Clinet Push Not Working

[Les_Grossman]

First, let me thank all of you for an excellent site and these forums. Been very helpful as I have been thrust into taking over our SCCM environment.

 

I have one primary site that I upgraded to R2 SP1 last weekend. I am not able to get the client pushed to any Windows 10 clients. At first, I seemed to be having a problem with all push installs until I realized something was up with the push account. I have since corrected this, but am still unable to get Windows 10 clients installed through push. Manual installation through the console goes fine.

 

My boundary groups haven't changed and I can confirm I see the client machine in the console under all systems.

 

The way the former admin had our BGs set up was that he had one Site Assignment Boundary Group setup with all our IP ranges. I have since deleted the ranges for my current office that I'm testing in and have added them to the Office Boundary Group and ensured the "Use this boundary group for site assignment is checked"

 

I am using HTTP only, so I don't have any PKI certificates to worry about, but when I look at the client machine in the console it's not showing the self signed certificate either.

 

I'm not seeing any activity for my test VMs in ccm.log and nothing is being generated on the client side so I'm really at a loss at this point.

 

Any advice?

[GarthMJ]

What exactly are your boundaries now? IP Range, AD site, IP subnet (yuck), etc.?

[Les_Grossman]

What exactly are your boundaries now? IP Range, AD site, IP subnet (yuck), etc.?

 

Our boundary groups cover different offices in the enterprise. In those boundary groups,the boundary defined is the AD site. There is also one boundary group called site assignment that has all our IP ranges in it. IP Subnets aren't used anywhere as far as I can tell.

[GarthMJ]

I'm not a fan of AD boundaries either because of the short cuts most AD admins take.

 

What exactly do you have define for your AD subnets? For example

192.168.101.0/22

 

What is your clients IP address and more importantly subnet mask? For example

192.168.102.134/24

[Les_Grossman]

I'm not a fan of AD boundaries either because of the short cuts most AD admins take.

 

What exactly do you have define for your AD subnets? For example

192.168.101.0/22

 

What is your clients IP address and more importantly subnet mask? For example

192.168.102.134/24

 

 

The Subnet on this boundary is 10.129.40.0/24

 

The client IP is 10.129.40.147/24

[GarthMJ]

So can you clarify what you mean by Manual push vs push?

How exactly are you expect the CM12 client to get pushed to these clients?

Do you have Auto-push enabled?(it is not enabled by default)

What happens when a new client is discovered? Do it show up within the CCM.log?

[Les_Grossman]

So by manual push, I mean right clicking on the system in the devices or all systems collection and installing the client.

 

Push is automatic site wide client installation.

 

My goal is to get the client installed on systems after discovery and the automatic site wide client installation feature is enabled.

 

The ccm.log is not showing any activity after I see that the client system has been discovered.

 

I suspect a boundary issue as the "CN=SMS-Site-CEN -> mSSMSRoamingBoundaries" in the system management folder in theSystems container in AD only has two of my boundaries listed by Active Directory Site name. I assume it's supposed to have all my boundaries listed?

 

The other problem is if I try to manually edit "CN=SMS-Site-CEN -> mSSMSRoamingBoundaries" and put in an Active Directory site, the sites I add disappear.

 

Does this make any sense?

[phil_w]

Frankly in my experience automatic client push is very unreliable, I've had entire rooms with dozens of machines with identical setups which I've ensured are left on for days at a time with reliable network connections and half will get the client installed from client push and half won't despite the fact that they've all been discovered and are all in the same IP range and on the same domain and in the same OU.

I know that other people have had similar experiences with client push as well.

 

 

You'd probably be better off disabling automatic client push and either using group policy to deploy the client or publish the client package to WSUS and do it that way.

[GarthMJ]

I personally, like Client push and have never seen any issue like what Phil is talking about.

 

However, NONE of my client have the Automatic push enabled. They all enable the CM12 client via OSD, computer startup script or they manually push them as they find them. I would never recommend using GPOs as this will cause problems later.

[phil_w]

I have to say I agree on that point actually group policy is definitely not the best way to go, and can lead to unintended effects as group policies for software deployments (or anything else) often can, but it is a supported client deployment method which is documented in the SCCM Technet pages.

 

Like your clients, my preferred option is to just take care of the machines through OSD as and when they're imaged, but where it is desirable or necessary to install the client on machines without doing OSD I think WSUS is probably the best choice other than manual installation.