CAn't install SCCM Client through VPN

Hi,

Hope everything is going well.

1,Kindly help check the ccmsetup.log and ccm.log to see if there is any further information.

2,Kindly make sure the site server is able to resolve the VPN client's IP address.

3,Which boundary type you are using for VPN clients? It's recommended to use IP address range boundary for VPN clients and set up a boundary group for it.

4,Please check your boundaries and boundary groups configurations, and associate your MPs and DPs to the boundary groups. Make sure the client can communicate with the MPs and DPs. Please also make sure your Firewall doesn't block the communication between the client and site system servers.

For more troubleshooting steps, please refer to:

SCCM Client install fails over vpn

Troubleshooting SCCM ..Part I (Client Push Installation )

Hope it helps. Have a nice day!

Best regards,

Simon

If the response is helpful, please click "Accept Answer" and upvote it.

Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

hello

1. ccm.log

Execute query exec [sp_CP_GetNewPushMachines] N'LOG' SMS_CLIENT_CONFIG_MANAGER 24/12/2024 09:23:58 8428 (0x20EC) Execute query exec [sp_CP_SetPushRequestMachineStatus] 2097152040, 1 SMS_CLIENT_CONFIG_MANAGER 24/12/2024 09:23:58 8428 (0x20EC) Execute query exec [sp_CP_GetPushRequestMachine] 2097152040 SMS_CLIENT_CONFIG_MANAGER 24/12/2024 09:23:58 8428 (0x20EC) Successfully retrieved information for machine LGRP-0626 from DB SMS_CLIENT_CONFIG_MANAGER 24/12/2024 09:23:58 8428 (0x20EC) Execute query exec [sp_CP_GetPushRequestMachineIP] 2097152040 SMS_CLIENT_CONFIG_MANAGER 24/12/2024 09:23:58 8428 (0x20EC) Execute query exec [sp_CP_GetPushRequestMachineResource] 2097152040 SMS_CLIENT_CONFIG_MANAGER 24/12/2024 09:23:58 8428 (0x20EC) Execute query exec [sp_CP_GetPushMachineName] 2097152040 SMS_CLIENT_CONFIG_MANAGER 24/12/2024 09:23:58 8428 (0x20EC) Received request: "2097152040" for machine name: "LGRP-0626" on queue: "Incoming". SMS_CLIENT_CONFIG_MANAGER 24/12/2024 09:23:58 8428 (0x20EC) Stored request "2097152040", machine name "LGRP-0626", in queue "Processing". SMS_CLIENT_CONFIG_MANAGER 24/12/2024 09:23:58 8428 (0x20EC) Execute query exec [sp_CP_SetPushRequestMachineStatus] 2097152040, 1 SMS_CLIENT_CONFIG_MANAGER 24/12/2024 09:23:58 8428 (0x20EC) ----- Started a new CCR processing thread. Thread ID is 0x2650. There are now 1 processing threads SMS_CLIENT_CONFIG_MANAGER 24/12/2024 09:24:00 8428 (0x20EC) Submitted request successfully SMS_CLIENT_CONFIG_MANAGER 24/12/2024 09:24:00 8428 (0x20EC) Getting a new request from queue "Incoming" after 100 millisecond delay. SMS_CLIENT_CONFIG_MANAGER 24/12/2024 09:24:00 8428 (0x20EC) Waiting for change in directory "C:\Program Files\Microsoft Configuration Manager\inboxes\ccr.box" for queue "Incoming", (30 minute backup timeout). SMS_CLIENT_CONFIG_MANAGER 24/12/2024 09:24:00 8428 (0x20EC) ======>Begin Processing request: "2097152040", machine name: "LGRP-0626" SMS_CLIENT_CONFIG_MANAGER 24/12/2024 09:24:00 9808 (0x2650) Execute query exec [sp_IsMPAvailable] N'LOG' SMS_CLIENT_CONFIG_MANAGER 24/12/2024 09:24:00 9808 (0x2650) ---> Trying the 'best-shot' account which worked for previous CCRs (index = 0x0) SMS_CLIENT_CONFIG_MANAGER 24/12/2024 09:24:00 9808 (0x2650) ---> Attempting to connect to administrative share '\LGRP-0626.logigroup.local\admin$' using account 