locked
Error 500 when installing Certificate Registration Point RRS feed

  • Question

  • Hello,

    I am trying to create a testlab for Certificate Profiles in SCCM 2012 R2. I'm following http://technet.microsoft.com/en-us/library/dn270539.aspx but i'm stuck at the last part. I installed the Certificate Registration Point but I get the following error in SCCM Component status: Certificate Registration Point is not responding to HTTP requests. The error encountered was 500. Please refer to crpctrl.log for further details.

    When I check crpctrl.log:

    Checking CRP service availability state SMS_CERTIFICATE_REGISTRATION_POINT 14-03-2014 13:27:59 6040 (0x1798)

    Machine name is 'SCCM.domain.local'. SMS_CERTIFICATE_REGISTRATION_POINT 14-03-2014 13:27:59 6040 (0x1798)

    Begin validation of Certificate [Thumbprint 6c7a51e1584fa851e3888dc633563cbc671bf57f] issued to 'SCCM.domain.local' SMS_CERTIFICATE_REGISTRATION_POINT 14-03-2014 13:27:59 6040 (0x1798)

    Certificate doesn't have "SSL Client Authentication" capabilities. SMS_CERTIFICATE_REGISTRATION_POINT 14-03-2014 13:27:59 6040 (0x1798)

    Completed validation of Certificate [Thumbprint 6c7a51e1584fa851e3888dc633563cbc671bf57f] issued to 'SCCM.domain.local' SMS_CERTIFICATE_REGISTRATION_POINT 14-03-2014 13:27:59 6040 (0x1798)

    Skipping this certificate which is not valid for ConfigMgr usage. SMS_CERTIFICATE_REGISTRATION_POINT 14-03-2014 13:27:59 6040 (0x1798)

    Begin validation of Certificate [Thumbprint 213e97a48ffbc19402df6d4d6dd840c92d341053] issued to 'SCCM.domain.local' SMS_CERTIFICATE_REGISTRATION_POINT 14-03-2014 13:27:59 6040 (0x1798)

    Completed validation of Certificate [Thumbprint 213e97a48ffbc19402df6d4d6dd840c92d341053] issued to 'SCCM.domain.local' SMS_CERTIFICATE_REGISTRATION_POINT 14-03-2014 13:27:59 6040 (0x1798)

    Skipping this certificate which is not valid for ConfigMgr usage. SMS_CERTIFICATE_REGISTRATION_POINT 14-03-2014 13:27:59 6040 (0x1798)

    There are no certificate(s) that meet the criteria. SMS_CERTIFICATE_REGISTRATION_POINT 14-03-2014 13:27:59 6040 (0x1798)

    Performing machine FQDN to SAN2 search. SMS_CERTIFICATE_REGISTRATION_POINT 14-03-2014 13:27:59 6040 (0x1798)

    Certificate SAN2 extension doesn't have DNS name. SMS_CERTIFICATE_REGISTRATION_POINT 14-03-2014 13:27:59 6040 (0x1798)

    Begin validation of Certificate [Thumbprint 213e97a48ffbc19402df6d4d6dd840c92d341053] issued to 'SCCM.domain.local' SMS_CERTIFICATE_REGISTRATION_POINT 14-03-2014 13:27:59 6040 (0x1798)

    Completed validation of Certificate [Thumbprint 213e97a48ffbc19402df6d4d6dd840c92d341053] issued to 'SCCM.domain.local' SMS_CERTIFICATE_REGISTRATION_POINT 14-03-2014 13:27:59 6040 (0x1798)

    Begin validation of Certificate [Thumbprint 1c9623d4708d59b008b2e3c8e1c1bab1a4e9248f] issued to 'SCCM.domain.local' SMS_CERTIFICATE_REGISTRATION_POINT 14-03-2014 13:27:59 6040 (0x1798)

    Certificate doesn't have "SSL Client Authentication" capabilities. SMS_CERTIFICATE_REGISTRATION_POINT 14-03-2014 13:27:59 6040 (0x1798)

    Completed validation of Certificate [Thumbprint 1c9623d4708d59b008b2e3c8e1c1bab1a4e9248f] issued to 'SCCM.domain.local' SMS_CERTIFICATE_REGISTRATION_POINT 14-03-2014 13:27:59 6040 (0x1798)

