SCCM Agent in DMZ

install sccm on DMZ

Below items are the requirements to install sccm client in DMZ

Requirements:

Ports:  80,443, 8530, 8531, 10123 and 9

The above ports are required between dmz server and SCCM server, DP, WSUS server & RootCA/SubCA servers too. Work with Security Team to open those ports

Copy Files:  Check with Senthil on how to copy files from sccm server to DMZ server. You need to use secure SFTP to upload/download files

Boundary/Boundary Group: Create boundary in SCCM by adding ip address or ip address range for DMZ servers. Then add that boundary to boundary group called “DMZ”.

Login to the DMZ/workgroup computer ,perform the following steps.

Go to the control Panel–>Network Connections–>Local Area Network
Go to Internet TCP IP Protocol .Click on Properties—> click on Advanced —>Go to DNS Tab .
add the DNS suffix of your domain as shown below.

Next to DNS tab,select WINS Tab,select ‘Enable NetBIOS Over TCP\IP (This is only applicable if you are using Static IP ) ,click Ok to save Changes.

Open CMD as administrator, open Notepad and select host file from C:\Windows\System32\drivers\etc

Add 3 ip address with server name and fqdn as shows in screenshot.

10.x.x.x  “sccm server name”  sccmserver.domain.com

 10.x.x.x  “mp servername” mpserver.domain.com

10.x.x.x  “wsus server name”  wsusserver.domain.com

 

Next ,we need to purge and preload Remote cache table. To do this, open cmd with admin rights again and run the below commands

nbtstat –R

Now we are done with the required changes and we are ready to install Configmgr Client.

Copy the sccm client installation files to local drive to workGroup machine (C:\temp\client).

Run the command prompt with local admin rights .

use the below command to install sccm client on your workgroup computer.

ccmsetup.exe /source:C:\temp/client SMSSITECODE=”site” SMSMP=mp.domain.com DNSSUFFIX= dnsDomain.com

monitor ccmsetup.log from C:\Windows\ccmsetup\Logs ,after couple of minutes, should see that ,CcmSetup is exiting with return code 0

 

Approve Client:

After successful installation of sccm client in dmz server, you need to go to SCCM Console, and find the dmz server and right click on it, and click Approve.

Exit mobile version