Adam Bise Posted June 4, 2014 Report post Posted June 4, 2014 Having trouble isolating what is causing issues with our MP when switching to HTTPS. I followed MS article http://technet.microsoft.com/en-us/library/jj591553.aspx to enable support for mac. I have issued all the required templates on our CA. I have deployed the autoenrollment policy for the client cert via GPO. After this process only mac clients work while HTTPS is enabled on the MP. I have to switch back to HTTP to get everything else working, and then of course the mac clients don't work anymore. While on HTTPS clients are now reporting the MP is not compatible in the location services log. MPcontrol log suggests that there might be a certificate issue involved, but the mac clients works? I'm not sure what the issue is please help! Here is my mpcontrol. Call to HttpSendRequestSync succeeded for port 443 with status code 200, text: OK SMS_MP_CONTROL_MANAGER 6/4/2014 8:36:37 AM 13104 (0x3330)Http test request succeeded. SMS_MP_CONTROL_MANAGER 6/4/2014 8:36:38 AM 13104 (0x3330)STATMSG: ID=5461 SEV=I LEV=M SOURCE="SMS Server" COMP="SMS_MP_CONTROL_MANAGER" SYS=collin.ntcc.edu SITE=P01 PID=2800 TID=13104 GMTDATE=Wed Jun 04 13:36:38.045 2014 ISTR0="" ISTR1="" ISTR2="" ISTR3="" ISTR4="" ISTR5="" ISTR6="" ISTR7="" ISTR8="" ISTR9="" NUMATTRS=0 SMS_MP_CONTROL_MANAGER 6/4/2014 8:36:38 AM 13104 (0x3330)Successfully performed Legacy Device Management Point availability check against local computer for /devicemgmt?selftest. SMS_MP_CONTROL_MANAGER 6/4/2014 8:36:38 AM 13104 (0x3330)SSL is enabled. SMS_MP_CONTROL_MANAGER 6/4/2014 8:36:38 AM 13104 (0x3330)Client authentication is also enabled. SMS_MP_CONTROL_MANAGER 6/4/2014 8:36:38 AM 13104 (0x3330)Machine name is 'collin.ntcc.edu'. SMS_MP_CONTROL_MANAGER 6/4/2014 8:36:38 AM 13104 (0x3330)Begin validation of Certificate [Thumbprint db268c761e75e22b58eb9c01006addaf5cc16770] issued to 'collin.ntcc.edu' SMS_MP_CONTROL_MANAGER 6/4/2014 8:36:38 AM 13104 (0x3330)Completed validation of Certificate [Thumbprint db268c761e75e22b58eb9c01006addaf5cc16770] issued to 'collin.ntcc.edu' SMS_MP_CONTROL_MANAGER 6/4/2014 8:36:38 AM 13104 (0x3330)Skipping this certificate which is not valid for ConfigMgr usage. SMS_MP_CONTROL_MANAGER 6/4/2014 8:36:38 AM 13104 (0x3330)Begin validation of Certificate [Thumbprint c5c6bee0ca4f787532a7c1e739ac6036c2c8f94e] issued to 'collin.ntcc.edu' SMS_MP_CONTROL_MANAGER 6/4/2014 8:36:38 AM 13104 (0x3330)Completed validation of Certificate [Thumbprint c5c6bee0ca4f787532a7c1e739ac6036c2c8f94e] issued to 'collin.ntcc.edu' SMS_MP_CONTROL_MANAGER 6/4/2014 8:36:38 AM 13104 (0x3330)Skipping this certificate which is not valid for ConfigMgr usage. SMS_MP_CONTROL_MANAGER 6/4/2014 8:36:38 AM 13104 (0x3330) XXX There are no certificate(s) that meet the criteria. SMS_MP_CONTROL_MANAGER 6/4/2014 8:36:38 AM 13104 (0x3330) Performing machine FQDN to SAN2 search. SMS_MP_CONTROL_MANAGER 6/4/2014 8:36:38 AM 13104 (0x3330)Begin validation of Certificate [Thumbprint f0503fc07e5b094f89b31c769e87386d2fc1d74a] issued to 