none
Cloud management Gateway Client connectivity issue Response Header: HTTP/1.1 401 Unauthorized in cmgservice logs

    Question

  • We are in a phase of implementing CMG. We configured CMG using management certificate from SCCM primary server.

    We configured CMG connection point in another site system server and it is connected via proxy where port 443 is allowed.

    Now we can see in the cmgservice logs and httphandler log that there is a request which is coming with bodysize :200MB(like) but response is not getting.

    In response we are getting the error Response Header: HTTP/1.1 401 Unauthorized

    We need to know the way how I can troubleshoot the issue?

    Your comments are highly appreciated.

    Wednesday, May 23, 2018 5:41 AM

Answers

  • The issue has been resolved

    1. Root certificate and intermediate certificate needs to be checked whether it is uploaded while configuring CMG from SCCM

    2. port 10140 and 10124 along with fallback port 443 needs to be opened from gateway connection point server to cloud VM

    3. In Azure we need to check whether Proxy settings has been updated successfully or not.

    • Marked as answer by soumitradutta Tuesday, July 17, 2018 12:09 PM
    Tuesday, July 17, 2018 12:08 PM

All replies

  • CMGService.log

    Request - MessageID:
    xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxx RequestURI:
    https://xxxxxx.cloudapp.net/CCM_Proxy_MutualAuth/xxxxxx/ccm_system/request
    RequestHeader: CCM_POST
    https://xxxxxx.cloudapp.net:443/CCM_Proxy_MutualAuth/xxxxxx/ccm_system/request
    HTTP/1.1~~Cache-Control: no-cache~~Connection: Keep-Alive~~Pragma:
    no-cache~~Content-Length: 4152~~Content-Type: multipart/mixed;
    boundary="aAbBcCdDv1234567890VxXyYzZ"~~Accept: text/*,
    application/octet-stream, application/json, application/x-www-form-urlencoded~~Host:
    xxxxxx.cloudapp.net~~User-Agent: ccmhttp~~~~ RequestBodySize: 4152
    AuthorizationToken length: 0<o:p></o:p>

    <o:p> </o:p>

    <o:p>-------------- </o:p>

    Response - MessageID:
    xxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx ResponseHeader: HTTP/1.1 401
    Unauthorized~~ ResponseBodySize: 0<o:p></o:p>

    <o:p> </o:p>

    <o:p>Httphandler.log </o:p>

    MessageID: xxxxxxxx-xxxx-xxxx-xxxxxxxx RequestURI:
    https://xxxxxx.cloudapp.net/CCM_Proxy_MutualAuth/xxxxxx/SMS_MP/.sms_aut?SITESIGNCERT
    RequestHeader: GET
    https://xxxxxx.cloudapp.net:443/CCM_Proxy_MutualAuth/7xxxxxx/SMS_MP/.sms_aut?SITESIGNCERT
    HTTP/1.1~~Connection: Keep-Alive~~Host: xxxxxx.cloudapp.net~~User-Agent: SMS
    CCM 5.0~~~~ RequestBodySize: 0 ResponseHeader: HTTP/1.1 401 Unauthorized~~
    ResponseBodySize: 0 ElapsedTime: 3 ms<o:p></o:p>


    Wednesday, May 23, 2018 6:12 AM
  • Which version of SCCM Current Branch? (for 1802 the MP must be HTTPS)

    When you say management certificate, did you create the CMG in the Azure Classic portal? Or is this created in the Azure Resource Manager?

    Did you follow the requirements for certificates? (CMG service cert and client trusted root cert) https://docs.microsoft.com/en-us/sccm/core/clients/manage/cmg/certificates-for-cloud-management-gateway 

    Can you also please post the SMS_Cloud_ProxyConnector.log?

    Wednesday, May 23, 2018 6:25 AM
  • We are using 1706 with hotfix

    And I followed the process - https://docs.microsoft.com/en-us/sccm/core/clients/manage/cmg/certificates-for-cloud-management-gateway 

    1.Proxy connector is connected

    2. SUP - client webservice/simpleauth webservice is working and client communication is happening and we are getting 200 ok result for client webservice, simpleauth webservice

