robiso22

New Members
  • Content count

    1
  • Joined

  • Last visited

Community Reputation

0 Neutral

About robiso22

  • Rank
    Newbie
  1. Hi, Yesterday I tried to make our site server and distribution points SSL. There are a ton of guides on the internet for how to do this. I think i ended up using this one: https://sccmguy.com/2013/11/26/pki-certificates-for-configuration-manager-2012-r2-part-1-of-4-web-server-certificate/. However, when we were done, client communication stopped. Some of the relevant logs: From CcmMessaging Successfully queued event on HTTP/HTTPS failure for server 'XXX'. Post to https://XXX/ccm_system_windowsauth/request failed with 0x87d00231. From CcmNotificationAgent Error: Server certificate retrieved in TLS is not an exact match of the current MP encryption certificate. Error: 0x80090322 authenticating server credentials! Failed to signin bgb client with error = 80090322. Fallback to HTTP connection. [CCMHTTP] ERROR: URL=http://1982-X-MP-1-P01.xactware.com/bgb/handler.ashx?RequestType=LogIn, Port=80, Options=224, Code=0, Text=CCM_E_BAD_HTTP_STATUS_CODE (EDIT: MANAGEMENT POINT IS ACCEPTING HTTPS ONLY SO I EXPECTED THIS ONE) From Mpcontrol Selected certificate [thumbprint] issued to 'XXX' for HTTPS client authentication Call to HttpSendRequestSync failed for port 443 with status code 403; text: Forbidden To me this looks like a certificate issue. However, no matter what I've tried (added a common name in addition to the DNS name in the certificate, deleted and enrolled again for client and server side certificates, reinstalling the management point, 5 hours of other things I don't remember) I can't rid of this error. Aside from binding the SSL cert to the default website in IIS, is there anything else that needs to be done in IIS? Am I missing something else? Appreciate any pointers, Scott