Clients can download and install applications from the software center when VPN is connected (great!), but when deploying new apps they aren’t consistently showing up in the software center. I added my computer to collection yesterday afternoon. I see some of the older apps that’s been deployed to it, but newer apps I deployed this week aren’t showing.
Number one, check the location services log on the client as well as the data transfer log to make sure it sees the right distribution points that you have set for the VPN. And that it’s trying to pull updates from those locations if it can’t it should show error messages in there as well.
Number two, make sure your network people or whoever configures your firewalls has the proper ports open for machines on the VPN to be able to do what’s needed.
Example, the network guys at the place I’m at originally had it where VPN users could only talk to a limited things and I had to make sure those included all of the management points software update points and distribution points that they needed and making sure that that traffic can flow both ways
Number three, when a user’s on VPN even from their house, the connection will normally default to being public with a virtual VPN connector as domain. But the public will normally cause Windows firewall to kick in that you may have disabled on the domain and then this can also cause some problems with communication.
Right now since most of my company is all working from home now I’m now seeing a lot more of these types of issues where I have to turn on settings in the firewall for Windows remote branch cash complus and remote event viewer.
Another thing to look out for is on your windows update packages and having them set to download over a metered connection and if the users happen to have their connections set that way
Given ‘it’s always DNS’, and ‘it’s always boundaries’ often hold true, start there.
A client on a VPN might not think it’s in your namespace. It also may end up in a weird or non-existant boundary.
I had to stand up a VPN in double quick time, but I made sure to put it in the existing address space, so stuff Just Works. I also made sure DNS was behaving. So far, so good.
first thought would be a deployment scope. user/device collection target, boundary group not containing VPN scope etc.
second would be some sort of communcation issue between VPN and SCCM. sounds like what your seeing is a cached view of old software/partially working deployment.
If costs are not necessarily an issue you could also look into Cloud Management Gateway and set it up as an internet DP. That way users don’t even need a VPN to download software or windows updates. I think our current CMG costs around 90 Euros per month with around 2500 Windows clients.
I am having the same issue on VPN. It does not work when you push something out by computer name. Try using a user collection and it should work. Haven’t figured out the issue why only user collections work.
I would agree with this train of though. Is the AD Site or IP range your VPN comes into included in a boundary? What do your logs say on the client? Locationsservices, PolicyAgent, CAS, AppEval, DataTransferService etc.
True for someone who logs in and immediately open software center, but my VPN stays connected all day while working and 4-5 hours after I stop working (laptop set to sleep after 4 hours idle).
Depends on how your vpn is setup, If it’s handing out IP addresses in a range that are not defined in Sites and services they are not part of the AD site and you have to manually add the VPN IP range under boundaries. Locationservices log should be the first place to look. It will tell you to which site the client is assigned.