locked
Internet Client Not talking to DMZ MP RRS feed

  • Question

  • I am facing issues in communication of Internet Client to my MP sitting in DMZ.

    Scenario:

    Primary Site 2012

    MP, DP role installed Site system in DMZ domain joined.

    DMZ talking to DC, and site server, bidirectional.

    Installed MP and DP role, with Internet only client, created FQDN, and published FQDN to public DNS

    created certs following steps in http://www.systemcenterdudes.com/internet-based-client-management/.

    Tried installing client manually in domain, using switches ccmsetup.exe /usePKICert /NoCRLCheck CCMHOSTNAME="MP public FQDN" DNSSUFFIX="public DNS" SMSSITECODE=XXX 

    When moved the client to open internet, I see below error in locations services.log

    Attempting to retrieve site information from lookup MP(s) via HTTPS LocationServices 3/18/2015 4:28:41 PM 2424 (0x0978)
    Failed to send site information Location Request Message to XXXXXXX LocationServices 3/18/2015 4:29:01 PM 2424 (0x0978)
    Attempting to retrieve site information from lookup MP(s) via HTTP LocationServices 3/18/2015 4:29:01 PM 2424 (0x0978)
    Failed to refresh security settings over MP with error 0x80004005. LocationServices 3/18/2015 4:29:01 PM 2424 (0x0978)
    No security settings update detected. LocationServices 3/18/2015 4:29:01 PM 2424 (0x0978)
    Using INF MP XXXXXXXXXXX as lookup MP. LocationServices 3/18/2015 4:29:01 PM 2424 (0x0978)
    Attempting to retrieve site information from lookup MP(s) via HTTPS LocationServices 3/18/2015 4:29:01 PM 2424 (0x0978)
    Failed to send site information Location Request Message to XXX LocationServices 3/18/2015 4:29:08 PM 2424 (0x0978)
    Attempting to retrieve site information from lookup MP(s) via HTTP LocationServices 3/18/2015 4:29:08 PM 2424 (0x0978)
    Failed to refresh Site Signing Certificate over MP with error 0x80004005. LocationServices 3/18/2015 4:29:08 PM 2424 (0x0978)
    Refreshing Site Signing Certificate over HTTP LocationServices 3/18/2015 4:29:08 PM 2424 (0x0978)
    [CCMHTTP] AsyncCallback(): ----------------------------------------------------------------- LocationServices 3/18/2015 4:29:26 PM 2424 (0x0978)
    [CCMHTTP] AsyncCallback(): WINHTTP_CALLBACK_STATUS_SECURE_FAILURE Encountered LocationServices 3/18/2015 4:29:26 PM 2424 (0x0978)
    [CCMHTTP]                : dwStatusInformationLength is 4
    LocationServices 3/18/2015 4:29:26 PM 2424 (0x0978)
    [CCMHTTP]                : *lpvStatusInformation is 0x10
    LocationServices 3/18/2015 4:29:26 PM 2424 (0x0978)
    [CCMHTTP]            : WINHTTP_CALLBACK_STATUS_FLAG_CERT_CN_INVALID is set
    LocationServices 3/18/2015 4:29:26 PM 2424 (0x0978)
    [CCMHTTP] AsyncCallback(): ----------------------------------------------------------------- LocationServices 3/18/2015 4:29:26 PM 2424 (0x0978)
    Raising event:
    instance of CCM_CcmHttp_Status
    {
    ClientID = "GUID:8BD27970-C69F-483D-A7E5-0DC76DC7A836";
    DateTime = "20150318105926.499000+000";
    HostName = "XXXXXXXX";
    HRESULT = "0x80072f8f";
    ProcessID = 5868;
    StatusCode = 16;
    ThreadID = 2424;
    };
    LocationServices 3/18/2015 4:29:26 PM 2424 (0x0978)
    Failed to send request to /SMS_MP/.sms_aut?SITESIGNCERT at host XXX, error 0x2f8f LocationServices 3/18/2015 4:29:26 PM 2424 (0x0978)
    [CCMHTTP] ERROR: URL=https://XXXXXXXX/SMS_MP/.sms_aut?SITESIGNCERT, Port=443, Options=480, Code=12175, Text=ERROR_WINHTTP_SECURE_FAILURE LocationServices 3/18/2015 4:29:26 PM 2424 (0x0978)
