can we install SCCM Client on work group machines , if that machine is on internet and CMG is configured
Question
can we install SCCM Client on work group machines , if that machine is on internet and CMG is configured
Jeet S 
Leave an answer
Sorry, you do not have permission to answer to this question .
Answers ( 4 )
Hello Jeet,
Anoop’s method mentioned is valid and reliable.
Now let’s try something which is not on papers anywhere but we tested it anyway just for our better understanding.
1. You want to Install SCCM Agent on Workgroup Machines and want to manage them if they are on internet using CMG. (Anoop has answered it already)
2. Let’s manage those Workgroup Clients without Internet and Without CMG. I know it sounds weird but this is just for testing.
3. Install SCCM Agent by using our traditional method. Copy binaries to the client and specify like below commandline:
ccmsetup.exe /skipprereq:dotnetfx40_client_x86_x64.exe;Silverlight.exe /forceinstall CCMHTTPPORT=80 RESETKEYINFORMATION=TRUE SMSMP=YOURMP.com SMSSITECODE=TST DNSSUFFIX=YourDNS.com
Check CCMSETUP.LOG for status.
4. Make sure all required ports are open between client and SCCM.
5. Check in the console if host appeared under tab devices. Right click on it and select Approve.
6. Now deploy something and test.
Kindly update once done.
hi Deepak I Tried ,
seems some cert issue, even after publishing root cert, let’s see if NDES helps , will update .
log errors :
Completed searching client certificates based on Certificate Issuers ccmsetup 4/30/2020 1:44:43 PM 4696 (0x1258)
Begin to select client certificate ccmsetup 4/30/2020 1:44:43 PM 4696 (0x1258)
The ‘Certificate Selection Criteria’ was not specified, counting number of certificates present in ‘MY’ store of ‘Local Computer’. ccmsetup 4/30/2020 1:44:43 PM 4696 (0x1258)
1 certificate(s) found in the ‘MY’ certificate store. ccmsetup 4/30/2020 1:44:43 PM 4696 (0x1258)
Only one certificate present in the certificate store. ccmsetup 4/30/2020 1:44:43 PM 4696 (0x1258)
Failed to get certificate subject name using type 6 [80092004] ccmsetup 4/30/2020 1:44:43 PM 4696 (0x1258)
Failed to get certificate subject name using type 3 [80092004] ccmsetup 4/30/2020 1:44:43 PM 4696 (0x1258)
Completed validation of Certificate [Thumbprint ] issued to ” ccmsetup 4/30/2020 1:44:43 PM 4696 (0x1258)
Failed to read assigned site code from registry. Error code = 0x80070002 ccmsetup 4/30/2020 1:44:43 PM 4696 (0x1258)
Could not retrieve value for MDM_ConfigSetting . Error 0x80041013 ccmsetup 4/30/2020 1:44:43 PM 516 (0x0204)
CcmSetup is exiting with return code 0 ccmsetup 4/30/2020 1:44:43 PM 516 (0x0204)
Unexpected row count (0) retrieved from AD. ccmsetup 4/30/2020 1:44:43 PM 4696 (0x1258)
GetADInstallParams failed with 0x80004005 ccmsetup 4/30/2020 1:44:43 PM 4696 (0x1258)
WPJ Certificate not found ccmsetup 4/30/2020 1:44:43 PM 4696 (0x1258)
Why NDES is coming here with this deployment? I’m confused now.
Are you managing this device with Intune and SCCM at the same time
Installation is not a problem at all but I don’t think this will work properly without any proper authentication mechanism. I don’t think this is even supported scenario.
I would recommend trying out Intune management with Azure AD registered option If that is possible for you to try…
But wait, yes as per the documentation it’s possible to have CMG for workaround clients if you have appropriate certificates at the client-side to authenticate with both CMG and on-prem MP etc..
“Workgroup clients. These devices may require additional configuration, such as certificates.
Starting in version 2002, the Configuration Manager supports token-based authentication, which may help with the management of remote workgroup clients. For more information, see Token-based authentication for CMG.”
https://docs.microsoft.com/en-us/mem/configmgr/core/clients/manage/cmg/plan-cloud-management-gateway#specific-use-cases