Problem with SCCM clients VPN is connected

Question

Problem with SCCM 1910 clients on VPN. When the VPN is connected, the client stops working in the sense that no new policies/deployments are getting to the machine. No applications deployments, no packages, no patches and no task seq deployments, No errors in the log files.
Since updating the sccm server from 1810 to 1910 and updating the clients. On the LAN clients immediately get policies and can see new deployments but users on VPN dont.
UNTIL I restart smsagenthost on the VPN Client it then wakes up and get policies and deployments.
And the next day well same again.
In the age of approaching the 4th indust evolution with more users working offsite over VPN and pandemics like Covid MS better catch a wake up this nonsense is not on.

in progress 0
jaan roodt 4 months 6 Answers 140 views Beginner 0

Answers ( 6 )

  1. If you feel this is a bug, then you should open a Premier case with Microsoft and get it looked at. I had not problems with 1910+VPN and now I’m on 2002 and no issues with or without VPN.

    Perhaps try 2002.

  2. Hello Jaan Roodt,

    We can understand your frustration. With little bit of co-ordination we can find the root cause of this problem you are facing.

    SCOPE: We will be considering this thread resolved if clients reporting and start interacting with SCCM Infrastructure when connected to VPN.

    Before jumping on to the troubleshooting let’s hear from you about what all steps you tried so i can exclude those from my list along with below details and it will save time for both of us as no repeated step.

    SITE VERSION
    CONSOLE VERSION
    CLIENT VERSION
    STANDALONE PRIMARY OR CAS AND OS
    HIERARCHY
    OS ON CLIENTS
    RECENTLY CHANGED : IN-PLACE UPGRADE TO 1910 from 1810 – GIVEN IN YOUR QUESTION
    CLIENT PUSH YES/NO
    VPN SUBNETS DEFINED IN BOUNDARY
    SUBNETS DEFINED IN AD SITE
    SUPERNET YES/NO
    CO-MANAGEMENT YES/NO
    ALL COMPONENTS REINSTALLED AFTER 1910 UPGRADE & HEALTHY
    ABLE TO CONNECT TO C$ OF THE CLIENTS
    ADMIN$ IS REACHABLE
    BEFORE IN-PLACE UPGRADE CLIENTS WERE WORKING EVEN ON VPN YES/NO
    PKI?
    HTTPS MP, SUP
    ANY CHANGE ON NETWORK SIDE

    These are the only points i can think of for now. Each one is responsible for our current issue by someway or another.

  3. Also you need to make sure that all the Firewall ports are opened …Between the Client and SCCM server infra…

    • That’s quite obvious, the question is how did it work for the last 8 years if the firewall was not open? Why would the firewall which is not part of SCCM stop working when I update from 1810 to 1910? and the best why would the client work when I do a small stupid thing like restarting smsagenthost on the client.
      REALLY I don’t want to be rude, there are lots of guys on blogs out there at wits end with the same issue this is clearly a bug and not a wrong config or design. I am a senior engineer been working on ESM for 12 years and SCCM for 9.
      I feel MS needs to step up and make the issue known else refund companies their money they paid for the product.

      • Hi Anoop,

        Is that really bug in SCCM 1910 version based on your knowldege?

        I am using 1906 version. So not able to check with issue on my company.

        Thanks
        Karthikeyan

  4. Hi,

    * verify VPN IPrange or VPN ADsite are added in boundary and boundary group.
    * verify sccm ports are opened those vpn subnets

Leave an answer

Sorry, you do not have a permission to answer to this question .