'collin.ntcc.edu' SMS_MP_CONTROL_MANAGER 6/4/2014 8:36:38 AM 13104 (0x3330)Certificate has "SSL Client Authentication" capability. SMS_MP_CONTROL_MANAGER 6/4/2014 8:36:38 AM 13104 (0x3330)Completed validation of Certificate [Thumbprint f0503fc07e5b094f89b31c769e87386d2fc1d74a] issued to 'collin.ntcc.edu' SMS_MP_CONTROL_MANAGER 6/4/2014 8:36:38 AM 13104 (0x3330)Certificate doesn't have SAN2 extension. SMS_MP_CONTROL_MANAGER 6/4/2014 8:36:38 AM 13104 (0x3330)Certificate doesn't have SAN2 extension. SMS_MP_CONTROL_MANAGER 6/4/2014 8:36:38 AM 13104 (0x3330)Begin validation of Certificate [Thumbprint c5c6bee0ca4f787532a7c1e739ac6036c2c8f94e] issued to 'collin.ntcc.edu' SMS_MP_CONTROL_MANAGER 6/4/2014 8:36:38 AM 13104 (0x3330)Completed validation of Certificate [Thumbprint c5c6bee0ca4f787532a7c1e739ac6036c2c8f94e] issued to 'collin.ntcc.edu' SMS_MP_CONTROL_MANAGER 6/4/2014 8:36:38 AM 13104 (0x3330)Begin validation of Certificate [Thumbprint a5ee10b10ccf8decf35be32d9487db5970a055bc] issued to 'collin.ntcc.edu' SMS_MP_CONTROL_MANAGER 6/4/2014 8:36:38 AM 13104 (0x3330)Certificate doesn't have "SSL Client Authentication" capabilities. SMS_MP_CONTROL_MANAGER 6/4/2014 8:36:38 AM 13104 (0x3330)Completed validation of Certificate [Thumbprint a5ee10b10ccf8decf35be32d9487db5970a055bc] issued to 'collin.ntcc.edu' SMS_MP_CONTROL_MANAGER 6/4/2014 8:36:38 AM 13104 (0x3330)Certificate doesn't have SAN2 extension. SMS_MP_CONTROL_MANAGER 6/4/2014 8:36:38 AM 13104 (0x3330)Begin validation of Certificate [Thumbprint 22f9281f1c175ff191b3b0481b809e40fa5f399b] issued to 'collin.ntcc.edu' SMS_MP_CONTROL_MANAGER 6/4/2014 8:36:38 AM 13104 (0x3330)Certificate doesn't have "SSL Client Authentication" capabilities. SMS_MP_CONTROL_MANAGER 6/4/2014 8:36:38 AM 13104 (0x3330)Completed validation of Certificate [Thumbprint 22f9281f1c175ff191b3b0481b809e40fa5f399b] issued to 'collin.ntcc.edu' SMS_MP_CONTROL_MANAGER 6/4/2014 8:36:38 AM 13104 (0x3330)Begin validation of Certificate [Thumbprint 1e25a8774d8cfa33373738509f3a945d2f8ce766] issued to 'collin.ntcc.edu' SMS_MP_CONTROL_MANAGER 6/4/2014 8:36:38 AM 13104 (0x3330)Certificate has "SSL Client Authentication" capability. SMS_MP_CONTROL_MANAGER 6/4/2014 8:36:38 AM 13104 (0x3330)Completed validation of Certificate [Thumbprint 1e25a8774d8cfa33373738509f3a945d2f8ce766] issued to 'collin.ntcc.edu' SMS_MP_CONTROL_MANAGER 6/4/2014 8:36:38 AM 13104 (0x3330)>>> Selected Certificate [Thumbprint 1e25a8774d8cfa33373738509f3a945d2f8ce766] issued to 'collin.ntcc.edu' for HTTPS Client Authentication SMS_MP_CONTROL_MANAGER 6/4/2014 8:36:38 AM 13104 (0x3330)Call to HttpSendRequestSync succeeded for port 443 with status code 200, text: OK SMS_MP_CONTROL_MANAGER 6/4/2014 8:36:38 AM 13104 (0x3330)STATMSG: ID=5462 SEV=I LEV=M SOURCE="SMS Server" COMP="SMS_MP_CONTROL_MANAGER" SYS=collin.ntcc.edu SITE=P01 PID=2800 TID=13104 GMTDATE=Wed Jun 04 13:36:38.795 2014 ISTR0="" ISTR1="" ISTR2="" ISTR3="" ISTR4="" ISTR5="" ISTR6="" ISTR7="" ISTR8="" ISTR9="" NUMATTRS=0 SMS_MP_CONTROL_MANAGER 6/4/2014 8:36:38 AM 13104 (0x3330)Successfully