Hi,
Yesterday I tried to make our site server and distribution points SSL. There are a ton of guides on the internet for how to do this. I think i ended up using this one: https://sccmguy.com/2013/11/26/pki-certificates-for-configuration-manager-2012-r2-part-1-of-4-web-server-certificate/. However, when we were done, client communication stopped. Some of the relevant logs:
From CcmMessaging Successfully queued event on HTTP/HTTPS failure for server 'XXX'. Post to https://XXX/ccm_system_windowsauth/request failed with 0x87d00231. From CcmNotificationAgent Error: Server certificate retrieved in TLS is not an exact match of the current MP encryption certificate. Error: 0x80090322 authenticating server credentials! Failed to signin bgb client with error = 80090322. Fallback to HTTP connection. [CCMHTTP] ERROR: URL=http://1982-X-MP-1-P01.xactware.com/bgb/handler.ashx?RequestType=LogIn, Port=80, Options=224, Code=0, Text=CCM_E_BAD_HTTP_STATUS_CODE (EDIT: MANAGEMENT POINT IS ACCEPTING HTTPS ONLY SO I EXPECTED THIS ONE)
From Mpcontrol
Selected certificate [thumbprint] issued to 'XXX' for HTTPS client authentication
Call to HttpSendRequestSync failed for port 443 with status code 403; text: Forbidden
To me this looks like a certificate issue. However, no matter what I've tried (added a common name in addition to the DNS name in the certificate, deleted and enrolled again for client and server side certificates, reinstalling the management point, 5 hours of other things I don't remember) I can't rid of this error. Aside from binding the SSL cert to the default website in IIS, is there anything else that needs to be done in IIS? Am I missing something else?
Appreciate any pointers,
Scott