Jump to content


Sign in to follow this  
NoobC

SCCM 2012 - Internet Based Management

Recommended Posts

We currently setup Internet Based Management on our SCCM environment over Native mode. This was initially working for the first 2 years and it was handed over to us, but it has suddenly stopped working, and we suspect an expired certificate somewhere that might be causing the issue. However we have gone through and updated the Certificates on the FQDN of our Internet facing site and also on the SUP (port 8531) as well.

 

However, when I try to hit our internet facing site through https://FQDN/ccn_system/request I get a webpage cannot be displayed error on this. If I attempt to hit the same site through the SUP port https://FQDN:8531 I get the certificate to install and then I can get through the IIS and get a you are not authorized to view this page. So it seems that I can get through on the SUP ports, but not through the HTTPS 443 port.

 

When I check the internet base point whilst on the internal network I get the IIS 7 homepage, and suspect that I should see something similar whilst on an external internal source.

 

I checking through my client logs, and get the following:

 

CCMMessaging:

 

Post to https://FQDN/ccm_system/request failed with 0x87d00231. CcmMessaging
Failed in WinHttpReceiveResponse API, ErrorCode = 0x2f78 CcmMessaging

 

Client Location:

 

Current Internet Management Point is FQDN with Version 0 and Capabilities: <Capabilities SchemaVersion ="1.0"><Property Name="SSL" Version="1" /></Capabilities> ClientLocation

Location Services:

 

Executing Task LSSiteRoleCycleTask LocationServices
1 internet MP errors in the last 10 minutes, threshold is 5. LocationServices)
Executing Task LSSiteRoleCycleTask LocationServices)
2 internet MP errors in the last 10 minutes, threshold is 5. LocationServices
Executing Task LSSiteRoleCycleTask LocationServices
3 internet MP errors in the last 10 minutes, threshold is 5. LocationServices
Executing Task LSSiteRoleCycleTask LocationServices
4 internet MP errors in the last 10 minutes, threshold is 5. LocationServices
Current AD site of machine is AHL LocationServices
Executing Task LSSiteRoleCycleTask LocationServices
Internet MP error threshold reached, moving to next MP. LocationServices
Failed to execute LSExecuteTask LocationServices

So I can see that it recognises that it has to be on the Internet Based Management Point, and I can see it verifying it has a valid certificate from the Client logs, would the issue be something on our IIS?

 

Thanks,

 

Stephen

Share this post


Link to post
Share on other sites

have you checked firewalls blocking ports ?

Share this post


Link to post
Share on other sites

To add-on, if you suspect that the device is arriving on the site server than I would start by looking at the IIS log. See if the device is truly hitting the site server and if so what the return code is.

Share this post


Link to post
Share on other sites

Thanks for your quick replies.

 

From our TMG we can see the external IP address hit, and then this is parsed onto our SCCM server.

 

However I can't verify from our SCCM server receives this IP address of the machine.

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
Sign in to follow this  

×
×
  • Create New...