performed OMA Device Management Point availability check against local computer for /omadm/handler.ashx. SMS_MP_CONTROL_MANAGER 6/4/2014 8:36:38 AM 13104 (0x3330) -------------------------------------------------------------------------------- Looks like it can't find a compatible cert, is this correct? Here is a client locationservices log -------------------------------------------------------------------------------- The MP name retrieved is 'collin.ntcc.edu' with version '7958' and capabilities '<Capabilities SchemaVersion="1.0"><Property Name="SSL" Version="1"/><Property Name="SSLState" Value="63"/></Capabilities>' LocationServices 6/4/2014 8:26:47 AM 3496 (0x0DA8)MP 'collin.ntcc.edu' is not compatible LocationServices 6/4/2014 8:26:47 AM 3496 (0x0DA8)Refreshed security settings over AD LocationServices 6/4/2014 8:26:47 AM 3496 (0x0DA8)No security settings update detected. LocationServices 6/4/2014 8:26:47 AM 3496 (0x0DA8)Refreshed Site Signing Certificate over AD LocationServices 6/4/2014 8:26:47 AM 3496 (0x0DA8)Attempting to retrieve lookup MP(s) from AD LocationServices 6/4/2014 8:26:47 AM 3496 (0x0DA8)No lookup MP(s) from AD LocationServices 6/4/2014 8:26:47 AM 3496 (0x0DA8)Attempting to retrieve lookup MP(s) from DNS LocationServices 6/4/2014 8:26:47 AM 3496 (0x0DA8)Using default DNS suffix ntcc.edu LocationServices 6/4/2014 8:26:47 AM 3496 (0x0DA8)Attempting to retrieve default management points from DNS LocationServices 6/4/2014 8:26:47 AM 3496 (0x0DA8)Found DNS record of collin.ntcc.edu port 443 LocationServices 6/4/2014 8:26:47 AM 3496 (0x0DA8)Skipping DNS record of collin.ntcc.edu port 443 as it is not compatible with Client LocationServices 6/4/2014 8:26:47 AM 3496 (0x0DA8)Failed to retrieve compatible DNS service record using _mssms_mp_p01._tcp.ntcc.edu lookup LocationServices 6/4/2014 8:26:47 AM 3496 (0x0DA8)No lookup MP(s) from DNS LocationServices 6/4/2014 8:26:47 AM 3496 (0x0DA8)Policy prevents failover to WINS for lookup LocationServices 6/4/2014 8:26:47 AM 3496 (0x0DA8)Unable to retrieve compatible MP(s) from AD LocationServices 6/4/2014 8:26:47 AM 3496 (0x0DA8)Attempting to retrieve default management points from lookup MP(s) via HTTP LocationServices 6/4/2014 8:26:47 AM 3496 (0x0DA8)Current AD site of machine is Default-First-Site-Name LocationServices 6/4/2014 8:26:47 AM 3496 (0x0DA8)Failed to send management point list Location Request Message to collin.ntcc.edu LocationServices 6/4/2014 8:26:47 AM 3496 (0x0DA8)Failed to retrieve Default Management Points from lookup MP(s) LocationServices 6/4/2014 8:26:47 AM 3496 (0x0DA8)Using default DNS suffix ntcc.edu LocationServices 6/4/2014 8:26:47 AM 3496 (0x0DA8)Attempting to retrieve default management points from DNS LocationServices 6/4/2014 8:26:47 AM 3496 (0x0DA8)Found DNS record of collin.ntcc.edu port 443 LocationServices 6/4/2014 8:26:47 AM 3496 (0x0DA8)Skipping DNS record of collin.ntcc.edu port 443 as it is not compatible with Client LocationServices 6/4/2014 8:26:47 AM 3496 (0x0DA8)Failed to retrieve compatible DNS service