    But for MP- we are getting 401 unauthorized

    --------------

    SMS_Cloud_ProxyConnector.log

    There are 10 Http connections eastablished with proxy server XXXXXXXX.CLOUDAPP.NET:443 SMS_CLOUD_PROXYCONNECTOR 5/23/2018 5:41:49 AM 7056 (0x1B90)
    Wait 60 seconds to rescan the connections... SMS_CLOUD_PROXYCONNECTOR 5/23/2018 5:41:49 AM 7056 (0x1B90)
    Maintaining connections... SMS_CLOUD_PROXYCONNECTOR 5/23/2018 5:42:49 AM 7056 (0x1B90)
    There are 10 Http connections eastablished with proxy server XXXXXXXX.CLOUDAPP.NET:443 SMS_CLOUD_PROXYCONNECTOR 5/23/2018 5:42:49 AM 7056 (0x1B90)
    Wait 60 seconds to rescan the connections... SMS_CLOUD_PROXYCONNECTOR 5/23/2018 5:42:49 AM 7056 (0x1B90)
    Maintaining connections... SMS_CLOUD_PROXYCONNECTOR 5/23/2018 5:43:49 AM 7056 (0x1B90)
    There are 10 Http connections eastablished with proxy server XXXXXXXX.CLOUDAPP.NET:443 SMS_CLOUD_PROXYCONNECTOR 5/23/2018 5:43:49 AM 7056 (0x1B90)
    Wait 60 seconds to rescan the connections... SMS_CLOUD_PROXYCONNECTOR 5/23/2018 5:43:49 AM 7056 (0x1B90)
    Maintaining connections... SMS_CLOUD_PROXYCONNECTOR 5/23/2018 5:44:49 AM 7056 (0x1B90)
    There are 10 Http connections eastablished with proxy server XXXXXXXX.CLOUDAPP.NET:443 SMS_CLOUD_PROXYCONNECTOR 5/23/2018 5:44:49 AM 7056 (0x1B90)
    Wait 60 seconds to rescan the connections... SMS_CLOUD_PROXYCONNECTOR 5/23/2018 5:44:49 AM 7056 (0x1B90)
    Maintaining connections... SMS_CLOUD_PROXYCONNECTOR 5/23/2018 5:45:49 AM 7056 (0x1B90)
    There are 10 Http connections eastablished with proxy server XXXXXXXX.CLOUDAPP.NET:443 SMS_CLOUD_PROXYCONNECTOR 5/23/2018 5:45:49 AM 7056 (0x1B90)
    Wait 60 seconds to rescan the connections... SMS_CLOUD_PROXYCONNECTOR 5/23/2018 5:45:49 AM 7056 (0x1B90)
    Reporting traffic data... SMS_CLOUD_PROXYCONNECTOR 5/23/2018 5:46:20 AM 11584 (0x2D40)
    ReportTrafficData - Reporting any traffic data. SMS_CLOUD_PROXYCONNECTOR 5/23/2018 5:46:20 AM 11584 (0x2D40)
    Maintaining connections... SMS_CLOUD_PROXYCONNECTOR 5/23/2018 5:46:49 AM 7056 (0x1B90)
    There are 10 Http connections eastablished with proxy server XXXXXXXX.CLOUDAPP.NET:443 SMS_CLOUD_PROXYCONNECTOR 5/23/2018 5:46:49 AM 7056 (0x1B90)
    Wait 60 seconds to rescan the connections... SMS_CLOUD_PROXYCONNECTOR 5/23/2018 5:46:49 AM 7056 (0x1B90)
    Maintaining connections... SMS_CLOUD_PROXYCONNECTOR 5/23/2018 5:47:49 AM 7056 (0x1B90)
    There are 10 Http connections eastablished with proxy server XXXXXXXX.CLOUDAPP.NET:443 SMS_CLOUD_PROXYCONNECTOR 5/23/2018 5:47:49 AM 7056 (0x1B90)
    Wait 60 seconds to rescan the connections... SMS_CLOUD_PROXYCONNECTOR 5/23/2018 5:47:49 AM 7056 (0x1B90)
    Loading configuration... SMS_CLOUD_PROXYCONNECTOR 5/23/2018 5:48:38 AM 16924 (0x421C)
