locked
IBCM weird issue RRS feed

  • Question

  • Hi, I'm running in weird/strange issue with our IBCM environment.  I've managed to setup up IBCM in our America's and Europe DMZ (THx Jason and Wally for helping out on previous posts).  For the America's all is working fine, I see clients sending inventory/DDR request policy and install software. 

    For our Europe DMZ, the setup completed the Management point is working checking mpcontrol.log, site components however when connected to the "Public Internet" I'm not able to get to the https://XXX01.XX.com/SMS_MP/.sms_aut?MPLIST

    My clients in Europe have received the Policies and populated the "Internet Management Point" however when the client is connected to the Internet and try to get Policies I see following error in the client logs

    Post to https://XXX01.XX.com/ccm_system/request failed with 0x87d00231. CcmMessaging 9/11/2014 9:42:19
    OutgoingMessage(Queue='mp_[http]mp_locationmanager', ID={6C9D26A6-D5C4-4CF5-B521-396CE6E64BA1}): Error posting to host 'XXXP01.XX.com' (0x87d00231). CcmMessaging 9/11/2014 9:42:19

    The error 0x87d00231 translates to "Transient error" or network problem.

    Following troubleshooting I've done from Public Internet:

    - The client have the right machine certificates installed

    - check the MP is accessible from Public Internet, able to resolve the name  ==> OK

    - I'm able to browse to our test page using https  ==> OK

    The odd issue that I have is when I access the MPLIST page from internal network still using https protocol it works ???  I'm kind of lost with this one, any help or suggestions are welcome

    Thursday, September 11, 2014 12:27 PM

Answers

  • Really hard to offer a whole lot here.

    Start with the IIS logs on the MP to see if it can even see the traffic. Also, get the networking folks involved also to see if they can see the traffic and if its getting delivered to the MP.

    Finally, one thing that hung me up recently was not having the correct binding set up in IIS so verify that and make sure it has the right external DNS name, the right cert, and the right port.


    Jason | http://blog.configmgrftw.com | @jasonsandys

    • Proposed as answer by Joyce L Monday, September 22, 2014 8:53 AM
    • Marked as answer by Joyce L Monday, September 22, 2014 8:54 AM
    Thursday, September 11, 2014 2:18 PM

All replies

  • Really hard to offer a whole lot here.

    Start with the IIS logs on the MP to see if it can even see the traffic. Also, get the networking folks involved also to see if they can see the traffic and if its getting delivered to the MP.

    Finally, one thing that hung me up recently was not having the correct binding set up in IIS so verify that and make sure it has the right external DNS name, the right cert, and the right port.


    Jason | http://blog.configmgrftw.com | @jasonsandys

    • Proposed as answer by Joyce L Monday, September 22, 2014 8:53 AM
    • Marked as answer by Joyce L Monday, September 22, 2014 8:54 AM
    Thursday, September 11, 2014 2:18 PM
  • Jason, thx again for providing some advice, one thing I forgot to mention when I run the MPLIST request from the America's it does show me the 2 Internal MP's + 1 Extranet MP.  This site is also configured as Fallback side.  if I do the same from Europe the MPLIST only returns the 2 Internal MP's and not the extranet MP.  Is that normal behavior.  when I check my clients in Europe (few test machines that are on-line) they have received the right policies and the "Internet Management Point" is populated with the right info.

    Thursday, September 11, 2014 4:07 PM
  • Like Jason mentioned before, start with the IIS log files on the Internet facing MP. If you're seeing hits from clients it will provide more detailed information about the problem (at least the error).

    My Blog: http://www.petervanderwoude.nl/
    Follow me on twitter: pvanderwoude

    Thursday, September 11, 2014 6:49 PM