cyberguy Posted October 9, 2012 Report post Posted October 9, 2012 I have a running SCCM 2012 with Endpoint protection and I can install computers inside my domain without any problems. I tried adding 1 windows 7 from another domain (not trusted) and a Windows 2008 R2 which belongs to a workgroup. The steps I followed are 1)Add the computers in SCCM devices through their mac address (Import computer information) 2) Add in hosts file the fqdn of the sccm to the clients and from the clients to sccm 3) Make sure that sccm has access \\pc\admin$ and the clients to sccm's folders 4) I run the following netsh advfirewall firewall set rule group="File andPrinter Sharing" new enable=yes netsh advfirewall firewall set rule group="windows management instrumentation (wmi)" new enable =yes 5) and finally ccmsetup SMSSITECODE=IWS SMSSLP=SCCM2012 /mp:SCCM2012 ( I also tried it with full FQDN name) After the installation is finished, I can see that the software center 2012 is installed, but not the Endpoint protection. I only use (for the moment) sccm for the endpoint protection, so I cant verify if everything else works or not. Also in the sccm configuration manager (of the Primary server) I can see that in the devices' information both clients have moved from "no" to "yes" I am trying to find how to properly install the sccm client to workgroup and different domain clients. I have included a log file from the windows 2008 r2 client. The log is from a second attempt to install sccm. (ofc I did ccmsetup.exe /uninstall first) ccmsetup.log Quote Share this post Link to post Share on other sites More sharing options...
cyberguy Posted October 9, 2012 Report post Posted October 9, 2012 This is driving me crazy...I installed manually scepinstall (endpoint) I updated it through internet and after 2 hours without doing anything, I suddendly realized that endpoint was managed by sccm (I checked the different settings in scheduled tasks and now everything is locked like i have configured the endpoint policy) Is there a logical explanation, why its working now? The reason I am asking is because I am going to install endpoint to many clients and I need to find a properl installation procedure. Quote Share this post Link to post Share on other sites More sharing options...
Len Paone Posted October 9, 2012 Report post Posted October 9, 2012 When in a Forest with one domain and several child domains. There will be one Central Service manager to support all domains. It means all CI's and WI's will be imported in one database. But the problem for us lies where we want each domain to have its own console and helpdesk team. For example: Helpdesk users from each domain can only see objects, incidents, activities, reports and etc from their own domain and not by other child domains. Also The main domain (root domain) will aggregate and hold all information. 1. Install a Primary site in you second domain. "Optional" 2. Does the machine name of the SCCM server have READ rights on the second domain? Usually, if you do have 2 way trusts, there shouldn't be an access issue. If not, apply rights. and setup the two-way trust. (without this, it will never work) 3.You can still put a secondary site at the Domain B location(s) but keep it a member of Domain A. There is no requirment that says it has to be a member of Domain B to be physically co-located with domain B. Install SCCM Client on Another Forest Trusted Domain There are few ways to perform the SCCM client installation in another trusted domain. For example, using start-up or login script, manual installation, and using client push method. Out of so many method, I would like to share something on the client push method. First of all, you are require to add the Server Locator Point (SLP) role in your SCCM server. Here is the: http://technet.microsoft.com/en-us/library/bb680672.aspx on how to create SLP in SCCM. Next, add the account that has domain admin rights on the another domain to the Client Push Installation account. Here is the http://technet.microsoft.com/en-us/library/bb680908.aspx on how to configure Client Push Installation account. After configured the Client Push Installation account, click on the Client tab. Enter the following to the installation properties, SMSSITECODE=XXX SMSSLP=SCCMSERVER.DOMAIN.COM Now, try right click the workstation name and select Install Client, go through the wizard to perform the installation. Quote Share this post Link to post Share on other sites More sharing options...
Peter van der Woude Posted October 9, 2012 Report post Posted October 9, 2012 ConfigMgr 2012 does not use a Server Locator Point anymore, that functionality is now integrated in the Management Point Quote Share this post Link to post Share on other sites More sharing options...
cyberguy Posted October 10, 2012 Report post Posted October 10, 2012 The problem is that most of my clients are in a workgroup, so I cant use trusted domains, or AD at all. I need to find a proper installation procedure to use for installing sccm in workgroup computers. Also I cant use a forest domain controller, as the domains belong to totally different companies and I host them in a datacenter Quote Share this post Link to post Share on other sites More sharing options...