Installing ConfigMgr Clients on servers in a DMZ/Workgroup/another domain

Had to recently do this and have come up with a decent checklist to go through:

1. Logon to the server using an admin account

2. Ensure the management point, distribution point and server locator point (SLP’s are required when the client can’t connect to AD) are resolvable when pinging. Chances are the ping won’t be successful as ICMP may be getting blocked at the firewall but they do need to resolve. If, as is most likely, they don’t resolve then you need to add them all to the HOST and LMHOST files (or use WINS if possible).

3. Ensure the MP, DP and SLP can all resolve the DNS name of the server in the DMZ.

4. The MP, DP and SLP need to have access through the DMZ firewall with port 80 being opened

5. Copy the ConfigMgr client install files locally to the server

6. Uninstall any version of SMS or SCCM already installed

7. Normal client push won’t work so you need to manually install the client using the local files and the following command line:
ccmsetup.exe SMSSITECODE=SiteCodeHere FSP=FSPServerHere SMSSLP=SLPServerHere

8. Once the client shows up in the ConfigMgr console, you’ll need to approve it (this needs to be done from the clients parent site not from the central site)

9. Ensure there is a Network Access Account setup for the site (this is used to access the content on the DP)

10. Ensure all adverts sent to the servers are set to download and run (this is so it uses BITS (port 80) rather than SMB as this would mean adding more ports to the firewall)

11. Test some package deployment and software updates to ensure it works

Hope this helps

Cheers
Nik