Re: remote clients behind firewall

Tech-Archive recommends: Repair Windows Errors & Optimize Windows Performance

From: pdx (pdx_at_discussions.microsoft.com)
Date: 12/22/04 

Date: Wed, 22 Dec 2004 14:37:05 -0800

The clients are part of the domain and the Client Installer acct has local
admin rights on the machines as a result of membership in Domain Admins group.
I have been able to successfully install (according to ccm.log, although the
machines still don't show as clients after 24 hours) other clients in the
same situation except for the absence of a firewall.

I'm deducing that the firewall is blocking the install and I need to know
what ports need to be open to install/manage a sms client behind a firewall.

"Jeff Harbaugh [MSFT]" wrote:

> If the clients are not part of the domain you cannot push the clients unless
> you have the rights to the machine. If you are using these machines I would
> add %Machinename%\Administrator to the list of course you are going to need
> the admin password on the machine. You could have the users run client.msi
> to install.
>
> --
> Thanks,
> Jeff Harbaugh [MSFT]
> This posting is provided "AS IS" with no warranties, and confers no rights.
>
> "pdx" <pdx@discussions.microsoft.com> wrote in message
> news:6B84EA62-E3D5-4A47-B210-97B9835B7E39@microsoft.com...
> >I have some remote users who work out of their homes and have firewalls
> > between their home network and the site.
> > They vpn in to the company network/domain once a week and when I try to
> > manually install the advanced client when they are connected via vpn, the
> > installation fails and the following error shows in ccm.log:
> >
> > WNetAddConnection2 failed using acct <client connection account here>
> >
> > I also can't net use connect to the admin$ share on the local machines
> > using
> > various admin accounts.
> >
> > I'm pretty sure this is a firewall issue but investigation has not
> > indicated
> > what ports have to be opened to allow the install - and other sms
> > functionality - with these clients. I figure 135 has to be opened and if
> > that's correct what others?
> >
> > Thanks
>
>
>

Relevant Pages

  • Re: Users dont have permission to install software?
    ... > they do get the admin rights to their machines. ... We need another 'mode', such as 'install only mode', where a user can login ... Les Connor [SBS Community Member - SBS MVP] ...
    (microsoft.public.windows.server.sbs)
  • Re: Local Admin on workstation
    ... I wouldn't make them admin for 15 installs... ... You could use psexec but you first need to make a silent install ... convertors pack from MS for office 03 machines. ... You may also just use psexec to make a silent install remotely.. ...
    (microsoft.public.windows.server.active_directory)
  • Re: Cannot make SMS clients install; SMS_HIERARCHY_MANAGER problem
    ... can you provide some detailed information such as what ... SMS installed OK and detects the machines and ... I can't make any of the clients install. ...
    (microsoft.public.sms.setup)
  • Re: Client HELP !!!
    ... "Yet software adverts are bein picked up. ... > it seems that while i have been on holiday my machines ... > client is install and assigned, ... > have the clients installed. ...
    (microsoft.public.sms.admin)
  • Re: Remote execute
    ... I can install on clients whatever ... services or software I need to, but later would like to open notepad (just ... And your Clients are nevertheless Windows? ... Windows machines, ...
    (alt.os.linux)