record using _mssms_mp_p01._tcp.ntcc.edu lookup LocationServices 6/4/2014 8:26:47 AM 3496 (0x0DA8)Failed to retrieve Default Management Points from DNS LocationServices 6/4/2014 8:26:47 AM 3496 (0x0DA8)Attempting to retrieve NLB management point from WINS LocationServices 6/4/2014 8:26:47 AM 3496 (0x0DA8)Failed to resolve 'NLB_P01' from WINS LocationServices 6/4/2014 8:26:56 AM 3496 (0x0DA8)No NLB management point is present, attempting to retrieve default management point from WINS LocationServices 6/4/2014 8:26:56 AM 3496 (0x0DA8)Retrieved Default Management Point collin.ntcc.edu through WINS LocationServices 6/4/2014 8:27:01 AM 3496 (0x0DA8)Persisting the default management points in WMI LocationServices 6/4/2014 8:27:01 AM 3496 (0x0DA8)Current AD site of machine is Default-First-Site-Name LocationServices 6/4/2014 8:27:01 AM 3496 (0x0DA8)Failed to send management point list Location Request Message to collin.ntcc.edu LocationServices 6/4/2014 8:27:01 AM 3496 (0x0DA8)Persisted Default Management Point Locations locally LocationServices 6/4/2014 8:27:01 AM 3496 (0x0DA8)Current AD site of machine is Default-First-Site-Name LocationServices 6/4/2014 8:27:01 AM 3496 (0x0DA8)Failed to send management point list Location Request Message to collin.ntcc.edu LocationServices 6/4/2014 8:27:01 AM 3496 (0x0DA8)Attempting to retrieve local MPs from the assigned MP LocationServices 6/4/2014 8:27:01 AM 3496 (0x0DA8)Current AD site of machine is Default-First-Site-Name LocationServices 6/4/2014 8:27:01 AM 3496 (0x0DA8)Failed to send management point list Location Request Message to collin.ntcc.edu LocationServices 6/4/2014 8:27:01 AM 3496 (0x0DA8)Current AD site of machine is Default-First-Site-Name LocationServices 6/4/2014 8:27:01 AM 3496 (0x0DA8)Retrieved management point encryption info from AD. LocationServices 6/4/2014 8:27:02 AM 144 (0x0090)Current AD site of machine is Default-First-Site-Name LocationServices 6/4/2014 8:27:02 AM 3496 (0x0DA8)[CCMHTTP] ERROR: URL=http://collin.ntcc.edu/SMS_MP/.sms_aut?MPLIST1&P01, Port=80, Options=224, Code=0, Text=CCM_E_BAD_HTTP_STATUS_CODE LocationServices 6/4/2014 8:27:02 AM 144 (0x0090) Raising event:instance of CCM_CcmHttp_Status{ClientID = "GUID:25C70F42-0911-438D-863B-6152530429C8";DateTime = "20140604132702.177000+000";HostName = "collin.ntcc.edu";HRESULT = "0x87d0027e";ProcessID = 3588;StatusCode = 403;ThreadID = 144;};LocationServices 6/4/2014 8:27:02 AM 144 (0x0090)Successfully sent security settings refresh message. LocationServices 6/4/2014 8:27:02 AM 144 (0x0090)Successfully sent location services HTTP failure message. LocationServices 6/4/2014 8:27:02 AM 144 (0x0090)Failed to retrieve MP certificate authentication information over http. LocationServices 6/4/2014 8:27:02 AM 144 (0x0090)Executing Task LSRefreshSecuritySettingsTask LocationServices 6/4/2014 8:27:22 AM 1424 (0x0590)Executing Task LSRefreshSecuritySettingsTask LocationServices 6/4/2014 8:27:22 AM 2832 (0x0B10)Executing Task LSSiteRoleCycleTask LocationServices 6/4/2014 8:27:22 AM 2824 (0x0B08)Executing