Has anyone successfully used SMS to manage Computers/Servers in a Workgroup/DMZ. I have read the articles on myITForum, but can not seem to get any configuration to work. I have gotten the SMS Client to install, but it can't seem to find its Distribution Point. I am trying to use the LMHost file (LMHost.sam) instead of WINS/DNS.
Tek-Tips is the largest IT community on the Internet today!
Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!
-
Congratulations derfloh on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!
SMS and Workgroups/DMZ 2
- Thread starter BobS53
- Start date
-
1
- #2
No I haven not done it BUT... You will need SMS 2003 sp1,
and there is an outline![[noevil]](/data/assets/smilies/noevil.gif "[noevil] [noevil]")
and there is an outline
- Thread starter
- #3
Thanks for your reply. I do have SMS 2003 SP1 environment. SMS set up the MPs and SLPs in AD. In the article it appears the MPs are set up alittle different than if SMS creates them. So I'm just not sure if it the AD MP thats causing the disconnect or that I don't have my lmhost file set up correctly. Thanks again for your reply
-
1
- #4
Yes, I have SMS deployed successfully in workgroups, non-trusted domains, and DMZ's.
I am using SMS 2003 in Advanced Security mode...and my clients are all Advanced Clients.
SMS 2003 SP1 is needed for this.....
Because clients outside of the domain, will not be able to find the MP through AD, you need to make special arrangements to publish MP and SLP in WINS. Here's how:
SMS 2003 WINS Dependency for Client Outside of Active Directory Domain
Background:
I've been in the process of building my SMS 2003 lab site here in America. My setup is fairly basic: One Windows 2003 Server running 3 Virtual Servers- to act as SMS clients.
My lab: SMS 2003 exists in a Windows 2003 Active Directory forest in Native mode. I have been successful in installing the SMS Advanced Client on all systems that are part of the domain. However, to simulate the environment in the US, I choose to create a few clients that are not part of the domain (i.e. Workgroup clients).
What I discovered is that for clients that are NOT part of the AD domain structure, (it seems) that the Advanced Client would not install. I spent a little bit of time trying to get the SMS Advanced client installed on these Workgroup machines. Finally, I noticed a log file called ClientLocation.log that indicated that the client could not find the SLP and therefore, would not be able to report back to the SMS site. Furthermore, the log file indicated that WINS was needed to locate the SMS site.
I did some further research on this issue and found that for clients that are NOT part of AD, WINS is needed for the Advanced Client installation and reporting. Please let me know if you have found this to be untrue. I think this might be important issue for some environments.
I think the reason that an Advanced Client NOT part of the AD domain needs WINS is because it cannot query AD for locating the SLP.
After I installed WINS, my problem was solved. Although, I did have to MANUALLY create an SLP record in my WINS database.
Here is more information about this issue:
Advanced Client key points (See point 5) From:
1. All new design
2. Only runs on Win2k or above
3. Recommended client for all Win2k and above systems
4. Uses Local System Account and Computer Account for client functions.
5. Uses Wins or AD to locate SLP to find MP to install client.
6. Uses Management Points for most client communication.
7. Uses administrator defined Policies retrieved from MP to dictate client settings
8. Cannot be assigned to secondary sites(INTERESTING)
9. Can download all application source files and then install software locally instead of over the network
10. Can utilize Roaming functionality
11. All client agents are installed by default (just not enabled) (except for remote control)
12. Can install entire advanced client on a system without assigning it to a site (helpful for prestaging clients)
13. Client install is an MSI package.
14. Can utilize Protected DPs and roaming to locate a local DP
15. Can utilize BITS technology for most client traffic.
Instructions to Create the Manually WINS entry for SLP:
Installing SMS Locator Point in Windows NT 4 Environment
By: Britt Baubie
Posted On: 1/20/2004
If you are currently in the middle of a deployment of SMS 2003 and have not migrated from a Windows NT 4 domain, you will find the documentation quite vague on how to enter an SMS locator point into WINS for NT4. This is absolutely crucial or your advanced clients will not find the SMS server.
After searching several resources, I found a tool from the NT4 resource kit called Winscl. Winscl is run from the command line and allows you to read, scavenge and enter items into the WINS database.
The following is a step-by-step procedure for entering the Locator Point into WINS:
From a command prompt, change directory to where the executable resides. Enter winscl.exe
1. Type 1 – This is the entry to connect by TCP/IP
2. Enter IP Address of WINS server x.x.x.x
3. Type RN – Register the Name
4. Type SMS_SLP – Registers the entry as SMS Server Locator Point
5. Type 1 – Adds 16th character to record
6. Type a– Makes a the 16th character
7. Type 1 – Scope
8. Type 0 – Unique Record
9. Enter IP of SMS Server x.x.x.x
10. Type 0 -- (P-Node)
It’s quite simple and you will notice that the record shows up in your WINS database. If you replicate to several servers, you only need to accomplish this task once. The record will look something like this:
SMS_SLP[1Ah] x.x.x.x
Joseph L. Poandl
MCSE 2003
If your company is in need of experts to examine technical problems/solutions, please contact (Sales@njcomputernetworks.com)
I am using SMS 2003 in Advanced Security mode...and my clients are all Advanced Clients.
SMS 2003 SP1 is needed for this.....
Because clients outside of the domain, will not be able to find the MP through AD, you need to make special arrangements to publish MP and SLP in WINS. Here's how:
SMS 2003 WINS Dependency for Client Outside of Active Directory Domain
Background:
I've been in the process of building my SMS 2003 lab site here in America. My setup is fairly basic: One Windows 2003 Server running 3 Virtual Servers- to act as SMS clients.
My lab: SMS 2003 exists in a Windows 2003 Active Directory forest in Native mode. I have been successful in installing the SMS Advanced Client on all systems that are part of the domain. However, to simulate the environment in the US, I choose to create a few clients that are not part of the domain (i.e. Workgroup clients).
What I discovered is that for clients that are NOT part of the AD domain structure, (it seems) that the Advanced Client would not install. I spent a little bit of time trying to get the SMS Advanced client installed on these Workgroup machines. Finally, I noticed a log file called ClientLocation.log that indicated that the client could not find the SLP and therefore, would not be able to report back to the SMS site. Furthermore, the log file indicated that WINS was needed to locate the SMS site.
I did some further research on this issue and found that for clients that are NOT part of AD, WINS is needed for the Advanced Client installation and reporting. Please let me know if you have found this to be untrue. I think this might be important issue for some environments.
I think the reason that an Advanced Client NOT part of the AD domain needs WINS is because it cannot query AD for locating the SLP.
After I installed WINS, my problem was solved. Although, I did have to MANUALLY create an SLP record in my WINS database.
Here is more information about this issue:
Advanced Client key points (See point 5) From:
1. All new design
2. Only runs on Win2k or above
3. Recommended client for all Win2k and above systems
4. Uses Local System Account and Computer Account for client functions.
5. Uses Wins or AD to locate SLP to find MP to install client.
6. Uses Management Points for most client communication.
7. Uses administrator defined Policies retrieved from MP to dictate client settings
8. Cannot be assigned to secondary sites(INTERESTING)
9. Can download all application source files and then install software locally instead of over the network
10. Can utilize Roaming functionality
11. All client agents are installed by default (just not enabled) (except for remote control)
12. Can install entire advanced client on a system without assigning it to a site (helpful for prestaging clients)
13. Client install is an MSI package.
14. Can utilize Protected DPs and roaming to locate a local DP
15. Can utilize BITS technology for most client traffic.
Instructions to Create the Manually WINS entry for SLP:
Installing SMS Locator Point in Windows NT 4 Environment
By: Britt Baubie
Posted On: 1/20/2004
If you are currently in the middle of a deployment of SMS 2003 and have not migrated from a Windows NT 4 domain, you will find the documentation quite vague on how to enter an SMS locator point into WINS for NT4. This is absolutely crucial or your advanced clients will not find the SMS server.
After searching several resources, I found a tool from the NT4 resource kit called Winscl. Winscl is run from the command line and allows you to read, scavenge and enter items into the WINS database.
