ThomasBNewcastle Posted January 21, 2017 Report post Posted January 21, 2017 Hello Thank you for reading my post. I been looking into this issue for days with no happy ending I have recently rebuild my SCCM 2012 R2 envirement (lab) to get a better understanding of pki certificates. I have followed the microsoft guide and thought it went well untill it came to installing my SCCM client on a windows 7 computer. Failed to receive ccm message response. Status code = 403GetDPLocations failed with error 0x80004005Failed to get DP locations as the expected version from MP 'HTTPS://TSB-SCCM01.Thomasroom.local'.Error 0x80004005 Failed to find DP locations from MP 'HTTPS://TSB-SCCM01.Thomasroom.local'with error 0x80004005, status code 403. Check next MP. Only one MP HTTPS://TSB-SCCM01.Thomasroom.local is specified. Use it. Have already tried all MPs. Couldn't find DP locations. ccmsetup GET 'HTTPS://TSB-SCCM01.Thomasroom.local/CCM_Client/ccmsetup.cab' Failed to successfully complete WinHttp request. (StatusCode at WinHttpQueryHeaders: 403DownloadFileByWinHTTP failed with error 0x80004005 My certificate seems to be working Completed searching client certificates based on Certificate Issuers Begin to select client certificate The 'Certificate Selection Criteria' was not specified, counting number of certificates present in 'MY' store of 'Local Computer'. 1 certificate(s) found in the 'MY' certificate store. Only one certificate present in the certificate store. Begin validation of Certificate [Thumbprint AD4FD62F66DB6388BC7FB21B4983DAB439DB3B91] issued to 'TR-WINBACKUP.Thomasroom.local'The Certificate [Thumbprint AD4FD62F66DB6388BC7FB21B4983DAB439DB3B91] issued to 'TR-WINBACKUP.Thomasroom.local' has 'Client Authentication' capabilityCompleted validation of Certificate [Thumbprint AD4FD62F66DB6388BC7FB21B4983DAB439DB3B91] issued to 'TR-WINBACKUP.Thomasroom.local' >>> Client selected the PKI Certificate [Thumbprint AD4FD62F66DB6388BC7FB21B4983DAB439DB3B91] issued to 'TR-WINBACKUP.Thomasroom.local From what I have been reading on other forms It could be an IIS permission error (I dont know enough about IIS - but the log looks ok) - attached My boundries are not setup - they are DNS is working I can nslookup my SCCM server from the client has anyone got any thoughts thank you ccmsetup.log u_ex170121.log Quote Share this post Link to post Share on other sites More sharing options...
ThomasBNewcastle Posted January 23, 2017 Report post Posted January 23, 2017 Hello Well I think I know what the issue is - I think my Certificate I installed on my DP is wrong :-( This is the Guide I used and followed. . . https://technet.microsoft.com/en-gb/library/gg682023.aspx The reason why I think its the Certificate is looking at my MPCONTROL.log (attached) I see the below Skipping this certificate which is not valid for ConfigMgr usage. SMS_MP_CONTROL_MANAGER 22/01/2017 19:59:50 4136 (0x1028)>>> Selected Certificate [Thumbprint 6e3efaeb2e391716e8a2ada8963d6cb4f390db52] issued to 'TSB-SCCM01.Thomasroom.local' for HTTPS Client Authentication SMS_MP_CONTROL_MANAGER 22/01/2017 19:59:50 4136 (0x1028)WINHTTP_CALLBACK_STATUS_SECURE_FAILURE SMS_MP_CONTROL_MANAGER 22/01/2017 19:59:50 4136 (0x1028)[bASEUTIL] AsyncCallback(): ----------------------------------------------------------------- SMS_MP_CONTROL_MANAGER 22/01/2017 19:59:50 4136 (0x1028)[bASEUTIL] AsyncCallback(): WINHTTP_CALLBACK_STATUS_SECURE_FAILURE Encountered SMS_MP_CONTROL_MANAGER 22/01/2017 19:59:50 4136 (0x1028)[bASEUTIL] : dwStatusInformationLength is 4 SMS_MP_CONTROL_MANAGER 22/01/2017 19:59:50 4136 (0x1028) What would happen If I deleted all of my certificates from my Certificate server and started again or would building a new SCCM server be better. I mpcontrol.txt Quote Share this post Link to post Share on other sites More sharing options...