Task LSSiteRoleCycleTask LocationServices 6/4/2014 8:27:22 AM 1428 (0x0594)Executing Task LSRefreshSecuritySettingsTask LocationServices 6/4/2014 8:27:22 AM 3532 (0x0DCC)Refreshed security settings over AD LocationServices 6/4/2014 8:27:22 AM 1424 (0x0590)A security settings update is already in progress. LocationServices 6/4/2014 8:27:22 AM 2832 (0x0B10)1 assigned MP errors in the last 10 minutes, threshold is 5. LocationServices 6/4/2014 8:27:22 AM 1428 (0x0594)A security settings update is already in progress. LocationServices 6/4/2014 8:27:22 AM 3532 (0x0DCC)2 assigned MP errors in the last 10 minutes, threshold is 5. LocationServices 6/4/2014 8:27:22 AM 2824 (0x0B08)No security settings update detected. LocationServices 6/4/2014 8:27:22 AM 1424 (0x0590)Executing Task LSRefreshSecuritySettingsTask LocationServices 6/4/2014 8:27:22 AM 1868 (0x074C)Executing Task LSSiteRoleCycleTask LocationServices 6/4/2014 8:27:22 AM 256 (0x0100)Executing Task LSSiteRoleCycleTask LocationServices 6/4/2014 8:27:22 AM 3532 (0x0DCC)Executing Task LSRefreshSecuritySettingsTask LocationServices 6/4/2014 8:27:22 AM 2832 (0x0B10)Executing Task LSSiteRoleCycleTask LocationServices 6/4/2014 8:27:22 AM 1808 (0x0710)A security settings update is already in progress. LocationServices 6/4/2014 8:27:22 AM 1424 (0x0590)Executing Task LSRefreshLocationsTask LocationServices 6/4/2014 8:27:22 AM 1424 (0x0590)Executing Task LSRefreshDefaultMPTask LocationServices 6/4/2014 8:27:22 AM 2832 (0x0B10)3 assigned MP errors in the last 10 minutes, threshold is 5. LocationServices 6/4/2014 8:27:22 AM 256 (0x0100)Executing Task LSTimeOutRequestsTask LocationServices 6/4/2014 8:27:22 AM 1852 (0x073C)4 assigned MP errors in the last 10 minutes, threshold is 5. LocationServices 6/4/2014 8:27:22 AM 3532 (0x0DCC)Executing Task LSRefreshSecuritySettingsTask LocationServices 6/4/2014 8:27:22 AM 2824 (0x0B08)A security settings update is already in progress. LocationServices 6/4/2014 8:27:22 AM 3532 (0x0DCC)Executing Task LSSiteRoleCycleTask LocationServices 6/4/2014 8:27:22 AM 3532 (0x0DCC)Assigned MP error threshold reached, moving to next MP. LocationServices 6/4/2014 8:27:22 AM 1808 (0x0710)Already refreshed security settings within the last 60 minutes, not refreshing. LocationServices 6/4/2014 8:27:22 AM 3552 (0x0DE0)No security settings update detected. LocationServices 6/4/2014 8:27:22 AM 3552 (0x0DE0)Ignoring MP error during post-rotation flush period of 20 seconds. LocationServices 6/4/2014 8:27:22 AM 3532 (0x0DCC)0 assigned MP errors in the last 10 minutes, threshold is 5. LocationServices 6/4/2014 8:27:22 AM 3532 (0x0DCC)Refreshed security settings over AD LocationServices 6/4/2014 8:27:22 AM 3552 (0x0DE0)No security settings update detected. LocationServices 6/4/2014 8:27:22 AM 3552 (0x0DE0)Attempting to retrieve lookup MP(s) from AD LocationServices 6/4/2014 8:27:22 AM 2832 (0x0B10)No lookup MP(s) from AD LocationServices 6/4/2014 8:27:22 AM 2832 (0x0B10)Attempting to retrieve lookup MP(s) from DNS LocationServices 6/4/2014 8:27:22 AM 2832 (0x0B10)Using