locked
Client failing to deploy RRS feed

  • Question

  • I have introduced certificates through an internal CA. I am getting errors below which show that it can't find the DP. However boundaries, boundary groups are both configured. I have also configured the MP to use http or https, PKI cert if available.

    Only one MP HTTPS://MW-SCCM.mw is specified. Use it. ccmsetup 7/12/2016 2:22:29 PM 4276 (0x10B4)
    Searching for DP locations from MP(s)... ccmsetup 7/12/2016 2:22:29 PM 4276 (0x10B4)
    Unable to retrieve AD site membership LocationServices 7/12/2016 2:22:29 PM 4276 (0x10B4)
    Local Machine is joined to an AD domain LocationServices 7/12/2016 2:22:29 PM 4276 (0x10B4)
    Current AD forest name is mw, domain name is mw LocationServices 7/12/2016 2:22:29 PM 4276 (0x10B4)
    DhcpGetOriginalSubnetMask entry point is supported. LocationServices 7/12/2016 2:22:29 PM 4276 (0x10B4)
    Begin checking Alternate Network Configuration LocationServices 7/12/2016 2:22:29 PM 4276 (0x10B4)
    Finished checking Alternate Network Configuration LocationServices 7/12/2016 2:22:29 PM 4276 (0x10B4)
    Adapter {7DF8DB23-5A05-4C4D-9B7B-BF7A509B4566} is DHCP enabled. Checking quarantine status. LocationServices 7/12/2016 2:22:29 PM 4276 (0x10B4)
    Sending message body '<ContentLocationRequest SchemaVersion="1.00">
      <AssignedSite SiteCode="MWS"/>
      <ClientPackage/>
      <ClientLocationInfo LocationType="SMSPACKAGE" DistributeOnDemand="0" UseProtected="0" AllowCaching="0" BranchDPFlags="0" AllowHTTP="1" AllowSMB="0" AllowMulticast="0" UseInternetDP="0">
        <ADSite Name=""/>
        <Forest Name="mw"/>
        <Domain Name="mw"/>
        <IPAddresses>
    <IPAddress SubnetAddress="192.168.32.0" Address="192.168.32.61"/>
        </IPAddresses>
      </ClientLocationInfo>
    </ContentLocationRequest>
    ' ccmsetup 7/12/2016 2:22:29 PM 4276 (0x10B4)
    Sending message header '<Msg SchemaVersion="1.1"><ID>{CC559595-D13D-4D35-87EF-9CD6FA6FB1A0}</ID><SourceID></SourceID><SourceHost>BZUCKROW-WIN10</SourceHost><TargetAddress>mp:[http]MP_LocationManager</TargetAddress><ReplyTo>direct:BZUCKROW-WIN10:LS_ReplyLocations</ReplyTo><Priority>3</Priority><Timeout>600</Timeout><ReqVersion>5931</ReqVersion><TargetHost>HTTPS://MW-SCCM.mw</TargetHost><TargetEndpoint>MP_LocationManager</TargetEndpoint><ReplyMode>Sync</ReplyMode><Protocol>http</Protocol><SentTime>2016-07-12T18:22:29Z</SentTime><Body Type="ByteRange" Offset="0" Length="1084"/><Hooks><Hook3 Name="zlib-compress"/></Hooks><Payload Type="inline"/></Msg>' ccmsetup 7/12/2016 2:22:29 PM 4276 (0x10B4)
    MapNLMCostDataToCCMCost() returning Cost 0x1 ccmsetup 7/12/2016 2:22:29 PM 4276 (0x10B4)
    CCM_POST 'HTTPS://MW-SCCM.mw/ccm_system/request' ccmsetup 7/12/2016 2:22:29 PM 4276 (0x10B4)
    Begin searching client certificates based on Certificate Issuers ccmsetup 7/12/2016 2:22:29 PM 4276 (0x10B4)
    Certificate Issuer 1 [CN=mw-MCC-CA01-CA-1; DC=mw; ] ccmsetup 7/12/2016 2:22:29 PM 4276 (0x10B4)
    Analyzing 1 Chain(s) found ccmsetup 7/12/2016 2:22:29 PM 4276 (0x10B4)
    Chain has Certificate [Thumbprint 6FA206E2C89ED62A4394DFDBF5A497427E0C799F] issued to [BZuckrow-Win10.mw] issued by [CN=mw-MCC-CA02-CA; DC=mw; ] ccmsetup 7/12/2016 2:22:29 PM 4276 (0x10B4)
    Chain has Certificate [Thumbprint 5B9A4C7BC240DE1BB9A86F23F139180E9D3388FA] issued to [mw-MCC-CA02-CA] issued by [CN=mw-MCC-CA01-CA-1; DC=mw; ] ccmsetup 7/12/2016 2:22:29 PM 4276 (0x10B4)
    Chain has Certificate [Thumbprint 26859249222BA187C87F58E5C613E1E1148A1994] issued to [mw-MCC-CA01-CA-1] issued by [CN=mw-MCC-CA01-CA-1; DC=mw; ] ccmsetup 7/12/2016 2:22:29 PM 4276 (0x10B4)
