Clients can download and install applications from the software center when VPN is connected (great!), but when deploying new apps they aren’t consistently showing up in the software center. I added my computer to collection yesterday afternoon. I see some of the older apps that’s been deployed to it, but newer apps I deployed this week aren’t showing.
Any help appreciated!
Things to remember with VPN …
Number one, check the location services log on the client as well as the data transfer log to make sure it sees the right distribution points that you have set for the VPN. And that it’s trying to pull updates from those locations if it can’t it should show error messages in there as well.
Number two, make sure your network people or whoever configures your firewalls has the proper ports open for machines on the VPN to be able to do what’s needed.
Example, the network guys at the place I’m at originally had it where VPN users could only talk to a limited things and I had to make sure those included all of the management points software update points and distribution points that they needed and making sure that that traffic can flow both ways
Number three, when a user’s on VPN even from their house, the connection will normally default to being public with a virtual VPN connector as domain. But the public will normally cause Windows firewall to kick in that you may have disabled on the domain and then this can also cause some problems with communication.
Right now since most of my company is all working from home now I’m now seeing a lot more of these types of issues where I have to turn on settings in the firewall for Windows remote branch cash complus and remote event viewer.
Another thing to look out for is on your windows update packages and having them set to download over a metered connection and if the users happen to have their connections set that way
Given ‘it’s always DNS’, and ‘it’s always boundaries’ often hold true, start there.
A client on a VPN might not think it’s in your namespace. It also may end up in a weird or non-existant boundary.
I had to stand up a VPN in double quick time, but I made sure to put it in the existing address space, so stuff Just Works. I also made sure DNS was behaving. So far, so good.
first thought would be a deployment scope. user/device collection target, boundary group not containing VPN scope etc.
second would be some sort of communcation issue between VPN and SCCM. sounds like what your seeing is a cached view of old software/partially working deployment.
If costs are not necessarily an issue you could also look into Cloud Management Gateway and set it up as an internet DP. That way users don’t even need a VPN to download software or windows updates. I think our current CMG costs around 90 Euros per month with around 2500 Windows clients.
Worked miracles on our patch compliance.
My problem is my users devices always show with their home ip and vpn ip in DNS. So the SCCM server can’t call out but it they are able to call in.
What is the best way to resolve?
Is your PC roaming over 4G?
For us the problem was sccm client starting before a vpn connection was made. So we made a gpo to restart sccm client every hour. Hacky but works :).
Yes seems like a cached view. Boundaries are fine as users can install apps.
I am having the same issue on VPN. It does not work when you push something out by computer name. Try using a user collection and it should work. Haven’t figured out the issue why only user collections work.
I would agree with this train of though. Is the AD Site or IP range your VPN comes into included in a boundary? What do your logs say on the client? Locationsservices, PolicyAgent, CAS, AppEval, DataTransferService etc.
I think I’m having the same issue. CM shows client is onlime but I can force an action from the console.
No, my PC is connected to home wireless (Comcast)
True for someone who logs in and immediately open software center, but my VPN stays connected all day while working and 4-5 hours after I stop working (laptop set to sleep after 4 hours idle).
tried turning it off and on again? 
seriously, i’ve had some weirdness recently with our install where sccm appears to be ok but a server restart fixed it.
Most likely because use collections are not reliant on hardware inventory
I can attest to having a sccm user and device deployments working over a VPN. Never been a problem in my environment.
Depends on how your vpn is setup, If it’s handing out IP addresses in a range that are not defined in Sites and services they are not part of the AD site and you have to manually add the VPN IP range under boundaries. Locationservices log should be the first place to look. It will tell you to which site the client is assigned.
Not the server. Client yes. I’ll schedule one tonight if needed.
Odd same here and yes restart helps.