+ Post New Thread
Results 1 to 11 of 11
O/S Deployment Thread, Client push - what ports need opening in windows firewall? in Technical; If I turn off the firewall the client will install successfully. I have opened the following ports via GP and ...
  1. #1

    RabbieBurns's Avatar
    Join Date
    Apr 2008
    Location
    Sydney
    Posts
    5,527
    Thank Post
    1,339
    Thanked 470 Times in 307 Posts
    Blog Entries
    6
    Rep Power
    200

    Client push - what ports need opening in windows firewall?

    If I turn off the firewall the client will install successfully. I have opened the following ports via GP and tested the policy is applying:
    sccmports.PNG
    What have I missed that is blocking this?

  2. #2

    Join Date
    May 2011
    Location
    Jus North of London, close but not too close
    Posts
    797
    Thank Post
    180
    Thanked 61 Times in 58 Posts
    Rep Power
    35
    Quote Originally Posted by RabbieBurns View Post
    If I turn off the firewall the client will install successfully. I have opened the following ports via GP and tested the policy is applying:
    sccmports.PNG
    What have I missed that is blocking this?
    On the workstation enable Windows Management Instrumentation WMI program.

    I've tried this by just opening the ports by policy and it didn't work.

    Alternatively you can do this by machine policy on a 2008 R2 Server

    Goto Computer Configuration > Policies > Windows Settings > Security Settings > Windows Firewall with Advanced Security > Inbound Rules

    Select a Predifined Rule for WMI in Rule Type.

    Should do the trick

  3. #3

    RabbieBurns's Avatar
    Join Date
    Apr 2008
    Location
    Sydney
    Posts
    5,527
    Thank Post
    1,339
    Thanked 470 Times in 307 Posts
    Blog Entries
    6
    Rep Power
    200
    i tried enabling WMI manually on a couple of laptops in the advanced firewall config and it still didnt work...

  4. #4

    Join Date
    May 2011
    Location
    Jus North of London, close but not too close
    Posts
    797
    Thank Post
    180
    Thanked 61 Times in 58 Posts
    Rep Power
    35
    I actually forgot to do it in the image and done it through policy without a problem.

    Can you connect any other service via WMI (i.e. VAMT) to jus check and make sure the port is open on the laptop.

    From memory I also think you need to make Domain Admins a member of the administrators group on the local PC for SCCM client to install.

  5. #5

    Join Date
    May 2008
    Posts
    48
    Thank Post
    1
    Thanked 2 Times in 2 Posts
    Rep Power
    13
    Try adding the SCCM server's computer account to the local administrators group (try by hand first to make sure it works, then can be done through group policy). Seemed to do the trick for me.

  6. Thanks to scottpowers82 from:

    RabbieBurns (12th September 2012)

  7. #6

    RabbieBurns's Avatar
    Join Date
    Apr 2008
    Location
    Sydney
    Posts
    5,527
    Thank Post
    1,339
    Thanked 470 Times in 307 Posts
    Blog Entries
    6
    Rep Power
    200
    right still struggling to get the client to push out from SCCM so Im going to look at using just group policy

    Ive imported the ADM files for it but not sure what settings need to be configured?

  8. #7

    RabbieBurns's Avatar
    Join Date
    Apr 2008
    Location
    Sydney
    Posts
    5,527
    Thank Post
    1,339
    Thanked 470 Times in 307 Posts
    Blog Entries
    6
    Rep Power
    200
    Think I figured it out and its installing via GPO OK

  9. #8

    Join Date
    Jan 2013
    Posts
    1
    Thank Post
    0
    Thanked 0 Times in 0 Posts
    Rep Power
    0
    Quote Originally Posted by RabbieBurns View Post
    Think I figured it out and its installing via GPO OK
    Hi did you ever get this to work?

    I'm having the same problems.

  10. #9

    RabbieBurns's Avatar
    Join Date
    Apr 2008
    Location
    Sydney
    Posts
    5,527
    Thank Post
    1,339
    Thanked 470 Times in 307 Posts
    Blog Entries
    6
    Rep Power
    200
    Nope. Still having the same problem. The only way I seem to be able to get it to work is to move computers account in AD to the default Computers container, and then manually tun off the firewall on the device.

    If I move the computer account to another container, which has a group policy to explicitely disable all windows firewall, the client fails to install.

    Using CMTRACE I can see the folliwing:

    What might I have done wrong?

    Anyone?

    smsclientfail.PNG

  11. #10
    gshaw's Avatar
    Join Date
    Sep 2007
    Location
    Essex
    Posts
    2,662
    Thank Post
    166
    Thanked 220 Times in 203 Posts
    Rep Power
    67
    Not sure if 2012 is the same as previous versions but you used to need the "Remote Administration" option allowed in the firewall

  12. #11

    RabbieBurns's Avatar
    Join Date
    Apr 2008
    Location
    Sydney
    Posts
    5,527
    Thank Post
    1,339
    Thanked 470 Times in 307 Posts
    Blog Entries
    6
    Rep Power
    200
    but what i don't understand is why it still fails even when i explicitly disable the firewall in GPO?

SHARE:
+ Post New Thread

Similar Threads

  1. Replies: 5
    Last Post: 11th March 2010, 09:21 AM
  2. php script help - open in a new window
    By FN-GM in forum Web Development
    Replies: 9
    Last Post: 19th September 2008, 02:16 PM
  3. [CLOSED] Improvement: Open in new window
    By Lee_K_81 in forum EduGeek.net Site Problems
    Replies: 10
    Last Post: 8th January 2008, 08:25 AM
  4. Blogs top open in new window or new tab
    By ITWombat in forum Comments and Suggestions
    Replies: 3
    Last Post: 22nd July 2007, 01:35 PM
  5. Replies: 10
    Last Post: 24th March 2006, 09:48 AM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •