locked
CCMSetup is failing to pull the client from its local DP, getting "Failed to receive HTTPS response. (Error at WinHttpReceiveResponse: 12030)" RRS feed

  • Question

  • I am half way through my 2012 migration. Up until this point I had been using SCCM 2007 to deploy the 2012 client to machines, but we have had a dozen or so servers get replaced prior to being migrated and their deploying the 2012 DP and client to the new servers. Which means my clients will have to pull the 200 meg client package over the WAN if i use the 2007 advertisement. My intention is to use CCMSetup which is only 1.5 megs and have it pull the client from the local DP. 

    So far I haven't been able to get that to work. (We're running PKI) When i kick off the ccmsetup.exe it sees the local distro point but receives the following error after which it goes up to the primary and pull the package over the WAN. Here are the errors both client and IIS:

    CCMSetup.log-

    Found local location 'https://f8893vfp02.server.com/SMS_DP_SMSPKG$/HCR00003' ccmsetup 4/11/2015 6:26:47 PM 3176 (0x0C68)
    Found local location 'https://f8893vfp02.server.com/NOCERT_SMS_DP_SMSPKG$/HCR00003' ccmsetup 4/11/2015 6:26:47 PM 3176 (0x0C68)
    Discovered 2 local DP locations. ccmsetup 4/11/2015 6:26:47 PM 3176 (0x0C68)
    PROPFIND 'https://f8893vfp02.server.com/NOCERT_SMS_DP_SMSPKG$/HCR00003' ccmsetup 4/11/2015 6:26:47 PM 3176 (0x0C68)
    Got 401 challenge Retrying with Windows Auth... ccmsetup 4/11/2015 6:26:48 PM 3176 (0x0C68)
    PROPFIND 'https://f8893vfp02.server.com/NOCERT_SMS_DP_SMSPKG$/HCR00003' ccmsetup 4/11/2015 6:26:48 PM 3176 (0x0C68)
    Failed to receive HTTPS response. (Error at WinHttpReceiveResponse: 12030) ccmsetup 4/11/2015 6:26:48 PM 3176 (0x0C68)
    WinHttpRequestReponse failed with a non-recoverable failure, 12030 ccmsetup 4/11/2015 6:26:48 PM 3176 (0x0C68)
    Failed to check url https://f8893vfp02.server.com/NOCERT_SMS_DP_SMSPKG$/HCR00003. Error 0x80072efe ccmsetup 4/11/2015 6:26:48 PM 3176 (0x0C68)
    PROPFIND 'https://f8893vfp02.server.com/SMS_DP_SMSPKG$/HCR00003' ccmsetup 4/11/2015 6:26:48 PM 3176 (0x0C68)
    Failed to receive HTTPS response. (Error at WinHttpReceiveResponse: 12030) ccmsetup 4/11/2015 6:26:49 PM 3176 (0x0C68)
    WinHttpRequestReponse failed with a non-recoverable failure, 12030 ccmsetup 4/11/2015 6:26:49 PM 3176 (0x0C68)
    Failed to check url https://f8893vfp02.server.com/SMS_DP_SMSPKG$/HCR00003. Error 0x80072efe ccmsetup 4/11/2015 6:26:49 PM 3176 (0x0C68)
    Enumerated all 2 local DP locations but none of them is good. Fallback to MP. ccmsetup 4/11/2015 6:26:49 PM 3176 (0x0C68)
    GET 'https://primary.server.com/CCM_Client/ccmsetup.cab' ccmsetup 4/11/2015 6:26:49 PM 3176 (0x0C68)

    From there it continues installing without issue other than it pulls over the WAN.

