This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Is disabling firewalls for RPC (remote procedure calls) always required for App Broker to function?

a_cutler2
By
Level 7

The documentation (see screenshot) states that disabling/configuring firewalls for ports 80, 443 and RPC (to clients) needs to be done for an App Broker install. A customer is pushing back on the RPC piece of this. I'm looking to confirm that it is in fact required, regardless of which deployment tool(s) is being utilized? I know that Altiris has a separate requirement for utilizing RPC and therefore is always required with that, but in this case the customer is utilizing Intune and JAMF. 

‎Dec 19, 2023 12:11 PM

Preview file
160 KB
0 Kudos
(4) Replies

jdempsey
By Moderator Moderator
Moderator

If I remember correctly, the RPC to clients was used only to trigger machine policy via WMI.  That applied to both Symantec/Altiris as well as older SCCM versions.  In SCCM 2012/ConfigMgr, App Broker simply tells the site server to "poke" the client via the client notification channel (and this only applies if you've checked the box to do so).  There is no direct communication between the App Broker server and ConfigMgr clients.

There is also no direct communication from App Broker to Jamf, Mobile Iron, or AirWatch/UEM client devices.

Anything expressed here is my own view and not necessarily that of my employer, Flexera. If my reply answers a question you have raised, please click "ACCEPT AS SOLUTION".

‎Dec 19, 2023 01:35 PM

0 Kudos

CharlesW
By Level 12 Flexeran
Level 12 Flexeran

The documentation is a bit dated.. It used to be that App Broker would perform a machine policy refresh on  the client directly. New functionality was added some time ago, that allowed this to be performed by Config Mgr, so App Broker no longer does this directly (you can still use the old way if you wish). With regards to Jamf and Intune, App broker does not perform a policy refresh at all at this time. There are plans to do this for Intune devices, but this will be done over port 443, using a Graph API call. The same would hold true for JAMF, if ever added.  Long story short, you should be able to disregard the documentation regarding RPC to the client.

‎Dec 20, 2023 12:26 PM

CharlesW
By Level 12 Flexeran
Level 12 Flexeran

I guess I was a little slow to the draw ðŸ˜‰

‎Dec 20, 2023 12:27 PM

0 Kudos

jdempsey
By Moderator Moderator
Moderator
In response to CharlesW

In fairness, I failed to include Intune in my response, so you at least covered that part. ðŸ™‚

Anything expressed here is my own view and not necessarily that of my employer, Flexera. If my reply answers a question you have raised, please click "ACCEPT AS SOLUTION".

‎Dec 20, 2023 01:45 PM

0 Kudos