Jump to content


Sign in to follow this  
mbkowns

HTTPS Management point = HTTP Error 403.7 - Forbidden

Recommended Posts

I am trying to validate HTTP using the link below but I receive the error Error 403.7 - Forbidden. I can go to https://hostname.fqdn.com/ and everything comes up fine, its only when I go to the test link.

 

SCCM 2012 R2 on Server 2012(MP) with all windows patches.

 

Server 2008 R2 (Primary)

 

 

mpcontrol.log shows

 

Completed validation of Certificate [Thumbprint ba0ace702cd3add1972a84b48e4eba876e23d9ec] issued to 'hostname.fqdn.com' SMS_MP_CONTROL_MANAGER 10/28/2013 4:30:28 PM 3184 (0x0C70)
Certificate doesn't have SAN2 extension. SMS_MP_CONTROL_MANAGER 10/28/2013 4:30:28 PM 3184 (0x0C70)
Using custom selection criteria based on the machine NetBIOS name. SMS_MP_CONTROL_MANAGER 10/28/2013 4:30:28 PM 3184 (0x0C70)

 

Failed to retrieve client certificate. Error -2147467259

Call to HttpSendRequestSync failed for port 443 with -2147467259 error code.

 

https://hostname.fqdn.com/SMS_MP/.sms_aut?MPLIST

 

 

HTTP Error 403.7 - Forbidden The page you are attempting to access requires your browser to have a Secure Sockets Layer (SSL) client certificate that the Web server recognizes.

 

Most likely causes:
  • The page you are attempting to access requires an SSL client certificate.
  • You are browsing to the page using HTTP.
  • The client certificate has expired or the effective time has not been reached.
  • The root certificate (the Certificate Authority certificate) of the client certificate issuing server is not installed on the Web server.
Things you can try:
  • Contact the site administrator to obtain a valid client certificate for the Web site.
  • Try browsing to the page using HTTPS.
  • If you have a client certificate installed, check if it has expired or if the effective time has not been reached.
  • Verify that the root certificate is installed on the Web server.

 

 

Share this post


Link to post
Share on other sites


Sorry to bring this really old topic back up. When I upgraded to System Center 2012 R2 Configuration Manager I started to see this issue. It appears that the certificate had expired. I've reissued the certificate and the Management Point now shows that everything is OK. However, when I try to navigate to the SMS_MP/.sms_aut?mplist URL I still receive a 403.7 error. I am not really sure what's going on. When I issued the certificate, I used the DNS name of myserver.domain.com. Any suggestions would be greatly appreciated.

Share this post


Link to post
Share on other sites

If you are navigating to that URL with a browser and your user account, it probably won't use the correct certificate (as the correct certificate is assigned to the computer and not the user) to connect to the Management Point. This will result in a 403.7 error.

Share this post


Link to post
Share on other sites

HHancock,

 

Here is a post on this topic:

 

http://social.technet.microsoft.com/Forums/systemcenter/en-US/2b767836-56cf-4f6f-bda2-e44acdb43b26/4037-error-when-testing-mpcert-mplist?forum=configmgrgeneral

 

As Peter suggests, your machine may not be using the correct certificate when browsing to the url, but that doesn't necessarily indicate that there's a problem. From that link above, "if you're seeing 'Call to HttpSendRequestSync succeeded for port 443 with status code 200, text: OK' in your mpcontrol.log as per my screenshot above, that's a good sign the MP is functioning correctly."

 

So, check out your mpcontrol.log, and see what you've got.

Share this post


Link to post
Share on other sites

HHancock,

 

Here is a post on this topic:

 

http://social.technet.microsoft.com/Forums/systemcenter/en-US/2b767836-56cf-4f6f-bda2-e44acdb43b26/4037-error-when-testing-mpcert-mplist?forum=configmgrgeneral

 

As Peter suggests, your machine may not be using the correct certificate when browsing to the url, but that doesn't necessarily indicate that there's a problem. From that link above, "if you're seeing 'Call to HttpSendRequestSync succeeded for port 443 with status code 200, text: OK' in your mpcontrol.log as per my screenshot above, that's a good sign the MP is functioning correctly."

 

So, check out your mpcontrol.log, and see what you've got.

 

Ok, great. The mpcontrol.log does say that it succeeded. The Management Point is showing as OK and all of my clients are showing Active.

 

Thank you for your help!

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
Sign in to follow this  

×
×
  • Create New...