    Internet Proxy Password changed to 3082018706092A864886F70D010703A082017830820174020102318201303082012C0201028014AB3A843D3CCE2F291962F89D208ACC28F268AD17300D06092A864886F70D01010105000482010009912F9EDAD1646DAD8A19808303143EEA0A11185EC1A5081CFD47FCAC6C5FE2CA19D3CD61E44F8DBD15FCC6E0C02D1ADB23306CEECA8F3D6DEB5AAA09D00E6FE1751938FD586F5CA6ADD7D84373C5D56C828ABC95891674D97E3389ADFCFA5E76B9055FB2D0E62C7F6066BD6C491EFFFB9FF54D98A7CB8553345F280BFD21F591CB6F783A9006442FC66AE20C2C47EC4A0897B966D2521E438CC910D76C75BC3753DDECD81BB37F690DA99006F4A3AB5F7BC0FE49E06517CC2D2D0EE76CFC3B399E987E584F0DAA189921D5D42E1CBCAEC70A3021D9CBF2EDD7157D3EFD9104A060D165A8893DB6D435F7F6A1B4A53907E08AE10ED4BDAE0B059E69B30CF453303B06092A864886F70D010701301406082A864886F70D030704083D422160DB7D22DB80187E390515865888F6D730BA929D232E2531F1374D22D1FB2E SMS_CLOUD_PROXYCONNECTOR 5/23/2018 5:48:38 AM 16924 (0x421C)
    Maintaining connections... SMS_CLOUD_PROXYCONNECTOR 5/23/2018 5:48:49 AM 7056 (0x1B90)
    There are 10 Http connections eastablished with proxy server XXXXXXXX.CLOUDAPP.NET:443 SMS_CLOUD_PROXYCONNECTOR 5/23/2018 5:48:49 AM 7056 (0x1B90)
    Wait 60 seconds to rescan the connections... SMS_CLOUD_PROXYCONNECTOR 5/23/2018 5:48:49 AM 7056 (0x1B90)
    Maintaining connections... SMS_CLOUD_PROXYCONNECTOR 5/23/2018 5:49:49 AM 7056 (0x1B90)
    There are 10 Http connections eastablished with proxy server XXXXXXXX.CLOUDAPP.NET:443 SMS_CLOUD_PROXYCONNECTOR 5/23/2018 5:49:49 AM 7056 (0x1B90)
    Wait 60 seconds to rescan the connections... SMS_CLOUD_PROXYCONNECTOR 5/23/2018 5:49:49 AM 7056 (0x1B90)
    Maintaining connections... SMS_CLOUD_PROXYCONNECTOR 5/23/2018 5:50:49 AM 7056 (0x1B90)
    There are 10 Http connections eastablished with proxy server XXXXXXXX.CLOUDAPP.NET:443 SMS_CLOUD_PROXYCONNECTOR 5/23/2018 5:50:49 AM 7056 (0x1B90)
    Wait 60 seconds to rescan the connections... SMS_CLOUD_PROXYCONNECTOR 5/23/2018 5:50:49 AM 7056 (0x1B90)
    Reporting traffic data... SMS_CLOUD_PROXYCONNECTOR 5/23/2018 5:51:20 AM 3160 (0x0C58)
    ReportTrafficData - Reporting any traffic data. SMS_CLOUD_PROXYCONNECTOR 5/23/2018 5:51:20 AM 3160 (0x0C58)
    Maintaining connections... SMS_CLOUD_PROXYCONNECTOR 5/23/2018 5:51:49 AM 7056 (0x1B90)
    There are 10 Http connections eastablished with proxy server XXXXXXXX.CLOUDAPP.NET:443 SMS_CLOUD_PROXYCONNECTOR 5/23/2018 5:51:49 AM 7056 (0x1B90)
    Wait 60 seconds to rescan the connections... SMS_CLOUD_PROXYCONNECTOR 5/23/2018 5:51:49 AM 7056 (0x1B90)
    Maintaining connections... SMS_CLOUD_PROXYCONNECTOR 5/23/2018 5:52:49 AM 7056 (0x1B90)
    There are 10 Http connections eastablished with proxy server XXXXXXXX.CLOUDAPP.NET:443 SMS_CLOUD_PROXYCONNECTOR 5/23/2018 5:52:49 AM 7056 (0x1B90)
    Wait 60 seconds to rescan the connections... SMS_CLOUD_PROXYCONNECTOR 5/23/2018 5:52:49 AM 7056 (0x1B90)
    Maintaining connections... SMS_CLOUD_PROXYCONNECTOR 5/23/2018 5:53:49 AM 7056 (0x1B90)
    There are 10 Http connections eastablished with proxy server XXXXXXXX.CLOUDAPP.NET:443 SMS_CLOUD_PROXYCONNECTOR 5/23/2018 5:53:49 AM 7056 (0x1B90)
    Wait 60 seconds to rescan the connections... SMS_CLOUD_PROXYCONNECTOR 5/23/2018 5:53:49 AM 7056 (0x1B90)
    Maintaining connections... SMS_CLOUD_PROXYCONNECTOR 5/23/2018 5:54:49 AM 7056 (0x1B90)
    There are 10 Http connections eastablished with proxy server XXXXXXXX.CLOUDAPP.NET:443 SMS_CLOUD_PROXYCONNECTOR 5/23/2018 5:54:49 AM 7056 (0x1B90)
    Wait 60 seconds to rescan the connections... SMS_CLOUD_PROXYCONNECTOR 5/23/2018 5:54:49 AM 7056 (0x1B90)
