problems installing client from SMS admin console

Home Forums Microsoft Networking and Management Services System Management problems installing client from SMS admin console

This topic contains 4 replies, has 4 voices, and was last updated by Avatar sactsoul 13 years, 3 months ago.

Viewing 5 posts - 1 through 5 (of 5 total)
  • Author
    Posts
  • Avatar
    sactsoul
    Member
    #115199

    Dear all,

    As said earlier I am studying on SMS2003 and presently what I see is that I can push install clients from the admin console on the system with firewall disabled but not been able to install clients from the SMS server to the systems which have firewall enabled (winxp sp2 ) even what I see is that, if I enable the firewall on the system which has got the client already installed, remote tools stop working or the otherway SMS admin is unable to connect to the client.

    Now, my question is firewall is by default enabled in winxp systems and if I have to go to every workstation to disable the firewall to install the client, then whats the point of having smsadmin as the local admin on the client systems and what the whole point of having a management software itself.

    Is there a workaround of the firewall problem, can’t it be done with firewall on and having the admin account itself?

    please help. comments always welcome

    Anyway I have also edited the firewall settings to enable all traffic from localsubnet through ports : 1761,2701,2702,2703,2704,135 TCP, But the smsadmin console still does not talk to the agent.

    Avatar
    sco1984
    Member
    #221670

    Re:Good point

    Me,myself also studying SMS 2003 installation manual which is of 688 pages..
    Uhh..Huge ..Ha !

    I am also worried about Firewall thing. In our network we are running “Squid”
    firewall on Red Hat ENT edition …..But i hope i can use SMS server for distributing
    Windows updates to those 130 machines in my local area network ? Any comment
    as you already started R & D on it ? :)

    Avatar
    biggles77
    Spectator
    #204978

    Re: problems installing client from SMS admin console

    sactsoul wrote:
    Dear all,

    Now, my question is firewall is by default enabled in winxp systems and if I have to go to every workstation to disable the firewall to install the client, then whats the point of having smsadmin as the local admin on the client systems and what the whole point of having a management software itself.

    Is there a workaround of the firewall problem, can’t it be done with firewall on and having the admin account itself?

    Sorry, can’t help you with SMS, but you can disable (and enable) XP Firewall remotely.
    Disable 1
    Disable 2

    Search Forums

    Avatar
    yanivfel
    Member
    #221457

    Re: problems installing client from SMS admin console

    as mentioned earilier, there are methodes to disable winxp firewall.
    if you have and enterprise firewall then mostly there is no need for winxp firewall.

    but if you still want to maintain the firwall, i would recommand using GPO to maintain XPFW settings and allow only the ports needed for SMSclient to work properly.

    the recommanded way is to allow ccmexec.exe and smsremote utitily exe file to have external access and allow next ports for client-server communication:

    Port requirements: SMS 2003 Advanced Client to Management Point or to distribution point
    Port 80 Hypertext Transfer Protocol (HTTP)
    Port 139 Client sessions (for non BITS-enabled DPs)
    Port 445 Server Message Block (for non BITS-enabled DPs)

    Port requirements: SMS Remote Control System service: Wuser32
    Application protocol Protocol Ports
    SMS Remote Chat TCP 2703
    SMS Remote Chat UDP 2703
    SMS Remote Control (control) TCP 2701
    SMS Remote Control (control) UDP 2701
    SMS Remote Control (data) TCP 2702
    SMS Remote Control (data) UDP 2702
    SMS Remote File Transfer TCP 2704
    SMS Remote File Transfer UDP 2704

    SMS Remote Control UDP
    When you use NetBIOS over TCP/IP for SMS Remote Control, the following ports are used:Port 137 Name resolution
    Port 138 Messaging
    Port 139 Client sessions

    for more information, please refer to:
    http://support.microsoft.com/kb/826852/

    Avatar
    sactsoul
    Member
    #283259

    Re: problems installing client from SMS admin console

    Thanks for all the efforts guys. I am sorry to stay back for so long but was R & D on the firewall and have come up with the same settings as told by yanifvel. Thank you very much indeed.

    Presently I am using a GPO with the settings and able to solve my firewall problem

    Now I have come up with another problem. I will make a new post for it please guide me.Please.

Viewing 5 posts - 1 through 5 (of 5 total)

You must be logged in to reply to this topic.