robiso22 Posted February 16, 2017 Report post Posted February 16, 2017 Hi, Yesterday I tried to make our site server and distribution points SSL. There are a ton of guides on the internet for how to do this. I think i ended up using this one: https://sccmguy.com/2013/11/26/pki-certificates-for-configuration-manager-2012-r2-part-1-of-4-web-server-certificate/. However, when we were done, client communication stopped. Some of the relevant logs: From CcmMessagingSuccessfully queued event on HTTP/HTTPS failure for server 'XXX'.Post to https://XXX/ccm_system_windowsauth/request failed with 0x87d00231.From CcmNotificationAgentError: Server certificate retrieved in TLS is not an exact match of the current MP encryption certificate.Error: 0x80090322 authenticating server credentials!Failed to signin bgb client with error = 80090322.Fallback to HTTP connection.[CCMHTTP] ERROR: URL=http://1982-X-MP-1-P01.xactware.com/bgb/handler.ashx?RequestType=LogIn, Port=80, Options=224, Code=0, Text=CCM_E_BAD_HTTP_STATUS_CODE (EDIT: MANAGEMENT POINT IS ACCEPTING HTTPS ONLY SO I EXPECTED THIS ONE) From Mpcontrol Selected certificate [thumbprint] issued to 'XXX' for HTTPS client authentication Call to HttpSendRequestSync failed for port 443 with status code 403; text: Forbidden To me this looks like a certificate issue. However, no matter what I've tried (added a common name in addition to the DNS name in the certificate, deleted and enrolled again for client and server side certificates, reinstalling the management point, 5 hours of other things I don't remember) I can't rid of this error.Aside from binding the SSL cert to the default website in IIS, is there anything else that needs to be done in IIS? Am I missing something else? Appreciate any pointers, Scott Quote Share this post Link to post Share on other sites More sharing options...
Pebcak2015 Posted January 31, 2020 Report post Posted January 31, 2020 I am also running into this (exact issue). What was your resolution? Quote Share this post Link to post Share on other sites More sharing options...
anyweb Posted February 1, 2020 Report post Posted February 1, 2020 have you seen these guides, they work 100% for me How can I configure System Center Configuration Manager in HTTPS mode (PKI) - Part 1 How can I configure System Center Configuration Manager in HTTPS mode (PKI) - Part 2 Quote Share this post Link to post Share on other sites More sharing options...
