jimtully Posted October 14, 2011 Report post Posted October 14, 2011 Morning guys, My question is... Is there a complete list of what ports need opened for SCCM 2012 Beta 2 to communicate? The issue is we have an over head hardware firewall that is very locked down. I have TCP80 open both ways but I;m having an issue pushing the client. When i view the log on the target machine i see port numbers like: 3967, 6202, 3958, 4798, 4457, 2091 and so on. There are many of them. Below this I'll paste a little of my log file. Any help would be greatly appriciated. Thanks. <![LOG[Can't connect to or retrieve file: HTTP://sccmtest.test.com/CCM_Client/ccmsetup.cab. Will attempt a retry...] LOG]!><time="09:46:25.931+240" date="10-14-2011" component="ccmsetup" context="" type="2" thread="3496" file="ccmsetup.cpp:6202"> <![LOG[Next retry in 10 minute(s)...] LOG]!><time="09:46:25.931+240" date="10-14-2011" component="ccmsetup" context="" type="0" thread="3496" file="ccmsetup.cpp:8232"> Quote Share this post Link to post Share on other sites More sharing options...
anyweb Posted October 15, 2011 Report post Posted October 15, 2011 it varies depending on which method you are using, to find out more see this link on Technet http://technet.microsoft.com/en-us/library/gg682180.aspx Windows Firewall and Port Settings for Client Computers in Configuration Manager Updated: October 1, 2011 Applies To: System Center 2012 Configuration Manager [This topic is pre-release documentation and is subject to change in future releases. Blank topics are included as placeholders.] Client computers that run Windows Firewall might require exceptions to be defined to allow communications with System Center 2012 Configuration Manager site systems. These exceptions vary depending on the features of Configuration Manager that you intend to use. The following sections list the features of Configuration Manager which require exceptions to be made on the Windows Firewall and provide a procedure for configuring these exceptions. Modifying the Ports and Programs Permitted by Windows Firewall Programs and Ports that Configuration Manager Requires Ports Used During Configuration Manager Client Deployment The following tables list the ports that are used during the client installation process. Important If there is a firewall between the site system servers and the client computer, confirm whether the firewall permits traffic for the ports that are required for the client installation method that you choose. For example, firewalls often prevent client push installation from succeeding because they block Server Message Block (SMB) and Remote Procedure Calls (RPC). In this scenario, use a different client installation method, such as manual installation (running CCMSetup.exe) or Group Policy-based client installation. These alternative client installation methods do not require SMB or RPC. For information about how to configure Windows Firewall on the client computer, see Modifying the Ports and Programs Permitted by Windows Firewall. Ports that are used for all installation methods Description UDP TCP Hypertext Transfer Protocol (HTTP) from the client computer to a fallback status point, when a fallback status point is assigned to the client. -- 80 (See note 1, Alternate Port Available) Ports that are used with client push installation In addition to the ports listed in the following table, client push installation also uses Internet Control Message Protocol (ICMP) echo request messages from the site server to the client computer to confirm whether the client computer is available on the network. ICMP is sometimes referred to as TCP/IP ping commands. ICMP does not have a UDP or TCP protocol number, and so it is not listed in the following table. However, any intervening network devices, such as firewalls, must permit ICMP traffic for client push installation to succeed. Description UDP TCP Server Message Block (SMB) between the site server and client computer. -- 445 RPC endpoint mapper between the site server and the client computer. 135 135 RPC dynamic ports between the site server and the client computer. -- DYNAMIC Hypertext Transfer Protocol (HTTP) from the client computer to a management point when the connection is over HTTP. -- 80 (See note 1, Alternate Port Available) Secure Hypertext Transfer Protocol (HTTPS) from the client computer to a management point when the connection is over HTTPS. -- 443 (See note 1, Alternate Port Available) Ports that are used with software update point-based installation Description UDP TCP Hypertext Transfer Protocol (HTTP) from the client computer to the software update point. -- 80 or 8530 (See note 2, Windows Server Update Services) Secure Hypertext Transfer Protocol (HTTPS) from the client computer to the software update point. -- 443 or 8531 (See note 2, Windows Server Update Services) Server Message Block (SMB) between the source server and the client computer when you specify the CCMSetup command-line property /source:<Path>. -- 445 Ports that are used with Group Policy-based installation Description UDP TCP Secure Hypertext Transfer Protocol (HTTP) from the client computer to a native mode management point. -- 80 (See note 1, Alternate Port Available) Secure Hypertext Transfer Protocol (HTTPS) from the client computer to a management point when the connection is over HTTPS. -- 443 (See note 1, Alternate Port Available) Server Message Block (SMB) between the source server and the client computer when you specify the CCMSetup command-line property /source:<Path>. -- 445 Ports that are used with manual installation and logon script-based installation Description UDP TCP Server Message Block (SMB) between the client computer and a network share from which you run CCMSetup.exe. Note When you install System Center 2012 Configuration Manager, the client installation source files are copied and automatically shared from the <InstallationPath>\Client folder on management points. However, you can copy these files and create a new share on any computer on the network. Alternatively, you can eliminate this network traffic by running CCMSetup.exe locally, for example, by using removable media. -- 445 Hypertext Transfer Protocol (HTTP) from the client computer to a management point when the connection is over HTTP, and you do not specify the CCMSetup command-line property /source:<Path>. -- 80 (See note 1, Alternate Port Available) Secure Hypertext Transfer Protocol (HTTPS) from the client computer to a management point when the connection is over HTTPS, and you do not specify the CCMSetup command-line property /source:<Path>. -- 443 (See note 1, Alternate Port Available) Server Message Block (SMB) between the source server and the client computer when you specify the CCMSetup command-line property /source:<Path>. -- 445 Ports that are used with software distribution-based installation Description UDP TCP Server Message Block (SMB) between the distribution point and the client computer. Note -- 445 Hypertext Transfer Protocol (HTTP) from the client to a distribution point when the connection is over HTTP. -- 80 (See note 1, Alternate Port Available) Secure Hypertext Transfer Protocol (HTTPS) from the client to a distribution point when the connection is over HTTPS. -- 443 (See note 1, Alternate Port Available) Quote Share this post Link to post Share on other sites More sharing options...
jimtully Posted October 19, 2011 Report post Posted October 19, 2011 wow thank you so much for the help! Quote Share this post Link to post Share on other sites More sharing options...
scarneol Posted January 24, 2012 Report post Posted January 24, 2012 I think what most of us are looking for is something similar to the Port Details and Diagram that you find in this link that is for SCCM 2007: http://technet.microsoft.com/en-us/library/bb632618.aspx Quote Share this post Link to post Share on other sites More sharing options...
