Jump to content


boris_1881

Internet based client with reverse proxy

Recommended Posts

Hi, we have single SCCM 2012 SP1 server on our internal network. It has been managing internal clients across our network successfully (including software deployments).

 

Now we want to be able to manage our clients when they roam off our network.

I've setup the autoenrolment for the Client Certificates, and used a Layer 4 reverse proxy (haproxy + stunnel) to allow traffic to go from the Internet into our SCCM server.

 

As our internal and external domain names are different, our reverse proxy terminates the SSL connection and retransmits to the SCCM server.

Only port 443 is reverse proxied.

 

 

I've redeployed the SCCM client out with the CCMHOSTNAME=external.address.com.

 

My tests have shown that clients while in the Internet can see software that is deployed to them, but if I try to install the software I get a failure.

The Console also reports that the Client is inactive (so it hasn't been checking in).

 

 

 

Are there any other ports that need to be proxied in?

Is the certificate difference causing an issue?

Share this post


Link to post
Share on other sites

Only 443 is required to be open, and I would suspect that if you're proxying SSL connections, you would have issues as the proxy would have to broker that SSL Connection as a man in the middle. I would remove the proxy and confirm/deny that fixes the issue first. I would look at execmgr logs on the client to see what requests are going on, and possibly IIS from the Internet facing DP to see if the requests are getting through.

Share this post


Link to post
Share on other sites

@ antnyc

 

I'd like to discuss your "knowledge" if you could please get in touch with me or if the original poster could please let us know if you were able to get this working? I am trying to use reverse proxy for IBCM and am having certificate/communication issues

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...


×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.