Jump to content


SCCM Clients over VPN

Recommended Posts



I was wondering if someone can tell me what I have missed. We are trying to allow our home user base to connect to our SCCM environment in order to accomplish the following:

  • Asset Inventory
  • Patch Management
  • Application Deployment
  • Remote Control for Customer Support


As we do not have PKI servers in our environment Native mode is not really an option for us.


We are using a 2 factor authentication Citrix VPN solution. The user is both authenticated to the Domain as well as a Key Fob.


From the documentation I have been able to get my hands on we have arranged for the following ports to be opened

Client Requests (Client to Software Update Point)

  • TCP Port 80
  • TCP Port 443
  • 63000-64000 UDP (Client to DP)
  • TCP Port 8350 & 8351 to WSUS server

Remote Control

  • TCP port 2701
  • TCP port 2702
  • TCP port 135

Configuration manager Console to Client

Remote Control

  • UDP 2701 TCP 2701
  • UDP 2702 TCP 2702
  • TCP 135
  • TCP 3389


From this we are able to push an application to a test machine but we have not been able to get SCCM to work for Patch management or remote desktop sharing (remote Tools in SCCM Console). I understand that full remote control will not work as it logs the existing user off the machine and tries to get you to log in which disconnects the machine from the VPN connection.


We are able to see and ping the machine through the SCCM console. We are unable to remotely trigger a Machine Policy Eval.


What have I missed? Is anyone aware of any documents that may help me better understand the process and it's requirements


Thanks in advance for any assistance






Share this post

Link to post
Share on other sites


Check out this excel spreadsheet from Chris Nackers it can assist you in finding the ports you need to open.





  • Like 1

Share this post

Link to post
Share on other sites

I am looking to encrypt all my traffic so no one can see what sites i am visiting and mainly protect my privacy. I did look at TOR but found out making a request to a site took ages and it was just not very useful as site were taking 5 min to load. I also head that the exit node it was possible to capture data and information.

Share this post

Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.