    Successfully sent location services HTTPS failure message. LocationServices 3/18/2015 4:29:27 PM 2424 (0x0978)
    Failed to refresh Site Signing Certificate over HTTP with error 0x80072f8f. LocationServices 3/18/2015 4:29:27 PM 2424 (0x0978)
    Using INF MP XXXXXXXX as lookup MP. LocationServices 3/18/2015 4:29:27 PM 2424 (0x0978)
    Attempting to retrieve default management points from lookup MP(s) via HTTPS LocationServices 3/18/2015 4:29:27 PM 2424 (0x0978)
    LSGetManagementPointsForSiteFromManagementPoint: Client is on Internet, skipping Intranet MP list request. LocationServices 3/18/2015 4:29:27 PM 2424 (0x0978)
    Unable to retrieve compatible MP(s) from AD LocationServices 3/18/2015 4:29:27 PM 2424 (0x0978)
    LSGetManagementPointsForSite: Domain joined client is in Internet - INF MP will be used to get other INF MPs. LocationServices 3/18/2015 4:29:27 PM 2424 (0x0978)
    LSUpdateInternetManagementPoints LocationServices 3/18/2015 4:29:27 PM 2424 (0x0978)
    Current AD site of machine is XXXXX LocationServices 3/18/2015 4:29:27 PM 2424 (0x0978)
    Failed to send management point list Location Request Message to XXXXX LocationServices 3/18/2015 4:29:34 PM 2424 (0x0978)
    LSUpdateInternetManagementPoints: Failed to retrieve internet MPs from MP XXX with error 0x87d00231, retaining previous list. LocationServices 3/18/2015 4:29:34 PM 2424 (0x0978)
    There is no AMP for site code XXXX Nulling existing entry in WMI LocationServices 3/18/2015 4:29:34 PM 2424 (0x0978)
    Assigned MP changed from XXXXXXXX to <>. LocationServices 3/18/2015 4:29:34 PM 2424 (0x0978)
    Persisted Default Management Point Locations locally LocationServices 3/18/2015 4:29:34 PM 2424 (0x0978)
    [CCMHTTP] AsyncCallback(): ----------------------------------------------------------------- LocationServices 3/18/2015 4:29:37 PM 2432 (0x0980)
    [CCMHTTP] AsyncCallback(): WINHTTP_CALLBACK_STATUS_SECURE_FAILURE Encountered LocationServices 3/18/2015 4:29:41 PM 2432 (0x0980)
    [CCMHTTP]                : dwStatusInformationLength is 4
    LocationServices 3/18/2015 4:29:41 PM 2432 (0x0980)
    [CCMHTTP]                : *lpvStatusInformation is 0x10
    LocationServices 3/18/2015 4:29:41 PM 2432 (0x0980)
    [CCMHTTP]            : WINHTTP_CALLBACK_STATUS_FLAG_CERT_CN_INVALID is set
    LocationServices 3/18/2015 4:29:41 PM 2432 (0x0980)
    [CCMHTTP] AsyncCallback(): ----------------------------------------------------------------- LocationServices 3/18/2015 4:29:41 PM 2432 (0x0980)
    Raising event:
    instance of CCM_CcmHttp_Status
    {
    ClientID = "GUID:8BD27970-C69F-483D-A7E5-0DC76DC7A836";
    DateTime = "20150318105941.428000+000";
    HostName = "XXXXXXXX";
    HRESULT = "0x80072f8f";
    ProcessID = 5868;
    StatusCode = 16;
    ThreadID = 2432;
    };
    LocationServices 3/18/2015 4:29:41 PM 2432 (0x0980)
    Failed to send request to /SMS_MP/.sms_aut?MPLIST2&XXXXX at host XXXXXXX, error 0x2f8f LocationServices 3/18/2015 4:29:41 PM 2432 (0x0980)
    [CCMHTTP] ERROR: URL=https://XXXXXXXX/SMS_MP/.sms_aut?MPLIST2&XXXXX, Port=443, Options=480, Code=12175, Text=ERROR_WINHTTP_SECURE_FAILURE LocationServices 3/18/2015 4:29:41 PM 2432 (0x0980)
    Successfully sent location services HTTPS failure message. LocationServices 3/18/2015 4:29:41 PM 2432 (0x0980)
    Failed to send web service info Location Request Message LocationServices 3/18/2015 4:29:41 PM 2424 (0x0978)


    Modassir Khan

    Wednesday, March 18, 2015 11:37 AM

Answers

All replies