The following is a step-by-step procedure for entering the Locator Point into WINS:
From a command prompt, change directory to where the executable resides. Enter winscl.exe
1. Type 1 – This is the entry to connect by TCP/IP
2. Enter IP Address of WINS server x.x.x.x
3. Type RN – Register the Name
4. Type SMS_SLP – Registers the entry as SMS Server Locator Point
5. Type 1 – Adds 16th character to record
6. Type a– Makes a the 16th character
7. Type 1 – Scope
8. Type 0 – Unique Record
9. Enter IP of SMS Server x.x.x.x
10. Type 0 -- (P-Node)
It’s quite simple and you will notice that the record shows up in your WINS database. If you replicate to several servers, you only need to accomplish this task once. The record will look something like this:
SMS_SLP[1Ah] x.x.x.x
Joseph L. Poandl
MCSE 2003
If your company is in need of experts to examine technical problems/solutions, please contact (Sales@njcomputernetworks.com)
- Thread starter
- #5
I have two SMS Central Sites (different site codes) in the same Domain. Therefore I have two SLPs and two MPs two defined in AD. There are two MPs Defined in WINS (MP_XXX and MP_YYY). Do I need to do something "special" when defining the SLP. Should I use the Names that are in AD?
- Thread starter
- #6
I got this working in both environments. However, I don't use WINS in my DMZ. Because my DMZ's are all on one segment, broadcasts work and I don't need to create this entry.
On my Intranet, I have many subnets, so I use WINS. Here I have made the WINS static entry. However, in my environment I have ONE SMS heirarchy 23 sites in one Heirarchy... So, one SLP is defined.
"I have two SMS Central Sites (different site codes) in the same Domain"
It sounds like you have two seperate SMS structure that don't inter-twine. So, I am not exactly sure how you can configure this. ...because you probably only have one WINS infrastructure. You may have to create LMHOST entry to point to the SLP on some clients.
Joseph L. Poandl
MCSE 2003
If your company is in need of experts to examine technical problems/solutions, please contact (Sales@njcomputernetworks.com)
On my Intranet, I have many subnets, so I use WINS. Here I have made the WINS static entry. However, in my environment I have ONE SMS heirarchy 23 sites in one Heirarchy... So, one SLP is defined.
"I have two SMS Central Sites (different site codes) in the same Domain"
It sounds like you have two seperate SMS structure that don't inter-twine. So, I am not exactly sure how you can configure this. ...because you probably only have one WINS infrastructure. You may have to create LMHOST entry to point to the SLP on some clients.
Joseph L. Poandl
MCSE 2003
If your company is in need of experts to examine technical problems/solutions, please contact (Sales@njcomputernetworks.com)
Also, I have heard from some of my SMS friends that are telling me that it is possible to have the SMS client communicate over JUST port 80.
Furthermore, it is possible to program the client with the MP. I have not done this but it seems possible.
Check this stuff out:
Please see the following URL for more information: Without access to the active directory or WINS in the environment, the advanced client will need a lmhosts file on the client machines. You will need entries for one or more MPs. For example, the following MP has an IP address of 10.0.0.1 and a site code of AAA: 10.0.0.1 "MP_AAA \0x1A" #PRE. For additional information about how to write an LMHOSTS file, click the following article number to view the article in the Microsoft Knowledge Base:
180094 How to write an LMHOSTS file for domain validation
Joseph L. Poandl
MCSE 2003
If your company is in need of experts to examine technical problems/solutions, please contact (Sales@njcomputernetworks.com)
Furthermore, it is possible to program the client with the MP. I have not done this but it seems possible.
Check this stuff out:
Please see the following URL for more information: Without access to the active directory or WINS in the environment, the advanced client will need a lmhosts file on the client machines. You will need entries for one or more MPs. For example, the following MP has an IP address of 10.0.0.1 and a site code of AAA: 10.0.0.1 "MP_AAA \0x1A" #PRE. For additional information about how to write an LMHOSTS file, click the following article number to view the article in the Microsoft Knowledge Base:
180094 How to write an LMHOSTS file for domain validation
Joseph L. Poandl
MCSE 2003
If your company is in need of experts to examine technical problems/solutions, please contact (Sales@njcomputernetworks.com)
- Thread starter
- #9
- Status
Similar threads
- Locked
- Question
- Locked
- Question