Announcement

Collapse
No announcement yet.

problems installing client from SMS admin console

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • problems installing client from SMS admin console

    Dear all,

    As said earlier I am studying on SMS2003 and presently what I see is that I can push install clients from the admin console on the system with firewall disabled but not been able to install clients from the SMS server to the systems which have firewall enabled (winxp sp2 ) even what I see is that, if I enable the firewall on the system which has got the client already installed, remote tools stop working or the otherway SMS admin is unable to connect to the client.

    Now, my question is firewall is by default enabled in winxp systems and if I have to go to every workstation to disable the firewall to install the client, then whats the point of having smsadmin as the local admin on the client systems and what the whole point of having a management software itself.

    Is there a workaround of the firewall problem, can't it be done with firewall on and having the admin account itself?

    please help. comments always welcome

    Anyway I have also edited the firewall settings to enable all traffic from localsubnet through ports : 1761,2701,2702,2703,2704,135 TCP, But the smsadmin console still does not talk to the agent.
    Last edited by sactsoul; 8th September 2006, 06:59.

  • #2
    Re:Good point

    Me,myself also studying SMS 2003 installation manual which is of 688 pages..
    Uhh..Huge ..Ha !

    I am also worried about Firewall thing. In our network we are running "Squid"
    firewall on Red Hat ENT edition .....But i hope i can use SMS server for distributing
    Windows updates to those 130 machines in my local area network ? Any comment
    as you already started R & D on it ?
    All in 1
    Solaris,Linux & Windows admin + networking.

    Comment


    • #3
      Re: problems installing client from SMS admin console

      Originally posted by sactsoul
      Dear all,

      Now, my question is firewall is by default enabled in winxp systems and if I have to go to every workstation to disable the firewall to install the client, then whats the point of having smsadmin as the local admin on the client systems and what the whole point of having a management software itself.

      Is there a workaround of the firewall problem, can't it be done with firewall on and having the admin account itself?
      Sorry, can't help you with SMS, but you can disable (and enable) XP Firewall remotely.
      Disable 1
      Disable 2

      Search Forums
      1 1 was a racehorse.
      2 2 was 1 2.
      1 1 1 1 race 1 day,
      2 2 1 1 2

      Comment


      • #4
        Re: problems installing client from SMS admin console

        as mentioned earilier, there are methodes to disable winxp firewall.
        if you have and enterprise firewall then mostly there is no need for winxp firewall.

        but if you still want to maintain the firwall, i would recommand using GPO to maintain XPFW settings and allow only the ports needed for SMSclient to work properly.

        the recommanded way is to allow ccmexec.exe and smsremote utitily exe file to have external access and allow next ports for client-server communication:

        Port requirements: SMS 2003 Advanced Client to Management Point or to distribution point
        Port 80 Hypertext Transfer Protocol (HTTP)
        Port 139 Client sessions (for non BITS-enabled DPs)
        Port 445 Server Message Block (for non BITS-enabled DPs)

        Port requirements: SMS Remote Control System service: Wuser32
        Application protocol Protocol Ports
        SMS Remote Chat TCP 2703
        SMS Remote Chat UDP 2703
        SMS Remote Control (control) TCP 2701
        SMS Remote Control (control) UDP 2701
        SMS Remote Control (data) TCP 2702
        SMS Remote Control (data) UDP 2702
        SMS Remote File Transfer TCP 2704
        SMS Remote File Transfer UDP 2704

        SMS Remote Control UDP
        When you use NetBIOS over TCP/IP for SMS Remote Control, the following ports are used:Port 137 Name resolution
        Port 138 Messaging
        Port 139 Client sessions


        for more information, please refer to:
        http://support.microsoft.com/kb/826852/
        Yaniv Feldman
        Microsoft Security Regional Director
        Microsoft Management Expert
        MCSA, MCSE, MCT

        Comment


        • #5
          Re: problems installing client from SMS admin console

          Thanks for all the efforts guys. I am sorry to stay back for so long but was R & D on the firewall and have come up with the same settings as told by yanifvel. Thank you very much indeed.

          Presently I am using a GPO with the settings and able to solve my firewall problem

          Now I have come up with another problem. I will make a new post for it please guide me.Please.

          Comment

          Working...
          X