    Based on Certificate Issuer 'mw-MCC-CA01-CA-1' found Certificate [Thumbprint 6FA206E2C89ED62A4394DFDBF5A497427E0C799F] issued to 'BZuckrow-Win10.mw' ccmsetup 7/12/2016 2:22:29 PM 4276 (0x10B4)
    Begin validation of Certificate [Thumbprint 6FA206E2C89ED62A4394DFDBF5A497427E0C799F] issued to 'BZuckrow-Win10.mw' ccmsetup 7/12/2016 2:22:29 PM 4276 (0x10B4)
    CRL check enabled.  ccmsetup 7/12/2016 2:22:29 PM 4276 (0x10B4)
    Verification of Certificate chain returned 00000000 ccmsetup 7/12/2016 2:22:29 PM 4276 (0x10B4)
    Completed validation of Certificate [Thumbprint 6FA206E2C89ED62A4394DFDBF5A497427E0C799F] issued to 'BZuckrow-Win10.mw' ccmsetup 7/12/2016 2:22:29 PM 4276 (0x10B4)
    Completed searching client certificates based on Certificate Issuers ccmsetup 7/12/2016 2:22:29 PM 4276 (0x10B4)
    Begin to select client certificate ccmsetup 7/12/2016 2:22:29 PM 4276 (0x10B4)
    The 'Certificate Selection Criteria' was not specified, counting number of certificates present in 'MY' store of 'Local Computer'. ccmsetup 7/12/2016 2:22:29 PM 4276 (0x10B4)
    1 certificate(s) found in the 'MY' certificate store. ccmsetup 7/12/2016 2:22:29 PM 4276 (0x10B4)
    Only one certificate present in the certificate store. ccmsetup 7/12/2016 2:22:29 PM 4276 (0x10B4)
    Begin validation of Certificate [Thumbprint 6FA206E2C89ED62A4394DFDBF5A497427E0C799F] issued to 'BZuckrow-Win10.mw' ccmsetup 7/12/2016 2:22:29 PM 4276 (0x10B4)
    The Certificate [Thumbprint 6FA206E2C89ED62A4394DFDBF5A497427E0C799F] issued to 'BZuckrow-Win10.mw' has 'Client Authentication' capability. ccmsetup 7/12/2016 2:22:29 PM 4276 (0x10B4)
    Completed validation of Certificate [Thumbprint 6FA206E2C89ED62A4394DFDBF5A497427E0C799F] issued to 'BZuckrow-Win10.mw' ccmsetup 7/12/2016 2:22:29 PM 4276 (0x10B4)
    >>> Client selected the PKI Certificate [Thumbprint 6FA206E2C89ED62A4394DFDBF5A497427E0C799F] issued to 'BZuckrow-Win10.mw' ccmsetup 7/12/2016 2:22:29 PM 4276 (0x10B4)
    [CCMSETUP] AsyncCallback(): ----------------------------------------------------------------- ccmsetup 7/12/2016 2:22:29 PM 4276 (0x10B4)
    [CCMSETUP] AsyncCallback(): WINHTTP_CALLBACK_STATUS_SECURE_FAILURE Encountered ccmsetup 7/12/2016 2:22:29 PM 4276 (0x10B4)
    [CCMSETUP]                : dwStatusInformationLength is 4
     ccmsetup 7/12/2016 2:22:29 PM 4276 (0x10B4)
    [CCMSETUP]                : *lpvStatusInformation is 0x10
     ccmsetup 7/12/2016 2:22:29 PM 4276 (0x10B4)
    [CCMSETUP]            : WINHTTP_CALLBACK_STATUS_FLAG_CERT_CN_INVALID is set
     ccmsetup 7/12/2016 2:22:29 PM 4276 (0x10B4)
    [CCMSETUP] AsyncCallback(): ----------------------------------------------------------------- ccmsetup 7/12/2016 2:22:29 PM 4276 (0x10B4)
    GetDPLocations failed with error 0x80072f8f ccmsetup 7/12/2016 2:22:29 PM 4276 (0x10B4)
    Failed to get DP locations as the expected version from MP 'HTTPS://MW-SCCM.mw'. Error 0x80072f8f ccmsetup 7/12/2016 2:22:29 PM 4276 (0x10B4)
    Failed to get client version for sending state messages. Error 0x8004100e ccmsetup 7/12/2016 2:22:29 PM 4276 (0x10B4)
    • Edited by phretbuzz Tuesday, July 12, 2016 6:38 PM
    Tuesday, July 12, 2016 6:36 PM

Answers

  • I recreated the server cert, applied in IIS and on the management point and it fixed the issue... not sure what the issue exactly was with the original cert. Problem resolved, thanks.
    • Marked as answer by phretbuzz Thursday, July 14, 2016 3:09 PM
    Thursday, July 14, 2016 3:08 PM

All replies