Chris Stauffer at myITForum.com

You want me to do What?

Syndication

News

Links to blogs i like

Links

SCCM Client Install in a DMZ

SCCM Client Install in a DMZ

I was asked to install the SCCM client in a DMZ scenario. I had notes that someone on the MyITForum SMS list put together for SMS 2003 (sorry I don’t know who wrote them or I would give credit). The problem is that SMS only needs the ccmsetup.exe file to install the client. In SCCM there are a lot more files involved. So I was getting error code (5) access denied on the install in the ccmsetup.log file after the CCMSetup.exe downloaded and it went back for BITS.

Successfully started the ccmsetup service

Deleted file C:\WINDOWS\system32\ccmsetup\ccmsetup.exe.download

All other instances of ccmsetup have completed.

Downloading file i386\BITS25\WindowsServer2003-KB923845-x86-ENU.exe

Determining source location...

Source \\spqdhq1m02.psp.lcl\sccm_client is inaccessible (5)

Failed to find accessible source. Waiting for retry.

Next retry in 10 minute(s)...

After talking with Rick Jones I came to the conclusion that it would be easier to copy all of the files needed to a location on the local machine then use the source switch to execute the install.

So what I did was create an SMS installer that will create the needed LMHOSTS and HOSTS file changes that are needed (see below notes) so the client can find the server and then copy all of the files needed to install the client.

I attached a copy of the IPF to this post so it should contain everything that you will need to get the client installed in your DMZ.

Make sure that you edit the variables for your environment then compile the IPF.

You can execute the file on the needed machine and you are all set.

Additional notes:

In order for the client to find the server without a wins or DNS or AD structure the following changes will need to be made to the LMHOSTS file and the Hosts file

Client Configuration

LMHOSTS file:

Add the SMS information to an LMHOSTS file, which you can copy to each client. Use the following as a guide (WS03DC01 is the SMS server name):

192.168.1.61 ws03dc01                        #PRE
192.168.1.61 "SMS_SLP            \0x1A" #PRE
192.168.1.61 "SMS_MP              \0x1A" #PRE
192.168.1.61 "SMS_NLB             \0x1A" #PRE
                 # "12345678901234567890"
(note that there are 20 characters between the quote marks on each line, and the last line is just to help with spacing – it is not needed)

HOSTS file:

Add the SMS information to an HOSTS file, which you can copy to each client. Use the following as a guide (WS03DC01 is the SMS server name):

192.168.1.61 ws03dc01.domain.lcl ws03dc01

Published Friday, February 06, 2009 12:32 PM by cstauffer
Filed under: , , ,

Comments

# re: SCCM Client Install in a DMZ@ Friday, February 06, 2009 1:01 PM

Hi Chris.  We have similar challenges with the DMZ but I had some questions.

In all of my logs the client bits get pulled from an HTTP location from the MP and don't use the \\ convention.  So as long as port 80 to the MP and site server is open it works fine.

Also, we do add hosts file entries when DNS is not set up but I was curious about the need to define LMHOSTS entries.  Should we be doing this?  Our clients seem to work but I want to make sure I'm not missing an important step.  Thanks - your posts are always very informative.

by caseyrobertson

# re: SCCM Client Install in a DMZ@ Monday, February 09, 2009 9:45 AM

We dont have dns or wins in this ennviornment so I created the LMHost entries because it is what MS says to use in wins when you dont have AD integration.

I would think that if everything is working for you then I would leave it be.

In our case we dont use port 80 we use ports 62xx to isolate sccm. The port is open but we could not get access for what ever reason.

This solution works in our case. In talking with Rick he had a similar situation and so this is the solution I came up with.

Heck every enviornment works different so....

by cstauffer