default DNS suffix ntcc.edu LocationServices 6/4/2014 8:27:22 AM 2832 (0x0B10)Attempting to retrieve default management points from DNS LocationServices 6/4/2014 8:27:22 AM 2832 (0x0B10)Found DNS record of collin.ntcc.edu port 443 LocationServices 6/4/2014 8:27:22 AM 2832 (0x0B10)Skipping DNS record of collin.ntcc.edu port 443 as it is not compatible with Client LocationServices 6/4/2014 8:27:22 AM 2832 (0x0B10)Failed to retrieve compatible DNS service record using _mssms_mp_p01._tcp.ntcc.edu lookup LocationServices 6/4/2014 8:27:22 AM 2832 (0x0B10)No lookup MP(s) from DNS LocationServices 6/4/2014 8:27:22 AM 2832 (0x0B10)Policy prevents failover to WINS for lookup LocationServices 6/4/2014 8:27:22 AM 2832 (0x0B10)Unable to retrieve compatible MP(s) from AD LocationServices 6/4/2014 8:27:22 AM 2832 (0x0B10)Attempting to retrieve default management points from lookup MP(s) via HTTP LocationServices 6/4/2014 8:27:22 AM 2832 (0x0B10)Failed to retrieve Default Management Points from lookup MP(s) LocationServices 6/4/2014 8:27:22 AM 2832 (0x0B10)Using default DNS suffix ntcc.edu LocationServices 6/4/2014 8:27:22 AM 2832 (0x0B10)Attempting to retrieve default management points from DNS LocationServices 6/4/2014 8:27:22 AM 2832 (0x0B10)Found DNS record of collin.ntcc.edu port 443 LocationServices 6/4/2014 8:27:22 AM 2832 (0x0B10)Skipping DNS record of collin.ntcc.edu port 443 as it is not compatible with Client LocationServices 6/4/2014 8:27:22 AM 2832 (0x0B10)Failed to retrieve compatible DNS service record using _mssms_mp_p01._tcp.ntcc.edu lookup LocationServices 6/4/2014 8:27:22 AM 2832 (0x0B10)Failed to retrieve Default Management Points from DNS LocationServices 6/4/2014 8:27:22 AM 2832 (0x0B10)Attempting to retrieve NLB management point from WINS LocationServices 6/4/2014 8:27:22 AM 2832 (0x0B10)Executing Task LSRefreshSecuritySettingsTask LocationServices 6/4/2014 8:27:22 AM 3532 (0x0DCC)Already refreshed security settings within the last 60 minutes, not refreshing. LocationServices 6/4/2014 8:27:22 AM 1808 (0x0710)No security settings update detected. LocationServices 6/4/2014 8:27:22 AM 1808 (0x0710)Executing Task LSSiteRoleCycleTask LocationServices 6/4/2014 8:27:22 AM 1424 (0x0590)Ignoring MP error during post-rotation flush period of 20 seconds. LocationServices 6/4/2014 8:27:22 AM 1424 (0x0590)0 assigned MP errors in the last 10 minutes, threshold is 5. LocationServices 6/4/2014 8:27:22 AM 1424 (0x0590)Executing Task LSRefreshSecuritySettingsTask LocationServices 6/4/2014 8:27:23 AM 2824 (0x0B08)Already refreshed security settings within the last 60 minutes, not refreshing. LocationServices 6/4/2014 8:27:23 AM 3360 (0x0D20)No security settings update detected. LocationServices 6/4/2014 8:27:23 AM 3360 (0x0D20)Executing Task LSSiteRoleCycleTask LocationServices 6/4/2014 8:27:23 AM 3764 (0x0EB4)Ignoring MP error during post-rotation flush period of 20 seconds. LocationServices 6/4/2014 8:27:23 AM 3764 (0x0EB4)0 assigned MP errors in the last 10 minutes, threshold is 5. LocationServices 6/4/2014 