Answered by:
Internet Client Not talking to DMZ MP

Question
-
I am facing issues in communication of Internet Client to my MP sitting in DMZ.
Scenario:
Primary Site 2012
MP, DP role installed Site system in DMZ domain joined.
DMZ talking to DC, and site server, bidirectional.
Installed MP and DP role, with Internet only client, created FQDN, and published FQDN to public DNS
created certs following steps in http://www.systemcenterdudes.com/internet-based-client-management/.
Tried installing client manually in domain, using switches ccmsetup.exe /usePKICert /NoCRLCheck CCMHOSTNAME="MP public FQDN" DNSSUFFIX="public DNS" SMSSITECODE=XXX
When moved the client to open internet, I see below error in locations services.log
Attempting to retrieve site information from lookup MP(s) via HTTPS LocationServices 3/18/2015 4:28:41 PM 2424 (0x0978)
Failed to send site information Location Request Message to XXXXXXX LocationServices 3/18/2015 4:29:01 PM 2424 (0x0978)
Attempting to retrieve site information from lookup MP(s) via HTTP LocationServices 3/18/2015 4:29:01 PM 2424 (0x0978)
Failed to refresh security settings over MP with error 0x80004005. LocationServices 3/18/2015 4:29:01 PM 2424 (0x0978)
No security settings update detected. LocationServices 3/18/2015 4:29:01 PM 2424 (0x0978)
Using INF MP XXXXXXXXXXX as lookup MP. LocationServices 3/18/2015 4:29:01 PM 2424 (0x0978)
Attempting to retrieve site information from lookup MP(s) via HTTPS LocationServices 3/18/2015 4:29:01 PM 2424 (0x0978)
Failed to send site information Location Request Message to XXX LocationServices 3/18/2015 4:29:08 PM 2424 (0x0978)
Attempting to retrieve site information from lookup MP(s) via HTTP LocationServices 3/18/2015 4:29:08 PM 2424 (0x0978)
Failed to refresh Site Signing Certificate over MP with error 0x80004005. LocationServices 3/18/2015 4:29:08 PM 2424 (0x0978)
Refreshing Site Signing Certificate over HTTP LocationServices 3/18/2015 4:29:08 PM 2424 (0x0978)
[CCMHTTP] AsyncCallback(): ----------------------------------------------------------------- LocationServices 3/18/2015 4:29:26 PM 2424 (0x0978)
[CCMHTTP] AsyncCallback(): WINHTTP_CALLBACK_STATUS_SECURE_FAILURE Encountered LocationServices 3/18/2015 4:29:26 PM 2424 (0x0978)
[CCMHTTP] : dwStatusInformationLength is 4
LocationServices 3/18/2015 4:29:26 PM 2424 (0x0978)
[CCMHTTP] : *lpvStatusInformation is 0x10
LocationServices 3/18/2015 4:29:26 PM 2424 (0x0978)
[CCMHTTP] : WINHTTP_CALLBACK_STATUS_FLAG_CERT_CN_INVALID is set
LocationServices 3/18/2015 4:29:26 PM 2424 (0x0978)
[CCMHTTP] AsyncCallback(): ----------------------------------------------------------------- LocationServices 3/18/2015 4:29:26 PM 2424 (0x0978)
Raising event:
instance of CCM_CcmHttp_Status
{
ClientID = "GUID:8BD27970-C69F-483D-A7E5-0DC76DC7A836";
DateTime = "20150318105926.499000+000";
HostName = "XXXXXXXX";
HRESULT = "0x80072f8f";
ProcessID = 5868;
StatusCode = 16;
ThreadID = 2424;
};
LocationServices 3/18/2015 4:29:26 PM 2424 (0x0978)
Failed to send request to /SMS_MP/.sms_aut?SITESIGNCERT at host XXX, error 0x2f8f LocationServices 3/18/2015 4:29:26 PM 2424 (0x0978)
[CCMHTTP] ERROR: URL=https://XXXXXXXX/SMS_MP/.sms_aut?SITESIGNCERT, Port=443, Options=480, Code=12175, Text=ERROR_WINHTTP_SECURE_FAILURE LocationServices 3/18/2015 4:29:26 PM 2424 (0x0978)
Successfully sent location services HTTPS failure message. LocationServices 3/18/2015 4:29:27 PM 2424 (0x0978)
Failed to refresh Site Signing Certificate over HTTP with error 0x80072f8f. LocationServices 3/18/2015 4:29:27 PM 2424 (0x0978)
Using INF MP XXXXXXXX as lookup MP. LocationServices 3/18/2015 4:29:27 PM 2424 (0x0978)
