none
SCCM / MECM 1910 3 Domains trusted Switch to PKI / HTTPS only communication Issue RRS feed

 > 

  • Frage

  • Question
    Anmelden
    0
    Anmelden

    Hello Systemcenterpeople, 

    everything was working fine before switch to HTTPS only.

    the Situation:

    one Domain contains Primary Site, Management Point, PKI DP´s --> everything is working fine Software updates, OS Deployment , Software deployment , no problems

    the other 2 domains, trusted Domains, --> nothing is working

    Details at the trusted Domains:

    Client certificates are enroled, certchain look ok , in the configuration Manger settings at the client PKI ist not selected.

    I tried to reinstall the SCCM Agent

    what confuses me the last line in ccmsetup.log

    MP 'https://managementpoint.com' is HTTPS. Client does not allow to use PKI issued cert and is not AAD capable. Ignoring this MP.

    It´s finding the right MP, but decides to ignore it ?

    CCMsetup.log complete:

    Downloading file c:\SCCM_TEMP\ccmsetup.exe ccmsetup 29.07.2020 14:21:58 3276 (0x0CCC)
    Downloading c:\SCCM_TEMP\ccmsetup.exe to C:\WINDOWS\ccmsetup\ccmsetup.exe ccmsetup 29.07.2020 14:21:58 3276 (0x0CCC)
    File download 12% complete (524288 of 4222024 bytes). ccmsetup 29.07.2020 14:21:58 3276 (0x0CCC)
    File download 24% complete (1048576 of 4222024 bytes). ccmsetup 29.07.2020 14:21:58 3276 (0x0CCC)
    File download 37% complete (1572864 of 4222024 bytes). ccmsetup 29.07.2020 14:21:58 3276 (0x0CCC)
    File download 49% complete (2097152 of 4222024 bytes). ccmsetup 29.07.2020 14:21:58 3276 (0x0CCC)
    File download 62% complete (2621440 of 4222024 bytes). ccmsetup 29.07.2020 14:21:58 3276 (0x0CCC)
    File download 74% complete (3145728 of 4222024 bytes). ccmsetup 29.07.2020 14:21:58 3276 (0x0CCC)
    File download 86% complete (3670016 of 4222024 bytes). ccmsetup 29.07.2020 14:21:58 3276 (0x0CCC)
    File download 99% complete (4194304 of 4222024 bytes). ccmsetup 29.07.2020 14:21:58 3276 (0x0CCC)
    File download 100% complete (4222024 of 4222024 bytes). ccmsetup 29.07.2020 14:21:58 3276 (0x0CCC)
    Download complete. ccmsetup 29.07.2020 14:21:58 3276 (0x0CCC)

    Ccmsetup command line: "C:\WINDOWS\ccmsetup\ccmsetup.exe" /runservice  "/MP:httpsmpname.com" "/NoCRLCheck" "/Retry:1" ccmsetup 29.07.2020 14:21:58 3736 (0x0E98)
    Command line parameters for ccmsetup have been specified.  No registry lookup for command line parameters is required. ccmsetup 29.07.2020 14:21:58 3736 (0x0E98)
    Command line: "C:\WINDOWS\ccmsetup\ccmsetup.exe" /runservice  "/MP:https://mpname.com" "/NoCRLCheck" "/Retry:1" ccmsetup 29.07.2020 14:21:58 3736 (0x0E98)
    SslState value: 192 ccmsetup 29.07.2020 14:21:58 3736 (0x0E98)
    CCMHTTPPORT:    80 ccmsetup 29.07.2020 14:21:58 3736 (0x0E98)
    CCMHTTPSPORT:    443 ccmsetup 29.07.2020 14:21:58 3736 (0x0E98)
    CCMHTTPSSTATE:    192 ccmsetup 29.07.2020 14:21:58 3736 (0x0E98)
    CCMHTTPSCERTNAME:    ccmsetup 29.07.2020 14:21:58 3736 (0x0E98)
    FSP:    ccmsetup 29.07.2020 14:21:58 3736 (0x0E98)
    CCMCERTSTORE:    MY ccmsetup 29.07.2020 14:21:58 3736 (0x0E98)
    CCMFIRSTCERT:    1 ccmsetup 29.07.2020 14:21:58 3736 (0x0E98)
    CCMPKICERTOPTIONS:    1 ccmsetup 29.07.2020 14:21:58 3736 (0x0E98)
    MANAGEDINSTALLER:    0 ccmsetup 29.07.2020 14:21:58 3736 (0x0E98)
    Client is set to use HTTPS when available. The current state is 224. ccmsetup 29.07.2020 14:21:58 3736 (0x0E98)
    CCMCERTID:    SMS;859B679FDE694ABFE9786F403F2E6C1237A0A8F8 ccmsetup 29.07.2020 14:21:58 3736 (0x0E98)
    Begin searching client certificates based on Certificate Issuers ccmsetup 29.07.2020 14:21:58 3736 (0x0E98)
    Completed searching client certificates based on Certificate Issuers ccmsetup 29.07.2020 14:21:58 3736 (0x0E98)
    Begin to select client certificate ccmsetup 29.07.2020 14:21:58 3736 (0x0E98)
    The 'Certificate Selection Criteria' was not specified, counting number of certificates present in 'MY' store of 'Local Computer'. ccmsetup 29.07.2020 14:21:58 3736 (0x0E98)
    1 certificate(s) found in the 'MY' certificate store. ccmsetup 29.07.2020 14:21:58 3736 (0x0E98)
    Only one certificate present in the certificate store. ccmsetup 29.07.2020 14:21:58 3736 (0x0E98)
    Begin validation of Certificate [Thumbprint 49628D0E1EE909EA8DB546523F4F870DACCD469E] issued to 'MRB-NB053.prod.temmler.eu' ccmsetup 29.07.2020 14:21:58 3736 (0x0E98)
    Allowing usage of CNG key storage. ccmsetup 29.07.2020 14:21:58 3736 (0x0E98)
    The Certificate [Thumbprint 49628D0E1EE909EA8DB546523F4F870DACCD469E] issued to 'clientname.eu' has 'Client Authentication' capability. ccmsetup 29.07.2020 14:21:58 3736 (0x0E98)
    Completed validation of Certificate [Thumbprint 49628D0E1EE909EA8DB546523F4F870DACCD469E] issued to 'clientname.eu' ccmsetup 29.07.2020 14:21:58 3736 (0x0E98)
    >>> Client selected the PKI Certificate [Thumbprint 49628D0E1EE909EA8DB546523F4F870DACCD469E] issued to 'clientname.eu' ccmsetup 29.07.2020 14:21:58 3736 (0x0E98)
    MP 'https://managementpoint.com' is HTTPS. Client does not allow to use PKI issued cert and is not AAD capable. Ignoring this MP. ccmsetup 29.07.2020 14:21:58 3736 (0x0E98)
    No MP or source location has been explicitly specified.  Trying to discover a valid content location... ccmsetup 29.07.2020 14:21:58 3736 (0x0E98)

    *****************************************************

    Any ideas?

    thxs in advance

    Mittwoch, 29. Juli 2020 14:23
    |

Antworten