8:27:23 AM 3764 (0x0EB4)Failed to resolve 'NLB_P01' from WINS LocationServices 6/4/2014 8:27:31 AM 2832 (0x0B10)No NLB management point is present, attempting to retrieve default management point from WINS LocationServices 6/4/2014 8:27:31 AM 2832 (0x0B10)Retrieved Default Management Point collin.ntcc.edu through WINS LocationServices 6/4/2014 8:27:31 AM 2832 (0x0B10)Persisting the default management points in WMI LocationServices 6/4/2014 8:27:31 AM 2832 (0x0B10)Current AD site of machine is Default-First-Site-Name LocationServices 6/4/2014 8:27:31 AM 2832 (0x0B10)Executing Task LSRefreshSecuritySettingsTask LocationServices 6/4/2014 8:27:31 AM 3552 (0x0DE0)Already refreshed security settings within the last 60 minutes, not refreshing. LocationServices 6/4/2014 8:27:31 AM 3532 (0x0DCC)No security settings update detected. LocationServices 6/4/2014 8:27:31 AM 3532 (0x0DCC)Executing Task LSSiteRoleCycleTask LocationServices 6/4/2014 8:27:31 AM 3764 (0x0EB4)Failed to send management point list Location Request Message to collin.ntcc.edu LocationServices 6/4/2014 8:27:31 AM 2832 (0x0B10)Ignoring MP error during post-rotation flush period of 20 seconds. LocationServices 6/4/2014 8:27:31 AM 3764 (0x0EB4)0 assigned MP errors in the last 10 minutes, threshold is 5. LocationServices 6/4/2014 8:27:31 AM 3764 (0x0EB4)Persisted Default Management Point Locations locally LocationServices 6/4/2014 8:27:31 AM 2832 (0x0B10)Current AD site of machine is Default-First-Site-Name LocationServices 6/4/2014 8:27:31 AM 2832 (0x0B10)Executing Task LSRefreshSecuritySettingsTask LocationServices 6/4/2014 8:27:31 AM 3552 (0x0DE0)Already refreshed security settings within the last 60 minutes, not refreshing. LocationServices 6/4/2014 8:27:31 AM 3532 (0x0DCC)No security settings update detected. LocationServices 6/4/2014 8:27:31 AM 3532 (0x0DCC)Executing Task LSSiteRoleCycleTask LocationServices 6/4/2014 8:27:31 AM 3764 (0x0EB4)Failed to send management point list Location Request Message to collin.ntcc.edu LocationServices 6/4/2014 8:27:31 AM 2832 (0x0B10)Ignoring MP error during post-rotation flush period of 20 seconds. LocationServices 6/4/2014 8:27:31 AM 3764 (0x0EB4)0 assigned MP errors in the last 10 minutes, threshold is 5. LocationServices 6/4/2014 8:27:31 AM 3764 (0x0EB4)Attempting to retrieve local MPs from the assigned MP LocationServices 6/4/2014 8:27:31 AM 2832 (0x0B10)Current AD site of machine is Default-First-Site-Name LocationServices 6/4/2014 8:27:31 AM 2832 (0x0B10)Executing Task LSRefreshSecuritySettingsTask LocationServices 6/4/2014 8:27:31 AM 3552 (0x0DE0)Already refreshed security settings within the last 60 minutes, not refreshing. LocationServices 6/4/2014 8:27:31 AM 3764 (0x0EB4)No security settings update detected. LocationServices 6/4/2014 8:27:31 AM 3764 (0x0EB4)Executing Task LSSiteRoleCycleTask LocationServices 6/4/2014 8:27:31 AM 3764 (0x0EB4)Failed to send management point list Location Request Message to collin.ntcc.edu LocationServices 6/4/2014 8:27:31 AM 2832 (0x0B10)Ignoring MP error during post-rotation