Attempting to retrieve default management points from lookup MP(s) via HTTPS LocationServices 3/18/2015 4:29:27 PM 2424 (0x0978)
LSGetManagementPointsForSiteFromManagementPoint: Client is on Internet, skipping Intranet MP list request. LocationServices 3/18/2015 4:29:27 PM 2424 (0x0978)
Unable to retrieve compatible MP(s) from AD LocationServices 3/18/2015 4:29:27 PM 2424 (0x0978)
LSGetManagementPointsForSite: Domain joined client is in Internet - INF MP will be used to get other INF MPs. LocationServices 3/18/2015 4:29:27 PM 2424 (0x0978)
LSUpdateInternetManagementPoints LocationServices 3/18/2015 4:29:27 PM 2424 (0x0978)
Current AD site of machine is XXXXX LocationServices 3/18/2015 4:29:27 PM 2424 (0x0978)
Failed to send management point list Location Request Message to XXXXX LocationServices 3/18/2015 4:29:34 PM 2424 (0x0978)
LSUpdateInternetManagementPoints: Failed to retrieve internet MPs from MP XXX with error 0x87d00231, retaining previous list. LocationServices 3/18/2015 4:29:34 PM 2424 (0x0978)
There is no AMP for site code XXXX Nulling existing entry in WMI LocationServices 3/18/2015 4:29:34 PM 2424 (0x0978)
Assigned MP changed from XXXXXXXX to <>. LocationServices 3/18/2015 4:29:34 PM 2424 (0x0978)
Persisted Default Management Point Locations locally LocationServices 3/18/2015 4:29:34 PM 2424 (0x0978)
[CCMHTTP] AsyncCallback(): ----------------------------------------------------------------- LocationServices 3/18/2015 4:29:37 PM 2432 (0x0980)
[CCMHTTP] AsyncCallback(): WINHTTP_CALLBACK_STATUS_SECURE_FAILURE Encountered LocationServices 3/18/2015 4:29:41 PM 2432 (0x0980)
[CCMHTTP] : dwStatusInformationLength is 4
LocationServices 3/18/2015 4:29:41 PM 2432 (0x0980)
[CCMHTTP] : *lpvStatusInformation is 0x10
LocationServices 3/18/2015 4:29:41 PM 2432 (0x0980)
[CCMHTTP] : WINHTTP_CALLBACK_STATUS_FLAG_CERT_CN_INVALID is set
LocationServices 3/18/2015 4:29:41 PM 2432 (0x0980)
[CCMHTTP] AsyncCallback(): ----------------------------------------------------------------- LocationServices 3/18/2015 4:29:41 PM 2432 (0x0980)
Raising event:
instance of CCM_CcmHttp_Status
{
ClientID = "GUID:8BD27970-C69F-483D-A7E5-0DC76DC7A836";
DateTime = "20150318105941.428000+000";
HostName = "XXXXXXXX";
HRESULT = "0x80072f8f";
ProcessID = 5868;
StatusCode = 16;
ThreadID = 2432;
};
LocationServices 3/18/2015 4:29:41 PM 2432 (0x0980)
Failed to send request to /SMS_MP/.sms_aut?MPLIST2&XXXXX at host XXXXXXX, error 0x2f8f LocationServices 3/18/2015 4:29:41 PM 2432 (0x0980)
[CCMHTTP] ERROR: URL=https://XXXXXXXX/SMS_MP/.sms_aut?MPLIST2&XXXXX, Port=443, Options=480, Code=12175, Text=ERROR_WINHTTP_SECURE_FAILURE LocationServices 3/18/2015 4:29:41 PM 2432 (0x0980)
Successfully sent location services HTTPS failure message. LocationServices 3/18/2015 4:29:41 PM 2432 (0x0980)
Failed to send web service info Location Request Message LocationServices 3/18/2015 4:29:41 PM 2424 (0x0978)
Modassir Khan
Wednesday, March 18, 2015 11:37 AM
Answers
-
Hi,
Here is a blog has a similar problem that a Certificate Revocation List was not configured. You could have a look to check if you missed anything.
Certificate Revocation Lists and Your Config Manager Client
Best Regards,
Joyce
Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.
Thursday, March 19, 2015 5:49 AM
All replies
-
Hi,
Here is a blog has a similar problem that a Certificate Revocation List was not configured. You could have a look to check if you missed anything.
Certificate Revocation Lists and Your Config Manager Client
Best Regards,
Joyce
Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.
Thursday, March 19, 2015 5:49 AM -
+1 for linking my post. I hope it helped xDFriday, May 22, 2015 2:13 PM