Hello Windows noob! First post here ever. Learnt most of my SCCM knowledge by following the guides here! Brilliant resource!
I'm hoping someone here can help me with an issue I'm having with setting an MP to use HTTPS. I've looked all over the web and all posts are relating to issues with other certificate types on the SCCM server.
Basically, I have deployed a Web server cert for ISS on my SCCM box, as well as one for the DP and both work fine. However, I have set my MP to use HTTPS which of course requires clients to have a cert to authenticate with it.
I have a windows PKI which has been operating fine and has issued all of my certs so far. I have created a new template based off the Workstation auth one and configured GPO to autoenroll clients. My MP is also in the scope of the GPO and has its own client auth cert. However, when I check in the mpcontrol.log I see the following spammed every 30 seconds:
Call to HttpSendRequestSync failed for port 443 with status code 403, text: Forbidden
Just before that I see:
Selected Certificate [Thumbprint 63682aeb220d928163855c10500f3e43e6a9a7cb] issued to 'YGG-SVR-005.yggdrasiltech.co.uk' for HTTPS Client Authentication
So I can see it's selecting my client auth cert to use but then rejecting it. I ahve confirmed this is the right cert by matching the thumbprint with the one issues in the CA for client auth.
If I look further up the logs, it goes through all the other certs on the server and has no issues (such as the web server cert).
Does anyone know what I can check to find why the IIS server rejects the client auth cert assigned to my MP, stopping it from working as an MP entirely. Have I missed a requirement for the CA template or the CA itself?
The MP is on the SCCM server itself, its a standalone server. I have checked the CRL resolves fine which it does.
For now, I have set the MP back to HTTP and the log has settled down and shows the MP wokring correctly.
Any help would be greatly appreciated and probably save my sanity!!
We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.
Hello Windows noob! First post here ever. Learnt most of my SCCM knowledge by following the guides here! Brilliant resource!
I'm hoping someone here can help me with an issue I'm having with setting an MP to use HTTPS. I've looked all over the web and all posts are relating to issues with other certificate types on the SCCM server.
Basically, I have deployed a Web server cert for ISS on my SCCM box, as well as one for the DP and both work fine. However, I have set my MP to use HTTPS which of course requires clients to have a cert to authenticate with it.
I have a windows PKI which has been operating fine and has issued all of my certs so far. I have created a new template based off the Workstation auth one and configured GPO to autoenroll clients. My MP is also in the scope of the GPO and has its own client auth cert. However, when I check in the mpcontrol.log I see the following spammed every 30 seconds:
Call to HttpSendRequestSync failed for port 443 with status code 403, text: Forbidden
Just before that I see:
Selected Certificate [Thumbprint 63682aeb220d928163855c10500f3e43e6a9a7cb] issued to 'YGG-SVR-005.yggdrasiltech.co.uk' for HTTPS Client Authentication
So I can see it's selecting my client auth cert to use but then rejecting it. I ahve confirmed this is the right cert by matching the thumbprint with the one issues in the CA for client auth.
If I look further up the logs, it goes through all the other certs on the server and has no issues (such as the web server cert).
Does anyone know what I can check to find why the IIS server rejects the client auth cert assigned to my MP, stopping it from working as an MP entirely. Have I missed a requirement for the CA template or the CA itself?
The MP is on the SCCM server itself, its a standalone server. I have checked the CRL resolves fine which it does.
For now, I have set the MP back to HTTP and the log has settled down and shows the MP wokring correctly.
Any help would be greatly appreciated and probably save my sanity!!
Share this post
Link to post
Share on other sites