    Maintaining connections... SMS_CLOUD_PROXYCONNECTOR 5/23/2018 5:55:49 AM 7056 (0x1B90)
    There are 10 Http connections eastablished with proxy server XXXXXXXX.CLOUDAPP.NET:443 SMS_CLOUD_PROXYCONNECTOR 5/23/2018 5:55:49 AM 7056 (0x1B90)
    Wait 60 seconds to rescan the connections... SMS_CLOUD_PROXYCONNECTOR 5/23/2018 5:55:49 AM 7056 (0x1B90)
    Reporting traffic data... SMS_CLOUD_PROXYCONNECTOR 5/23/2018 5:56:20 AM 9084 (0x237C)
    ReportTrafficData - Reporting any traffic data. SMS_CLOUD_PROXYCONNECTOR 5/23/2018 5:56:20 AM 9084 (0x237C)
    Maintaining connections... SMS_CLOUD_PROXYCONNECTOR 5/23/2018 5:56:49 AM 7056 (0x1B90)
    There are 10 Http connections eastablished with proxy server XXXXXXXX.CLOUDAPP.NET:443 SMS_CLOUD_PROXYCONNECTOR 5/23/2018 5:56:49 AM 7056 (0x1B90)
    Wait 60 seconds to rescan the connections... SMS_CLOUD_PROXYCONNECTOR 5/23/2018 5:56:49 AM 7056 (0x1B90)
    Maintaining connections... SMS_CLOUD_PROXYCONNECTOR 5/23/2018 5:57:49 AM 7056 (0x1B90)
    There are 10 Http connections eastablished with proxy server XXXXXXXX.CLOUDAPP.NET:443 SMS_CLOUD_PROXYCONNECTOR 5/23/2018 5:57:49 AM 7056 (0x1B90)
    Wait 60 seconds to rescan the connections... SMS_CLOUD_PROXYCONNECTOR 5/23/2018 5:57:49 AM 7056 (0x1B90)
    Maintaining connections... SMS_CLOUD_PROXYCONNECTOR 5/23/2018 5:58:49 AM 7056 (0x1B90)
    There are 10 Http connections eastablished with proxy server XXXXXXXX.CLOUDAPP.NET:443 SMS_CLOUD_PROXYCONNECTOR 5/23/2018 5:58:49 AM 7056 (0x1B90)
    Wait 60 seconds to rescan the connections... SMS_CLOUD_PROXYCONNECTOR 5/23/2018 5:58:49 AM 7056 (0x1B90)
    Maintaining connections... SMS_CLOUD_PROXYCONNECTOR 5/23/2018 5:59:49 AM 7056 (0x1B90)
    There are 10 Http connections eastablished with proxy server XXXXXXXX.CLOUDAPP.NET:443 SMS_CLOUD_PROXYCONNECTOR 5/23/2018 5:59:49 AM 7056 (0x1B90)
    Wait 60 seconds to rescan the connections... SMS_CLOUD_PROXYCONNECTOR 5/23/2018 5:59:49 AM 7056 (0x1B90)
    Maintaining connections... SMS_CLOUD_PROXYCONNECTOR 5/23/2018 6:00:49 AM 7056 (0x1B90)
    There are 10 Http connections eastablished with proxy server XXXXXXXX.CLOUDAPP.NET:443 SMS_CLOUD_PROXYCONNECTOR 5/23/2018 6:00:49 AM 7056 (0x1B90)
    Wait 60 seconds to rescan the connections... SMS_CLOUD_PROXYCONNECTOR 5/23/2018 6:00:49 AM 7056 (0x1B90)
    Reporting traffic data... SMS_CLOUD_PROXYCONNECTOR 5/23/2018 6:01:20 AM 7468 (0x1D2C)
    ReportTrafficData - Reporting any traffic data. SMS_CLOUD_PROXYCONNECTOR 5/23/2018 6:01:20 AM 7468 (0x1D2C)
    Maintaining connections... SMS_CLOUD_PROXYCONNECTOR 5/23/2018 6:01:49 AM 7056 (0x1B90)
    There are 10 Http connections eastablished with proxy server XXXXXXXX.CLOUDAPP.NET:443 SMS_CLOUD_PROXYCONNECTOR 5/23/2018 6:01:49 AM 7056 (0x1B90)
    Wait 60 seconds to rescan the connections... SMS_CLOUD_PROXYCONNECTOR 5/23/2018 6:01:49 AM 7056 (0x1B90)
    Maintaining connections... SMS_CLOUD_PROXYCONNECTOR 5/23/2018 6:02:49 AM 7056 (0x1B90)
    There are 10 Http connections eastablished with proxy server XXXXXXXX.CLOUDAPP.NET:443 SMS_CLOUD_PROXYCONNECTOR 5/23/2018 6:02:49 AM 7056 (0x1B90)
    Wait 60 seconds to rescan the connections... SMS_CLOUD_PROXYCONNECTOR 5/23/2018 6:02:49 AM 7056 (0x1B90)
