SCCM Client Install where Client is not on VPN but we have a CMG and IBCN



Look at what are the options of installing SCCM Client on machines where they are not connected to our VPN.

We have a CMG set and IBCN and plan on having a SCCM Client package available for users to install.  Howevcr with the ccmsetup.exe should we be looking at any particular switches for clients that are not on our VPN.  Do we need to consider as part of our package deploying a certificate so client can effectively communicate with the CMG?

Should we look at using the property for SMSSignCert?

Microsoft Article states export self-signed certificate on the site server. The site server stores this certificate in the SMS certificate store. It has the Subject name Site Server and the friendly name Site Server Signing Certificate.

Export the certificate without the private key, store the file securely, and access it only from a secured channel.

Then use /UsePKICert SMSSIGNCERT=C:foldersmssign.cer

The aim is to repair SCCM clients where users do not have VPN so a uninstall and reinstall of the SCCM Client to point to the CMG to fall back under management.




Answers ( 2 )


    Hi So resolved by following as this is non VPN clients had to export the certificate site server signing certificate and as part of the installation script assign a path to where the cert was hosted and wrapped into a self extracting package that the user can then deploy themselves.

    Best answer

Leave an answer

Sorry, you do not have permission to answer to this question .