none
SCCM 1906 Approve email links points to HTTPS RRS feed

  • Question

  • Hi,

    I have deployed some Application to Software center using User Collections with approve request.

    If I click on Approve or Deny, it points to HPPTS://sccmserver/adminservice........

    I have only HTTP. I know I can switch the SCCM server from http to https/PKI. At the time everything work on my sccm server and the wsus server. I am not sure what will happen if I switch from http to https/PKI mode.

    Does work my WSUS and my SCCM? Does works the client machine with SCCM and WSUS after switching?

    Is there other way to point https without to switch to https/PKI?

    Can I change simple on the IIS the Binding 443 and select a existing Certificate?

    Regards

    Friday, October 11, 2019 8:28 PM

All replies

  • Hi,

    Yes, you can import Web Server certificate from your Root CA on your SCCM server, then add it in the IIS binding.

    If you want plan to switch SCCM to HTTPS mode, you can refer to this: 

    https://blogs.technet.microsoft.com/jchalfant/how-to-configure-microsoft-sccm-to-use-https-pki/

    For WSUS, you can use it with HTTP or HTTPS mode, the both are supported if your clients communicate with HTTPS only.

    Regards,

    SAAD Youssef

    ______

    Please remember to mark the replies as answer if they help, thank you!

    Saturday, October 12, 2019 10:08 AM
  • Hi Saad,

    Thanks again for your replay. Is that recommend to switch from HTTP to HTTPS? What is the avantage?

    Where ca I find web server Certificate on my Rott CA? I am not sure I have a Web server certificate? Can I create a web server certificate on the domain?

    Regards

    Nick

    Saturday, October 12, 2019 2:55 PM
  • Enabling HTTPS client communication is unrelated to email notifications so while none of the above is invalid, its not relevant for this.

    Please read the prerequisites at https://docs.microsoft.com/en-us/sccm/apps/deploy-use/app-approval#bkmk_email-approve.


    Jason | https://home.configmgrftw.com | @jasonsandys

    Saturday, October 12, 2019 3:33 PM
  • Jason,

    I am not sure what you mean. I have reas that link. That means:

    Enable the SMS Provider to use a certificate. Use one of the following options:

    Enable Enhanced HTTP (recommended)

    I have enabeled that, but the link of email points on HTPPS

    Saturday, October 12, 2019 5:27 PM
  • You can refer to this:

    https://www.prajwaldesai.com/deploying-web-server-certificate-for-site-systems-that-run-iis/

    But I think if you still use HTTP in the IIS binding, you can also approve the application requests, Is it true?

    Saturday, October 12, 2019 7:23 PM
  • No I cannot approve the application request. Because the link point of Microsoft points on HTTPS
    Saturday, October 12, 2019 7:46 PM
  • The link means exactly what I noted: enabling HTTPS client communication is a completely different operation than enabling HTTPS for the approval process. Just because they both have "HTTPS" in their name and both use certificates doesn't mean that they are the same thing or involve the same configuration steps. Quite the contrary in this case.

    I have enabeled that, but the link of email points on HTPPS

    Yes, that's correct. That's the whole point of enabling enhanced HTTPS: to enable the approval to happen over HTTPS. What else are you expecting?


    Jason | https://home.configmgrftw.com | @jasonsandys

    Saturday, October 12, 2019 9:21 PM
  • You can refer to this:

    https://www.prajwaldesai.com/deploying-web-server-certificate-for-site-systems-that-run-iis/

    But I think if you still use HTTP in the IIS binding, you can also approve the application requests, Is it true?

    That link has nothing to do with email approval; it is specific to enabling HTTPS client communication which is completely separate functionality.

    Jason | https://home.configmgrftw.com | @jasonsandys

    Saturday, October 12, 2019 9:22 PM
  • You can refer to this:

    https://www.prajwaldesai.com/deploying-web-server-certificate-for-site-systems-that-run-iis/

    But I think if you still use HTTP in the IIS binding, you can also approve the application requests, Is it true?

    That link has nothing to do with email approval; it is specific to enabling HTTPS client communication which is completely separate functionality.

    Jason | https://home.configmgrftw.com | @jasonsandys

    Yes, I know that Jason, but I'm talking just about enrolling Web Server certificate to the IIS, with that, the clients can access to the SCCM HTTPS URL without any error message.
    Sunday, October 13, 2019 9:08 AM
  • Ok Jason, you mean if I enable "enhanced HTTPS", the link of approve request should work?

    Does it do any effect on WSUS server or on the client machine because of ADRs, App Deployment?
    • Edited by mpng2008 Sunday, October 13, 2019 9:47 AM
    Sunday, October 13, 2019 9:30 AM
  • When you click on the "Approve" in the email request, what is the error message? Can you share with us a screenshot? Have you tried with another Web explorer (Chrome, Microsoft Edge, IE...) ? The same result?
    Sunday, October 13, 2019 4:14 PM
  • No, that has nothing to do with enabling email approvals. The question is not in any way related to client access or client HTTPS communication usage. It is simply about email approval which i no way requires this.

    Jason | https://home.configmgrftw.com | @jasonsandys

    Sunday, October 13, 2019 5:51 PM
  • Ok Jason, you mean if I enable "enhanced HTTPS", the link of approve request should work?

    Exactly as the official documentation notes, correct. 

    No, this does not change any functionality. It simply issues self-signed certs to the MPs so these can be used for various purposes as needed.


    Jason | https://home.configmgrftw.com | @jasonsandys


    Sunday, October 13, 2019 5:52 PM
  • Jason,

    After Enabled "enhanced HTTPS" on my SCCM server, I could approve the Link, but many of the client machine has lot the Connection to the SCCM server.

    Here my Devices status

    before enable it, it works all the devices to sccm 

    I have no Idea why.

    Any Idea?

    Monday, October 14, 2019 12:33 PM
  • See my response in your other thread https://social.technet.microsoft.com/Forums/en-US/cec8047d-cda1-4e52-a643-173b8f4da4dc/sccm-1906-and-enabled-8220use-configuration-managergenerated-certificates-for-http-site?forum=ConfigMgrAppManagement#cec8047d-cda1-4e52-a643-173b8f4da4dc

    Jason | https://home.configmgrftw.com | @jasonsandys

    Monday, October 14, 2019 2:39 PM
  • Ok I did see it.

    I can really say that all the client agent were installed because I deployed before two days Windows 10 Updates

    Monday, October 14, 2019 2:46 PM