Jump to content





Recommended Posts

robiso22    0

Hi,

 

Yesterday I tried to make our site server and distribution points SSL. There are a ton of guides on the internet for how to do this. I think i ended up using this one: https://sccmguy.com/2013/11/26/pki-certificates-for-configuration-manager-2012-r2-part-1-of-4-web-server-certificate/. However, when we were done, client communication stopped. Some of the relevant logs:

 

From CcmMessaging
Successfully queued event on HTTP/HTTPS failure for server 'XXX'.
Post to https://XXX/ccm_system_windowsauth/request failed with 0x87d00231.

From CcmNotificationAgent
Error: Server certificate retrieved in TLS is not an exact match of the current MP encryption certificate.
Error: 0x80090322 authenticating server credentials!
Failed to signin bgb client with error = 80090322.
Fallback to HTTP connection.
[CCMHTTP] ERROR: URL=http://1982-X-MP-1-P01.xactware.com/bgb/handler.ashx?RequestType=LogIn, Port=80, Options=224, Code=0, Text=CCM_E_BAD_HTTP_STATUS_CODE
(EDIT: MANAGEMENT POINT IS ACCEPTING HTTPS ONLY SO I EXPECTED THIS ONE)

 

From Mpcontrol

Selected certificate [thumbprint] issued to 'XXX' for HTTPS client authentication

Call to HttpSendRequestSync failed for port 443 with status code 403; text: Forbidden

 

To me this looks like a certificate issue. However, no matter what I've tried (added a common name in addition to the DNS name in the certificate, deleted and enrolled again for client and server side certificates, reinstalling the management point, 5 hours of other things I don't remember) I can't rid of this error.

Aside from binding the SSL cert to the default website in IIS, is there anything else that needs to be done in IIS? Am I missing something else?

Appreciate any pointers,

Scott

Share this post


Link to post
Share on other sites


Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×