Good Morning:

First of all, thanks for all your help over the years - lurking social.technet has provided many a relief for headaches. Now onto my hopefully simple question(s):

I recently set up SCCM 2012 SP1 in our work environment. I have 1 Site with two servers (let's call them MP & IMP). IMP is set to internet only, and MP to internet & intranet serving our AD-site boundary groups (a couple through forest trusts). PKI shows as working on clients/server as far as I can tell (my first PKI implementation). The IMP has a live/valid DNS entry in public DNS with port 443 opened to it through our building firewall and is an MP, DP, EP, EPP, FSP. The site, MP, and IMP are healthy and after turning off PULL DP, the IMP is receiving all packages/applications from the primary DP happily. Clients are being pushed with the DNS name of the IMP when they log onto our network from the office (and are receiving it successfully). Updates for SCEP and Office/Windows are being delivered timely to clients on the intranet, the ADR's are running well and pretty much allow me to not mess with them except to rebuild every 6 months (which will happen in July). My question is probably something simple, so pardon my ignorance... but it seems that clients are phoning home from the IMP just fine (seeing all the 192.x.x.x addresses when laptops call in from home) but they're not getting the deployment packages (SCEP updates is my only reference point at the moments) pushed to them while on the internet, even though they reside on IMP's DP. Clients should be getting SCEP updates every morning starting after 6AM (just 1 package a day for now) but the clients at home talking to the IMP are just not receiving the push it seems? They check in with policy requests etc... I'm not sure if this could be a simple Windows Firewall issue on the clients I can remediate with GP, is there an extra port(s) that need opened to the IMP other than 443 through the building firewall... I'm not tearing out my hair by any means, but I am a bit miffed. I'm happy to provide any logs and run any tests desired. I have ample loaner laptops to try multiple configurations on. Any help would be greatly appreciated in getting the last piece our SCCM 2012 SP1 puzzle in place so we can label it working at 100% and move onto learning more of its nuances and advanced capabilities. Thanks so much for any help or guidance. 

• Edited by TallEd-MSsys Wednesday, April 03, 2013 12:59 PM

Yes, I know this is an old post, but Im trying to clean them up. Did you solve this problem, if so what was the solution?

Since no one has answer this post, I recommend opening  a support case with CSS as they can work with you to solve this problem.