    Maintaining connections... SMS_CLOUD_PROXYCONNECTOR 5/23/2018 6:03:49 AM 7056 (0x1B90)
    There are 10 Http connections eastablished with proxy server XXXXXXXX.CLOUDAPP.NET:443 SMS_CLOUD_PROXYCONNECTOR 5/23/2018 6:03:49 AM 7056 (0x1B90)
    Wait 60 seconds to rescan the connections... SMS_CLOUD_PROXYCONNECTOR 5/23/2018 6:03:49 AM 7056 (0x1B90)
    Maintaining connections... SMS_CLOUD_PROXYCONNECTOR 5/23/2018 6:04:49 AM 7056 (0x1B90)
    There are 10 Http connections eastablished with proxy server XXXXXXXX.CLOUDAPP.NET:443 SMS_CLOUD_PROXYCONNECTOR 5/23/2018 6:04:49 AM 7056 (0x1B90)
    Wait 60 seconds to rescan the connections... SMS_CLOUD_PROXYCONNECTOR 5/23/2018 6:04:49 AM 7056 (0x1B90)
    Maintaining connections... SMS_CLOUD_PROXYCONNECTOR 5/23/2018 6:05:49 AM 7056 (0x1B90)
    There are 10 Http connections eastablished with proxy server XXXXXXXX.CLOUDAPP.NET:443 SMS_CLOUD_PROXYCONNECTOR 5/23/2018 6:05:49 AM 7056 (0x1B90)
    Wait 60 seconds to rescan the connections... SMS_CLOUD_PROXYCONNECTOR 5/23/2018 6:05:49 AM 7056 (0x1B90)
    Reporting traffic data... SMS_CLOUD_PROXYCONNECTOR 5/23/2018 6:06:20 AM 9312 (0x2460)
    ReportTrafficData - Reporting any traffic data. SMS_CLOUD_PROXYCONNECTOR 5/23/2018 6:06:20 AM 9312 (0x2460)
    Maintaining connections... SMS_CLOUD_PROXYCONNECTOR 5/23/2018 6:06:49 AM 7056 (0x1B90)
    There are 10 Http connections eastablished with proxy server XXXXXXXX.CLOUDAPP.NET:443 SMS_CLOUD_PROXYCONNECTOR 5/23/2018 6:06:49 AM 7056 (0x1B90)
    Wait 60 seconds to rescan the connections... SMS_CLOUD_PROXYCONNECTOR 5/23/2018 6:06:49 AM 7056 (0x1B90)
    Maintaining connections... SMS_CLOUD_PROXYCONNECTOR 5/23/2018 6:07:49 AM 7056 (0x1B90)
    There are 10 Http connections eastablished with proxy server XXXXXXXX.CLOUDAPP.NET:443 SMS_CLOUD_PROXYCONNECTOR 5/23/2018 6:07:49 AM 7056 (0x1B90)
    Wait 60 seconds to rescan the connections... SMS_CLOUD_PROXYCONNECTOR 5/23/2018 6:07:49 AM 7056 (0x1B90)
    Maintaining connections... SMS_CLOUD_PROXYCONNECTOR 5/23/2018 6:08:49 AM 7056 (0x1B90)
    There are 10 Http connections eastablished with proxy server XXXXXXXX.CLOUDAPP.NET:443 SMS_CLOUD_PROXYCONNECTOR 5/23/2018 6:08:49 AM 7056 (0x1B90)
    Wait 60 seconds to rescan the connections... SMS_CLOUD_PROXYCONNECTOR 5/23/2018 6:08:49 AM 7056 (0x1B90)
    Maintaining connections... SMS_CLOUD_PROXYCONNECTOR 5/23/2018 6:09:49 AM 7056 (0x1B90)
    There are 10 Http connections eastablished with proxy server XXXXXXXX.CLOUDAPP.NET:443 SMS_CLOUD_PROXYCONNECTOR 5/23/2018 6:09:49 AM 7056 (0x1B90)
    Wait 60 seconds to rescan the connections... SMS_CLOUD_PROXYCONNECTOR 5/23/2018 6:09:49 AM 7056 (0x1B90)
    Maintaining connections... SMS_CLOUD_PROXYCONNECTOR 5/23/2018 6:10:49 AM 7056 (0x1B90)
    There are 10 Http connections eastablished with proxy server XXXXXXXX.CLOUDAPP.NET:443 SMS_CLOUD_PROXYCONNECTOR 5/23/2018 6:10:49 AM 7056 (0x1B90)
    Wait 60 seconds to rescan the connections... SMS_CLOUD_PROXYCONNECTOR 5/23/2018 6:10:49 AM 7056 (0x1B90)
    Reporting traffic data... SMS_CLOUD_PROXYCONNECTOR 5/23/2018 6:11:20 AM 11700 (0x2DB4)
