Deploying Clients that won't be able to talk to the IEM Server


What’s the best practice for deploying clients that won’t be able to talk directly to the server?

Let’s say we have an IEM Server, an IEM Relay, and a fresh deployed IEM Client.

The Relay can talk to the server, and the client has network firewall allows to talk to the relay.

If the client has never registered with the server how does it know it can talk to the relay first?

Do we just set __RelayServer1 in the clientsettings.cfg/MSI of the installer?


That is how we address deploying clients to any new acquisitions prior to them being on our domain network. We deploy a relay to the site that is pointing to an Internet Facing Relay, then create a second installer that points to the new local relay. We also use the secondary relay to point to the Internet Relay just in case the local relay is down or some other network issue. The big downfall is that you cannot use the client deployment tool or GPO to deploy the agent with these settings so it comes down to manual installs so the settings apply although you might be able to get away with a login script to do the installation.


1 Like

If you edit the MSI (there are tools to do that that Microsoft provides) you can force the registry entries into the MSI image which would allow use of a GPO

1 Like

See this:

As for the microsoft tool @AlanM mentions, it is Orca.

1 Like

The EXE based installer can be used in a GPO, but you have to write a CMD file to run it and store the installer on a Share that all your workstation accounts have been granted access to.

1 Like


It seems like it is possible to deploy the client MSI with an MST that would include the client settings together through GPO.

The MST file can be created from edits to the MSI in Orca, but without needing to modify the MSI itself.

Just to throw out one more option, in some cases where we don’t want to build another copy of the client installer with new settings, we manipulate the HOSTS file at c:\windows\system32\drivers\etc\hosts, and add an entry for the BES Server hostname pointing to the IP address of a local Relay.

1 Like