locked
HTTPS Problems RRS feed

  • Question

  • HI All

    I have been working with a client last few weeks putting in SCCM2012SP1, Everything to date has gone fine, one of there requirements is to managed Mac devices through SCCM, so I created the relevant certificates. The client is communicating happily over HTTPS (PKI) with no issues, and until now the Applicationcat site has been sitting on HTTPS with no issues.

    The problems have stated since I moved the Deploment and management role to HTTPS, I have followed the MS documentation to the letter and I am seeing no errors in the Certmon.log

    However when I enable this everything falls apart and I don't know why, the management point and DP points are throwing multiple errors in the component monitoring, but when I verify the certs everything is fine.

    can anyone offer any advice been stuck on this for 2 days now and its doing my head in.

    many thanks

    Chris

    Tuesday, February 4, 2014 9:23 AM

Answers

  • OK Think I might have found the issue.

    I was told they where using a Microsoft Enterprise CA (PKI) environment

    Turns out its cofigued as so

    Standalone CA

    Microsoft Enterprise Sub CA servers

    Can someone tell me if this is supported?

    As soon as I flick the switch to HTTPS I get the following error

    Call to HttpSendRequestSync failed for port 443 with status code 403, text: Forbidden SMS_MP_CONTROL_MANAGER 06/02/2014 14:12:51 6044 (0x179C)

    Many thanks

    Chris

    • Marked as answer by Juke Chou Tuesday, February 18, 2014 10:39 AM
    Thursday, February 6, 2014 2:55 PM

All replies

  • Hi,

    could you post some snippets of the logs which have errors?

    Tuesday, February 4, 2014 9:50 AM
  • Which logs would you like me to post

    Tuesday, February 4, 2014 11:04 AM
  • For the MP i think that the mpcontrol.log could provide you some information.
    Tuesday, February 4, 2014 11:15 AM
  • So i have been doing some research and i think part of the problem was the amount of processes i kicked off at once.

    I upped the Client, Dp and MP points to talk over HTTPS at the same time, and then installed the Enrolledment roles.

    I think at some point everything got abit confused.

    I am currently un-https's the enviroment to get it stable again then im going to up one roll at a time to Https and see if i can discover a fault with either the configuration or the certs.

    will keep you posted.

    Tuesday, February 4, 2014 11:55 AM
  • OK Think I might have found the issue.

    I was told they where using a Microsoft Enterprise CA (PKI) environment

    Turns out its cofigued as so

    Standalone CA

    Microsoft Enterprise Sub CA servers

    Can someone tell me if this is supported?

    As soon as I flick the switch to HTTPS I get the following error

    Call to HttpSendRequestSync failed for port 443 with status code 403, text: Forbidden SMS_MP_CONTROL_MANAGER 06/02/2014 14:12:51 6044 (0x179C)

    Many thanks

    Chris

    • Marked as answer by Juke Chou Tuesday, February 18, 2014 10:39 AM
    Thursday, February 6, 2014 2:55 PM