flush period of 20 seconds. LocationServices 6/4/2014 8:27:31 AM 3764 (0x0EB4)0 assigned MP errors in the last 10 minutes, threshold is 5. LocationServices 6/4/2014 8:27:31 AM 3764 (0x0EB4)Refreshing the Management Point List for site P01 LocationServices 6/4/2014 8:27:31 AM 2832 (0x0B10)Retrieved management point encryption info from AD. LocationServices 6/4/2014 8:27:31 AM 2832 (0x0B10)[CCMHTTP] ERROR: URL=http://collin.ntcc.edu/SMS_MP/.sms_aut?MPLIST, Port=80, Options=224, Code=0, Text=CCM_E_BAD_HTTP_STATUS_CODE LocationServices 6/4/2014 8:27:31 AM 2832 (0x0B10) Raising event:instance of CCM_CcmHttp_Status{ClientID = "GUID:25C70F42-0911-438D-863B-6152530429C8";DateTime = "20140604132731.886000+000";HostName = "collin.ntcc.edu";HRESULT = "0x87d0027e";ProcessID = 3588;StatusCode = 403;ThreadID = 2832;};LocationServices 6/4/2014 8:27:31 AM 2832 (0x0B10)Successfully sent security settings refresh message. LocationServices 6/4/2014 8:27:31 AM 2832 (0x0B10)Executing Task LSRefreshSecuritySettingsTask LocationServices 6/4/2014 8:27:31 AM 3532 (0x0DCC)Successfully sent location services HTTP failure message. LocationServices 6 ------------------------------------------------------------------------------ This says MP SSL state = 63 I cant find any documentation on what the SSL state value means. Thanks for any help! Quote Share this post Link to post Share on other sites More sharing options...
Adam Bise Posted June 4, 2014 Report post Posted June 4, 2014 One thing I noticed was the configmgr control panel on windows clients shows client certificate issued by the CA is self signed. Is this what it should say? Quote Share this post Link to post Share on other sites More sharing options...
Adam Bise Posted June 4, 2014 Report post Posted June 4, 2014 I checked a client HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CCM\Httpsstate is 224 The MP says it's SSL state = 63. Is this the incompatibility? What do these numbers mean? Thank you. Quote Share this post Link to post Share on other sites More sharing options...
wilbywilson Posted June 4, 2014 Report post Posted June 4, 2014 Hey there. Assuming that your clients are getting the correct certificates issued, the Config Manager client cert should say "PKI" So, I don't think you've got the certificate configured/distributing properly. I would highly recommend checking out this blog post: http://www.systemcenterdudes.com/?p=193 Quote Share this post Link to post Share on other sites More sharing options...
Adam Bise Posted June 4, 2014 Report post Posted June 4, 2014 AWESOME!!! It was the client communications tab on site properties. I had missed the PKI checkbox. Looks like everything is working now thanks!!! Quote Share this post Link to post Share on other sites More sharing options...
Benoit Lecours Posted September 25, 2014 Report post Posted September 25, 2014 Glad our guide has helped ! Feel free to ask if you have any questions. Benoit Blog : http://www.systemcenterdudes.com Quote Share this post Link to post Share on other sites More sharing options...