boris_1881 Posted April 11, 2013 Report post Posted April 11, 2013 Hi, we have single SCCM 2012 SP1 server on our internal network. It has been managing internal clients across our network successfully (including software deployments). Now we want to be able to manage our clients when they roam off our network. I've setup the autoenrolment for the Client Certificates, and used a Layer 4 reverse proxy (haproxy + stunnel) to allow traffic to go from the Internet into our SCCM server. As our internal and external domain names are different, our reverse proxy terminates the SSL connection and retransmits to the SCCM server. Only port 443 is reverse proxied. I've redeployed the SCCM client out with the CCMHOSTNAME=external.address.com. My tests have shown that clients while in the Internet can see software that is deployed to them, but if I try to install the software I get a failure. The Console also reports that the Client is inactive (so it hasn't been checking in). Are there any other ports that need to be proxied in? Is the certificate difference causing an issue? Quote Share this post Link to post Share on other sites More sharing options...
displayname34 Posted May 9, 2013 Report post Posted May 9, 2013 Hello Boris_1881 I've come across a simlar situation. did you find a resolution? Quote Share this post Link to post Share on other sites More sharing options...
boris_1881 Posted May 30, 2013 Report post Posted May 30, 2013 Hello Boris_1881 I've come across a simlar situation. did you find a resolution? Unfortunately not. I haven't had much time to get this working recently but if anyone else has any input I'm sure it would help. Quote Share this post Link to post Share on other sites More sharing options...
Ocelaris Posted June 17, 2013 Report post Posted June 17, 2013 Only 443 is required to be open, and I would suspect that if you're proxying SSL connections, you would have issues as the proxy would have to broker that SSL Connection as a man in the middle. I would remove the proxy and confirm/deny that fixes the issue first. I would look at execmgr logs on the client to see what requests are going on, and possibly IIS from the Internet facing DP to see if the requests are getting through. Quote Share this post Link to post Share on other sites More sharing options...
antnyc Posted August 22, 2013 Report post Posted August 22, 2013 This is kinda old now, did you get this working? If not let me know and I will reply back with some knowledge Quote Share this post Link to post Share on other sites More sharing options...
o0JeZ0o Posted February 13, 2014 Report post Posted February 13, 2014 @ antnyc I'd like to discuss your "knowledge" if you could please get in touch with me or if the original poster could please let us know if you were able to get this working? I am trying to use reverse proxy for IBCM and am having certificate/communication issues Quote Share this post Link to post Share on other sites More sharing options...