    ReportTrafficData - Reporting any traffic data. SMS_CLOUD_PROXYCONNECTOR 5/23/2018 6:11:20 AM 11700 (0x2DB4)
    Maintaining connections... SMS_CLOUD_PROXYCONNECTOR 5/23/2018 6:11:49 AM 7056 (0x1B90)
    There are 10 Http connections eastablished with proxy server XXXXXXXX.CLOUDAPP.NET:443 SMS_CLOUD_PROXYCONNECTOR 5/23/2018 6:11:49 AM 7056 (0x1B90)
    Wait 60 seconds to rescan the connections... SMS_CLOUD_PROXYCONNECTOR 5/23/2018 6:11:49 AM 7056 (0x1B90)
    Maintaining connections... SMS_CLOUD_PROXYCONNECTOR 5/23/2018 6:12:49 AM 7056 (0x1B90)
    There are 10 Http connections eastablished with proxy server XXXXXXXX.CLOUDAPP.NET:443 SMS_CLOUD_PROXYCONNECTOR 5/23/2018 6:12:49 AM 7056 (0x1B90)
    Wait 60 seconds to rescan the connections... SMS_CLOUD_PROXYCONNECTOR 5/23/2018 6:12:49 AM 7056 (0x1B90)
    Maintaining connections... SMS_CLOUD_PROXYCONNECTOR 5/23/2018 6:13:49 AM 7056 (0x1B90)
    There are 10 Http connections eastablished with proxy server XXXXXXXX.CLOUDAPP.NET:443 SMS_CLOUD_PROXYCONNECTOR 5/23/2018 6:13:49 AM 7056 (0x1B90)
    Wait 60 seconds to rescan the connections... SMS_CLOUD_PROXYCONNECTOR 5/23/2018 6:13:49 AM 7056 (0x1B90)
    Maintaining connections... SMS_CLOUD_PROXYCONNECTOR 5/23/2018 6:14:49 AM 7056 (0x1B90)
    There are 10 Http connections eastablished with proxy server XXXXXXXX.CLOUDAPP.NET:443 SMS_CLOUD_PROXYCONNECTOR 5/23/2018 6:14:49 AM 7056 (0x1B90)
    Wait 60 seconds to rescan the connections... SMS_CLOUD_PROXYCONNECTOR 5/23/2018 6:14:49 AM 7056 (0x1B90)
    Maintaining connections... SMS_CLOUD_PROXYCONNECTOR 5/23/2018 6:15:49 AM 7056 (0x1B90)
    There are 10 Http connections eastablished with proxy server XXXXXXXX.CLOUDAPP.NET:443 SMS_CLOUD_PROXYCONNECTOR 5/23/2018 6:15:49 AM 7056 (0x1B90)
    Wait 60 seconds to rescan the connections... SMS_CLOUD_PROXYCONNECTOR 5/23/2018 6:15:49 AM 7056 (0x1B90)
    Reporting traffic data... SMS_CLOUD_PROXYCONNECTOR 5/23/2018 6:16:20 AM 12320 (0x3020)
    ReportTrafficData - Reporting any traffic data. SMS_CLOUD_PROXYCONNECTOR 5/23/2018 6:16:20 AM 12320 (0x3020)
    Maintaining connections... SMS_CLOUD_PROXYCONNECTOR 5/23/2018 6:16:49 AM 7056 (0x1B90)
    There are 10 Http connections eastablished with proxy server XXXXXXXX.CLOUDAPP.NET:443 SMS_CLOUD_PROXYCONNECTOR 5/23/2018 6:16:49 AM 7056 (0x1B90)
    Wait 60 seconds to rescan the connections... SMS_CLOUD_PROXYCONNECTOR 5/23/2018 6:16:49 AM 7056 (0x1B90)
    Maintaining connections... SMS_CLOUD_PROXYCONNECTOR 5/23/2018 6:17:49 AM 7056 (0x1B90)
    There are 10 Http connections eastablished with proxy server XXXXXXXX.CLOUDAPP.NET:443 SMS_CLOUD_PROXYCONNECTOR 5/23/2018 6:17:49 AM 7056 (0x1B90)
    Wait 60 seconds to rescan the connections... SMS_CLOUD_PROXYCONNECTOR 5/23/2018 6:17:49 AM 7056 (0x1B90)
    Maintaining connections... SMS_CLOUD_PROXYCONNECTOR 5/23/2018 6:18:49 AM 7056 (0x1B90)
    There are 10 Http connections eastablished with proxy server XXXXXXXX.CLOUDAPP.NET:443 SMS_CLOUD_PROXYCONNECTOR 5/23/2018 6:18:49 AM 7056 (0x1B90)
    Wait 60 seconds to rescan the connections... SMS_CLOUD_PROXYCONNECTOR 5/23/2018 6:18:49 AM 7056 (0x1B90)
    Loading configuration... SMS_CLOUD_PROXYCONNECTOR 5/23/2018 6:18:50 AM 16924 (0x421C)