    Begin validation of Certificate [Thumbprint 17fb1e28e875df2a88ad7d692334f19e740bc500] issued to 'SCCM.domain.local' SMS_CERTIFICATE_REGISTRATION_POINT 14-03-2014 13:27:59 6040 (0x1798)

    Certificate has "SSL Client Authentication" capability. SMS_CERTIFICATE_REGISTRATION_POINT 14-03-2014 13:27:59 6040 (0x1798)

    Completed validation of Certificate [Thumbprint 17fb1e28e875df2a88ad7d692334f19e740bc500] issued to 'SCCM.domain.local' SMS_CERTIFICATE_REGISTRATION_POINT 14-03-2014 13:27:59 6040 (0x1798)

    Begin validation of Certificate [Thumbprint 0f6747ffedf3f8920470c3847b5af7048c58fe4d] issued to 'SCCM.domain.local' SMS_CERTIFICATE_REGISTRATION_POINT 14-03-2014 13:27:59 6040 (0x1798)

    Certificate has "SSL Client Authentication" capability. SMS_CERTIFICATE_REGISTRATION_POINT 14-03-2014 13:27:59 6040 (0x1798)

    Completed validation of Certificate [Thumbprint 0f6747ffedf3f8920470c3847b5af7048c58fe4d] issued to 'SCCM.domain.local' SMS_CERTIFICATE_REGISTRATION_POINT 14-03-2014 13:27:59 6040 (0x1798)

    >>> Selected Certificate [Thumbprint 0f6747ffedf3f8920470c3847b5af7048c58fe4d] issued to 'SCCM.domain.local' for HTTPS Client Authentication SMS_CERTIFICATE_REGISTRATION_POINT 14-03-2014 13:27:59 6040 (0x1798)

    CRP's previous status was 1 (0 = Online, 1 = Failed, 4 = Undefined) SMS_CERTIFICATE_REGISTRATION_POINT 14-03-2014 13:28:00 6040 (0x1798)

    Health check request failed, status code is 500, 'Internal Server Error'. SMS_CERTIFICATE_REGISTRATION_POINT 14-03-2014 13:28:00 6040 (0x1798)

    STATMSG: ID=10202 SEV=E LEV=M SOURCE="SMS Server" COMP="SMS_CERTIFICATE_REGISTRATION_POINT" SYS=SCCM.domain.local SITE=S01 PID=2988 TID=6040 GMTDATE=vr mrt 14 12:28:00.163 2014 ISTR0="500" ISTR1="Internal Server Error" ISTR2="" ISTR3="" ISTR4="" ISTR5="" ISTR6="" ISTR7="" ISTR8="" ISTR9="" NUMATTRS=0 SMS_CERTIFICATE_REGISTRATION_POINT 14-03-2014 13:28:00 6040 (0x1798)

    Completed the CRP availability check against local computer. SMS_CERTIFICATE_REGISTRATION_POINT 14-03-2014 13:28:00 6040 (0x1798)

    Starting CRP certificate maintenance... SMS_CERTIFICATE_REGISTRATION_POINT 14-03-2014 13:28:00 6040 (0x1798)

    Successfully granted permission to certificate SMS_CERTIFICATE_REGISTRATION_POINT 14-03-2014 13:28:00 6040 (0x1798)

    CRP website is using PKI issued certificate SMS_CERTIFICATE_REGISTRATION_POINT 14-03-2014 13:28:00 6040 (0x1798)

    Finished certificate maintenance... SMS_CERTIFICATE_REGISTRATION_POINT 14-03-2014 13:28:00 6040 (0x1798)

    Waiting for changes for 600 seconds SMS_CERTIFICATE_REGISTRATION_POINT 14-03-2014 13:28:00 6040 (0x1798)

    The certificate that CRP uses according to the logfile is a PKI certificate with Client Authentication so that should be OK.

    When I browse to https://sccm.domain.local/CMCertificateRegistration I get HTTP Error 403.7 - Forbidden, but according to the Technet article I should get HTTP Error 404. I'm a bit lost now where to look next. Thanks.

    Friday, March 14, 2014 12:38 PM

Answers

  • Hi Joyce,

    Thank you for your reply. Yesterday I tried installing the Certificate Registration Point on the same server as the Network Device Enrollment Service and that went without any issues, so I'll stick with this setup for now.

    Kind regards,

    Michel

    Tuesday, March 18, 2014 7:13 AM

All replies