labserver right now so I can't check the settings in the GPO.
0
Get real performance insights from real users

Key features:
- Total Pages Views and Load times
- Top Pages Viewed and Load Times
- Real Time Site Page Build Performance
- Users’ Browser and Platform Performance
- Geographic User Breakdown
- And more

 

Author Comment

by:didba
ID: 24412466
We have XP SP3 clients.

In XP I cannot see WMI in exceptions list in windows firewall setting.
I google it to check which ports WMI uses but it looks like WMI use random port for communication.
So how to add WMI as a program to that list.
Thanks.
0
 

Author Comment

by:didba
ID: 24425813
I am still stuck on this issue. Please help.
0
 
LVL 8

Accepted Solution

by:
U_Mansson earned 1000 total points
ID: 24428960

WMI uses TCP ports 135 and 445 as well as dynamicallyassigned ports above 1024.
To handle this, you need to enable "Allow remote administration exception" for the firewall.

Administrative Templates\Network\Network Connections\Windows Firewall\Domain Profile
Windows Firewall: Allow remote administration exception
0

Featured Post

On Demand Webinar - Networking for the Cloud Era

This webinar discusses:
-Common barriers companies experience when moving to the cloud
-How SD-WAN changes the way we look at networks
-Best practices customers should employ moving forward with cloud migration
-What happens behind the scenes of SteelConnect’s one-click button

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Have you considered what group policies are backwards and forwards compatible? Windows Active Directory servers and clients use group policy templates to deploy sets of policies within your domain. But, there is a catch to deploying policies. The…
Background Information Recently I have fixed file server permission issues for one of my client. The client has 1800 users and one Windows Server 2008 R2 domain joined file server with 12 TB of data, 250+ shared folders and the folder structure i…
This is my first video review of Microsoft Bookings, I will be doing a part two with a bit more information, but wanted to get this out to you folks.
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…

801 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question