SCE 2007 — Client Computers return «Not Yet Contacted».

Клиентские компьютеры в System Center Essentials 2007 отображаются со статусом “Not yet contacted”. Возможные причины ошибки…

1. The Client Firewall is enabled.

Ports needed:

TCP Ports: 8530, 8531, 5723, 51906, 135, 445, 139

UDP Ports: 137, 138.

These ports are necessary for client installation and basic communication between SCE clients and the SCE server.

2. Automatic Updates Service is disabled on the clients.

3. WSUS URL’s are set incorrectly in the registry on the clients.

The WindowsUpdate.log is usually very helpful with WSUS connection issues. Not to be confused with the Windows Update.log .

To verify the current client WSUS registry settings:

HKLM\Software\Policies\Microsoft\Windows\WindowsUpdate – verify that the following settings are there:
WUServer – https://:8531
WUStatusServer – https://:8531
AcceptTrustedPublisherCerts – “1”

If the registry keys are incorrect – modify the key

You can force the client to contact the WSUS server by running “wuauclt -detectnow” on the client

4. The SCE Group Policies are not linked to the Default Domain Policy
Log on as a Domain Administrator on the Domain Controller server (Windows Server 2003 with Service Pack 1)
Go to Start > Administrator Tools > Active Directory Users and Computer.
If you would like to set the group policy for the whole domain you can select the domain name “Right Click” and choose “Properties”. If you want to apply the Group Policy to only certain Organizational Units etc you can select the OU and follow the same steps as above.
Step 4: Choose the Group Policy Tab and then select the Default Domain Policy and click “Edit”
Group Policy Object Editor will open Navigate to Computer Configuration > Administrative Templates > Network > Network Connections > Domain Profile
In the Domain Profiles setting choose “Windows Firewall: Allow remote administration exception” and double click.
Under “Settings” choose “Enabled” option and in the “Allow unsolicited incoming messages from:” text box enter the IP Address or addresses of the Principle Management Server or Management Servers that will manage the agents in that domain or OU as specified by you. Multiple Management Server IP address can be entered by having a comma between each IP Address once completed click “OK”.
In the Domain Profiles setting choose “Windows Firewall: Allow file and printer sharing exception” and double click.
Under “Settings” choose “Enabled” option and in the “Allow unsolicited incoming messages from:” text box enter the IP Address or addresses of the Principle Management Server or Management Servers that will manage the agents in that domain or OU as specified by you. Multiple Management Server IP address can be entered by having a comma between each IP Address once completed click “OK”.
In the Domain Profiles setting choose “Windows Firewall: Define port exceptions” and double click
Under “Setting” choose “Enabled” option and click “Show” button. Click “Add” in the “Show Contents” dialog and enter “6270:TCP::enabled:SCEAgent”

Note: By default Group Policy takes 90 minutes to push down the configuration to the server and client machines.

If you would like a computer to pull down the new group policy configuration you can go to the server machine Open a command window by going to Start > Run > and type cmd. Once the command window is open you need to type in gpupdate /force.

To verify if the Group Policy configuration has been applied to the server – Start > Run > and type rsop.msc and scroll to Computer Configuration\Administrative Templates\Network\Network Connections\Windows Firewall\Domain Profile\ and see if the IP address exceptions set for remote administration exception and file and printer sharing exceptions were applied to the local machine.

5. The clients are not members of the SCE_Managed_Computers security group.

By default, computers in the “Computers” container are added to this group automatically. If computers are located in other containers they will need to be added to the group manually.
Open Active Directory Users and Computers .
View the OU that one of the computers that is experiencing the issue is located in.
Open the properties of the Computer.
Select the “Member Of” tab.
Add the computer to the SCE_Managed_Computers group.
Log the client off of the network – log the client back on.
Restart the OpsMgr Health Service on the client.

6. File and Print sharing is not enabled on the client.

Источник – http://blogs.technet.com/b/edwalt

Запись опубликована в рубрике IT с метками , . Добавьте в закладки постоянную ссылку.

4 комментария на «SCE 2007 — Client Computers return «Not Yet Contacted».»

  1. veterinary technician говорит:

    Finally, an issue that I am passionate about. I have looked for information of this caliber for the last several hours. Your site is greatly appreciated.

  2. Lbvektr говорит:

    у меня нет капчи

  3. Fray говорит:

    Да не должно быть капчи… У меня нету.

  4. Вероника говорит:

    После отправки комментариев выходит ошибка — Капча была введена не верно !?
    Ничего вводить я вообще не вижу, никакой капчи нет а он просит почему то ?
    У меня так только?

Добавить комментарий для Fray Отменить ответ

Войти с помощью: 

Ваш адрес email не будет опубликован. Обязательные поля помечены *

Лимит времени истёк. Пожалуйста, перезагрузите CAPTCHA.