    Wednesday, May 23, 2018 9:33 AM
  • I am suspecting there is some issue with IIS for management point (like SMS_MP,SMS_MPAltAuth)

    Can you tell me the desired IIS configuration for HTTPs communication?

    Wednesday, May 23, 2018 9:37 AM
  • Have you allowed configuration manager cloud management gateway traffic on the MP?

    Does your client trying to connect have a PKI cert? Is your MP HTTP or HTTPS? If HTTPS did you add the cert to the HTTPS bindings in IIS for the MP?

    You can follow a blog post like this to make sure your certs are correct - https://blogs.technet.microsoft.com/arnabm/2016/12/19/step-by-step-cloud-management-gateway/

    Wednesday, May 23, 2018 11:17 PM
  • Hi soumitradutta,

    I agree with Nick, my suggestion is to check the settings related to the certificate.

    Also, you could refer to the following article:

    https://docs.microsoft.com/en-us/sccm/core/plan-design/network/pki-certificate-requirements

    Best regards,
    XueZhi Zhou


    Please remember to mark the replies as answers if they help. If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Thursday, May 24, 2018 3:17 AM
  • Hello Nick,

    Thanks for your reply.

    Our MP is https and we have the PKI certificate and client is communicating through PKI certificate only when they in intranet.

    Also I added the certificate in IIS configuration in the MP.

    When client is going to outside the network then we are getting this Response Header: HTTP/1.1 401 Unauthorized

    Thursday, May 24, 2018 4:49 AM
  • Hello Xuezhi,

    Thanks for your reply.

    Our MP is https and we have the PKI certificate and client is communicating through PKI certificate only when they in intranet.

    Also I added the certificate in IIS configuration in the MP.

    When client is going to internet then we are getting this Response Header: HTTP/1.1 401 Unauthorized

    Thursday, May 24, 2018 4:50 AM
  • Can the client reach the CRL for the certificates?

    Jason | https://home.configmgrftw.com | @jasonsandys

    Thursday, May 24, 2018 2:19 PM
  • We have not enabled the CRL in site system for client communication
    Monday, May 28, 2018 4:57 AM
  • Now I checked the CMG service log in the morning and it is showing 404 not found instead of 401 unauthorized
    Monday, May 28, 2018 5:18 AM
  • Are you sure the CMG is healthy then?

    Jason | https://home.configmgrftw.com | @jasonsandys

    Tuesday, May 29, 2018 1:26 AM
  • Hello Jason,

    Thanks for your reply.

    CMG is not healthy, as we are not able to connect external client with CMG.

    Only CMG connection point is showing connected.

    Can you please let me know what would be the default settings in IIS for HTTPS management point in virtual directories( like SMS_MP,SMS_MP_altauth etc)...I need to know the SSL settings only.

    Tuesday, May 29, 2018 5:12 AM
  • CMGservices.log

    Request - MessageID: xxxxxx-xxxxxx-xxxxx-xxxxxx RequestURI: https://xxxxxx.cloudapp.net/CCM_Proxy_MutualAuth/xxxxxxxxxxxx/bgb/handler.ashx?RequestType=LogIn RequestHeader: CCM_POST https://xxxxxx.cloudapp.net:443/CCM_Proxy_MutualAuth/xxxxxxxxxxxx/bgb/handler.ashx?RequestType=LogIn HTTP/1.1~~Cache-Control: no-cache~~Connection: Keep-Alive~~Pragma: no-cache~~Content-Length: 50~~Content-Type: text/plain; charset=UTF-16~~Accept: text/*, application/octet-stream, application/json, application/x-www-form-urlencoded~~Host: xxxxxx.cloudapp.net~~User-Agent: ccmhttp~~~~ RequestBodySize: 50 AuthorizationToken length: 0
    -----------------

    ERROR: Got exception when handle reverse proxy message xxxxxxxxxxxx. Exception: System.Net.WebException: There is no proxy connector connected to forward the message~~   at Microsoft.ConfigurationManager.BgbServerChannel.BgbServerReverseProxy.HandleClientMessage(Guid messageId, Uri requestUri, String header, Byte[] body, Byte[] clientCert, String authorizationToken)

    -----------------

    Response - MessageID: xxxxxx-xxxxxx-xxxxx-xxxxxx ResponseHeader: HTTP/1.1 500 Internal Server Error~~ ResponseBodySize: 0

    <o:p></o:p>

    <o:p> </o:p>


    Tuesday, May 29, 2018 1:33 PM
  • Can you please let me know what would be the default settings in IIS for HTTPS management point in virtual directories( like SMS_MP,SMS_MP_altauth etc)...I need to know the SSL settings only.