'LOGIGROUP\sysmgmtadmin' SMS_CLIENT_CONFIG_MANAGER 24/12/2024 09:24:00 9808 (0x2650) ---> WNetAddConnection2 failed (LOGON32_LOGON_NEW_CREDENTIALS) using account LOGIGROUP\sysmgmtadmin (00000035) SMS_CLIENT_CONFIG_MANAGER 24/12/2024 09:24:26 9808 (0x2650) ---> The device LGRP-0626.logigroup.local does not exist on the network. Giving up SMS_CLIENT_CONFIG_MANAGER 24/12/2024 09:24:26 9808 (0x2650) ---> Trying the 'best-shot' account which worked for previous CCRs (index = 0x0) SMS_CLIENT_CONFIG_MANAGER 24/12/2024 09:24:26 9808 (0x2650) ---> Attempting to connect to administrative share '\LGRP-0626\admin$' using account 'LOGIGROUP\sysmgmtadmin' SMS_CLIENT_CONFIG_MANAGER 24/12/2024 09:24:26 9808 (0x2650) ---> WNetAddConnection2 failed (LOGON32_LOGON_NEW_CREDENTIALS) using account LOGIGROUP\sysmgmtadmin (00000035) SMS_CLIENT_CONFIG_MANAGER 24/12/2024 09:24:47 9808 (0x2650) ---> The device LGRP-0626 does not exist on the network. Giving up SMS_CLIENT_CONFIG_MANAGER 24/12/2024 09:24:47 9808 (0x2650) ---> ERROR: Unable to access target machine for request: "2097152040", machine name: "LGRP-0626", access denied or invalid network path. SMS_CLIENT_CONFIG_MANAGER 24/12/2024 09:24:47 9808 (0x2650) STATMSG: ID=3015 SEV=W LEV=M SOURCE="SMS Server" COMP="SMS_CLIENT_CONFIG_MANAGER" SYS=PRD8.LOGIGROUP.LOCAL SITE=LOG PID=4044 TID=9808 GMTDATE=mar. déc. 24 08:24:47.229 2024 ISTR0="LGRP-0626" ISTR1="" ISTR2="" ISTR3="" ISTR4="" ISTR5="" ISTR6="" ISTR7="" ISTR8="" ISTR9="" NUMATTRS=0 LE=0X35 SMS_CLIENT_CONFIG_MANAGER 24/12/2024 09:24:47 9808 (0x2650) Execute query exec [sp_CP_SetLastErrorCode] 2097152040, 53 SMS_CLIENT_CONFIG_MANAGER 24/12/2024 09:24:47 9808 (0x2650) Stored request "2097152040", machine name "LGRP-0626", in queue "Retry". SMS_CLIENT_CONFIG_MANAGER 24/12/2024 09:24:47 9808 (0x2650) Execute query exec [sp_CP_SetPushRequestMachineStatus] 2097152040, 2 SMS_CLIENT_CONFIG_MANAGER 24/12/2024 09:24:47 9808 (0x2650) Execute query exec [sp_CP_SetLatest] 2097152040, N'12/24/2024 08:24:47', 295 SMS_CLIENT_CONFIG_MANAGER 24/12/2024 09:24:47 9808 (0x2650) <======End request: "2097152040", machine name: "LGRP-0626". SMS_CLIENT_CONFIG_MANAGER 24/12/2024 09:24:47 9808 (0x2650)

2 - the ip address resolve correctly

3 - Boundary type VPN added in the main boundary

if you need any more information please tell me

Hi,

Thanks for your reply.

==>Unable to access target machine for request: "XXX", machine name: XXX, access denied or invalid network path

This can be a firewall issue or a DNS name resolution issue. Is there any additional firewall configuration for your VPN? Kindly check the VPN configuration and Ports.

Best regards,

Simon

Hi,

Thanks for your reply.

Is your VPN subnet different from your local subnet? If they are not on the same subnet (which is the case in most cases), please check if VPN traffic is restricted between them. Make sure the ports that are used with client push installation are opened:

Windows Firewall and port settings for clients in Configuration Manager

Hope it helps. Have a nice day!

Best regards,

Simon

If the response is helpful, please click "Accept Answer" and upvote it.

Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

all the port on firewall is open the problem is when the machine is on VPN i can't install it but when the same Machine connect locally to the company network i install it normally