Jump to content


kcorrie

Is there a doctor in the house? My SCCM is sick!

Recommended Posts

if I remember right  sms_fsp  is the Fallback status point and if you are getting lots of hit on it then you like have an issue with your environment.  Maybe a cert issue. Look FSP reports, check your certs.

Re-reading this thread, IMO you have a certificate / PKI issue.  PKI is a huge pain in the a.. ; hence why I never recommend it.

It might be time to contact CSS directly for support.

 

Share this post


Link to post
Share on other sites

14 hours ago, GarthMJ said:

Re-reading this thread, IMO you have a certificate / PKI issue.  PKI is a huge pain in the a.. ; hence why I never recommend it.

It might be time to contact CSS directly for support.

 

I'm inclined to agree with you.  We are healthcare so we need PKI whenever possible.  I've been trying to find guides online to implement PKI certs again but have not had any luck.  Do you have any resources to share?

Who do you mean by CSS?

 

I've also included yesterday's IIS log filtered for one client.  It's making contact a few times a minute, every minute, all day.  Can this be attributed to a cert condition as well?

IISlogClientFiltered.txt

Share this post


Link to post
Share on other sites

I contacted the MS tech I worked with on the client update issue I had a few months back, and he was able to provide these links that tell how to enable HTTPS for WSUS and SCCM.

https://technet.microsoft.com/en-in/library/bb633246.aspx
https://blogs.technet.microsoft.com/configmgrdogs/2015/01/21/configmgr-2012-r2-certificate-requirements-and-https-configuration/

I'm not good with certs at all so I'll work on these with my manager some time in the next day or two.  I'll report back with results.

 

Thanks for guiding me through this so far.

Share this post


Link to post
Share on other sites

This morning things look better.  There are two clients reporting this message:

ID 5445 - MP has rejected registration request due to failure in client certificate (Subject Name: CLIENT_NAME) chain validation. If this is a valid client, Configuration Manager Administrator needs to place the Root Certification Authority and Intermediate Certificate Authorities in the MPÆs Certificate store or configure Trusted Root Certification Authorities in primary site settings. The operating system reported error 2148204809: A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider. 

I'm not really concerned about them right now.

My IBCM server was still reporting certificate expired.  I tracked this down to the cert for its DP.  My manager issued a new cert and now the message has changed from "expired" to "blocked".  I can see in the console under Administration > Overview > Security > Certificates that the old, expired cert is blocked and the new, current cert is unblocked.  I'm not sure are this point why the IBCM's DP would still be trying to use the expired cert.

Share this post


Link to post
Share on other sites

Sorry I've been away for a while.  Other things took priority...

So SMS_MP_CONTROL manager has a green check now which is good, however, the MP server is still having issues with 100% CPU usage probably due to overwhelming client requests.  IIS logs are still 5+ GB daily.  Not sure what the issue is there but maybe resolving some of the other outstanding issues will resolve?

I currently have Critical status for SMS_STATE_SYSTEM, SMS_SITE_SYSTEM_STATUS_SUMMARIZER and SMS_CLIENT_CONFIG_MANAGER.

I currently have Warning status for SMS_SOFTWARE_INVENTORY_PROCESSOR, SMS_CERTIFICATE_MANAGER and SMS_SITE_SQL_BACKUP.

Which one is worth looking at next?

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...



×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.