    The default settings I have on an HTTPS MP in IIS is: (I doubt this is your issue though if you say that the HTTPS MP works fine with clients in the intranet)
    BGB - Require SSL, Accept Client Certificates
    CCM_CLIENT - Require SSL, Accept Client Certificates
    CCM_Incoming - Require SSL, Accept Client Certificates
    CCM_STS - Require SSL, Ignore Client Certificates
    CCM_System - Require SSL, Accept Client Certificates
    CCM_System_AltAuth - Require SSL, Ignore Client Certificates
    CCM_System_TokenAuth - Require SSL, Ignore Client Certificates
    CCM_System_WindowsAuth - Require SSL, Require Client Certificates
    CCMTOKENAUTH_SMS_DP_SMSPKG$ - Require SSL, Ignore Client Certificates
    CCMTOKENAUTH_SMS_DP_SMSSIG$ - Require SSL, Ignore Client Certificates
    CMUserService - Require SSL, Ignore Client Certificates
    SMS_DP_SMSPKG$ - Not Require SSL, Ignore Client Certificates
    SMS_DP_SMSSIG$ - Not Require SSL, Ignore Client Certificates
    SMS_MP - Require SSL, Accept Client Certificates
    SMS_MP_AltAuth - Require SSL, Ignore Client Certificates
    SMS_MP_WindowsAuth - Require SSL, Require Client Certificates

    Can you confirm you have the correct client trusted root certificate used in the CMG? Check the "Export the client certificate's trusted root" section here - https://docs.microsoft.com/en-us/sccm/core/clients/manage/cmg/certificates-for-cloud-management-gateway#client-authentication-certificate

    See this section to confirm that the clients have the correct trusted root https://docs.microsoft.com/en-us/sccm/core/clients/manage/cmg/certificates-for-cloud-management-gateway#cmg-server-authentication-certificate

    Also because you said that your Cloud Management Gateway Connection Point is on another site system, did you see that it says "Install client authentication purpose certificate manually for cloud management gateway connection point to communicate with client facing site roles in HTTPS mode"
    Thursday, May 31, 2018 2:19 AM
  • Hello Nick,

    I have checked the  client trusted root certificate used in CMG and client root CA certificate. Both are same.

    As you said I have not changed the settings as of now in IIS for MP, but here I am getting some error which I received earlier where I am getting 500 internal server error and there is some error regarding "Got exception when handle reverse proxy message "

    CMG services logs

    Request - MessageID: xxxxxxxx-xxxxxxx-xxxxx-xxxxxx-xxxx RequestURI: https://xxxxx.cloudapp.net/CCM_Proxy_MutualAuth/xxxxxxxxxxxxxxxxxxxx/SMS_MP/.sms_dcm?Id&DocumentId=ScopeId_3D6FF2F2-6EC8

    -477E-88F7-5E2EE68BB192/OperatingSystem_cb292018-a12a-4f39-b94e-db68f954772e/7/MANIFEST&Hash=8B8D9A7CEDD93B1595A373E33C78B1F1182332FF4A3A48E0982C0EFA2BFB1469&Compression=zlib RequestHeader: HEAD  https://xxxxx.cloudapp.net:443/CCM_Proxy_MutualAuth/xxxxxxxxxxxxxxxxxxxx/SMS_MP/.sms_dcm?Id&DocumentId=ScopeId_3D6FF2F2-6EC8-477E-88F7-5E2EE68BB192/OperatingSystem_cb292018-a12a-4f39-b94e-db68f954772e/7/MANIFEST&Hash=8B8D9A7CEDD93B1595A373E33C78B1F1182332FF4A3A48E0982C0EFA2BFB1469&Compression=zlib HTTP/1.1~~Connection: Keep-Alive~~Accept: */*~~Accept-Encoding: identity~~Host: xxxxx.cloudapp.net~~User-Agent: Microsoft BITS/7.5~~~~ RequestBodySize: 0 AuthorizationToken length: 0


    ERROR: Got exception when handle reverse proxy message xxxxxxxx-xxxxxxx-xxxxx-xxxxxx-xxxx. Exception: System.Net.WebException: There is no proxy connector connected to forward the message~~   at Microsoft.ConfigurationManager.BgbServerChannel.BgbServerReverseProxy.HandleClientMessage(Guid messageId, Uri requestUri, String header, Byte[] body, Byte[] clientCert, String authorizationToken)

    Response - MessageID: xxxxxxxx-xxxxxxx-xxxxx-xxxxxx-xxxx ResponseHeader: HTTP/1.1 500 Internal Server Error~~ ResponseBodySize: 0

    Sunday, June 3, 2018 6:57 AM
  • The issue has been resolved

    1. Root certificate and intermediate certificate needs to be checked whether it is uploaded while configuring CMG from SCCM

    2. port 10140 and 10124 along with fallback port 443 needs to be opened from gateway connection point server to cloud VM

    3. In Azure we need to check whether Proxy settings has been updated successfully or not.

    • Marked as answer by soumitradutta Tuesday, July 17, 2018 12:09 PM
    Tuesday, July 17, 2018 12:08 PM