    IIS logs show this:

    #Software: Microsoft Internet Information Services 8.5
    #Version: 1.0
    #Date: 2015-04-11 22:26:48
    #Fields: s-ip cs-method cs-uri-stem cs-uri-query s-port cs-username c-ip cs(User-Agent) cs(Referer) sc-status sc-substatus sc-win32-status sc-bytes time-taken
    10.10.5.16 PROPFIND /NOCERT_SMS_DP_SMSPKG$/HCR00003 - 443 - 10.10.5.77 ccmsetup - 401 2 5 1562 93

    I tried adding domain computer read to the virtual directory just on a lark and that just threw a new error "Got 401 challenge". I don't understand why the primary DP responds and sends the content but the local DP that it finds doesn't. It has the proper cert binding just as I have done on every server. I don't know what else i can try hence my post here. Any help would be much appreciated.

    Thanks,

    -KR

    Saturday, April 11, 2015 11:05 PM

Answers

  • I did validate that. I usually deploy IIS to the DPs with a set of procedures I've pulled down from technet. Then when I setup the site server and add the DP role I check the box install and configure IIS in the SCCM Site server wizard.

    I setup the DP a few days ago(the 4pm on the 9th) and oddly enough the CCM Client package didn't replicate first(it didn't replicate until the 11th at 7pm), and since i've got BITS throttling configured it can take upwards of 3 days to replicate all the packages to a new DP. Whats worse is for some reason SCCM has a difficult time reconciling the time it takes to replicate and alot of packages end up in an error state(see the below snippet). I then have to manually redistribute the packages which they usually will replicate on the manual second attempt after provisioning. I have all the field DPs as Pull DPs to keep the primary as efficient as possible.

    I just looked at the CCM setup log and it enumerated the DP as last time except this time it installed the client without going over the WAN. Even though the DP was stood up a few days ago the CCM client package didn't replicate until yesterday from the looks of the snippet(package ending in 03) I included below. So it turns out the IIS settings were all correct, the package just wasn't available yet.

    Seems odd that it would throw an error authentication related, I would have expected it to throw a 401 instead. Perhaps, and i'm speculating, that the package had started replication when i tried the install but since the entire package hadn't replicated it failed.

    Thanks for the reply, I'll close out the thread.

    




    • Marked as answer by KeepReading Sunday, April 12, 2015 4:50 PM
    • Edited by KeepReading Sunday, April 12, 2015 4:52 PM
    Sunday, April 12, 2015 4:43 PM

All replies

  • HTTP 401.2 = "Unauthorized: Logon Failed Due to Server Configuration with No Authentication "

    Have you verified that anonymous authentication is installed and enabled properly pre the pre-reqs in IIS on the remote DP(s)?


    Jason | http://blog.configmgrftw.com | @jasonsandys

    Sunday, April 12, 2015 1:33 PM
  • I did validate that. I usually deploy IIS to the DPs with a set of procedures I've pulled down from technet. Then when I setup the site server and add the DP role I check the box install and configure IIS in the SCCM Site server wizard.

    I setup the DP a few days ago(the 4pm on the 9th) and oddly enough the CCM Client package didn't replicate first(it didn't replicate until the 11th at 7pm), and since i've got BITS throttling configured it can take upwards of 3 days to replicate all the packages to a new DP. Whats worse is for some reason SCCM has a difficult time reconciling the time it takes to replicate and alot of packages end up in an error state(see the below snippet). I then have to manually redistribute the packages which they usually will replicate on the manual second attempt after provisioning. I have all the field DPs as Pull DPs to keep the primary as efficient as possible.

    I just looked at the CCM setup log and it enumerated the DP as last time except this time it installed the client without going over the WAN. Even though the DP was stood up a few days ago the CCM client package didn't replicate until yesterday from the looks of the snippet(package ending in 03) I included below. So it turns out the IIS settings were all correct, the package just wasn't available yet.

    Seems odd that it would throw an error authentication related, I would have expected it to throw a 401 instead. Perhaps, and i'm speculating, that the package had started replication when i tried the install but since the entire package hadn't replicated it failed.

    Thanks for the reply, I'll close out the thread.

    




    • Marked as answer by KeepReading Sunday, April 12, 2015 4:50 PM
    • Edited by KeepReading Sunday, April 12, 2015 4:52 PM
    Sunday, April 12, 2015 4:43 PM