Hi, we have single SCCM 2012 SP1 server on our internal network. It has been managing internal clients across our network successfully (including software deployments).
Now we want to be able to manage our clients when they roam off our network.
I've setup the autoenrolment for the Client Certificates, and used a Layer 4 reverse proxy (haproxy + stunnel) to allow traffic to go from the Internet into our SCCM server.
As our internal and external domain names are different, our reverse proxy terminates the SSL connection and retransmits to the SCCM server.
Only port 443 is reverse proxied.
I've redeployed the SCCM client out with the CCMHOSTNAME=external.address.com.
My tests have shown that clients while in the Internet can see software that is deployed to them, but if I try to install the software I get a failure.
The Console also reports that the Client is inactive (so it hasn't been checking in).
Are there any other ports that need to be proxied in?
Is the certificate difference causing an issue?