Jump to content


Nicked

Recommended Posts

Nicked Newbie

Nicked

Posted
Posted

Hi,

I have an issue with my CMG and I can´t seem to resolve it.
Running ConfigMgr 1910 and using only HTTPS mode with internal PKI.

I need some help on where to look, I have replaced the CMG certificate in an attempt to see if that fixed the issue but to no avail.

Attached the client location log and it says it can´t resolve the name

I can do nslookup and get the cloudapp.net from the external server domain address.
I also have a client computer certificate, which should work since we use PKI internally for ConfigMgr too.
Cleared the WinHTTP settings just in case since I got an error that it could not resolve the name via WinHTTP.
I can download the PKI CRL file (http), it is in the certificate.


Regards
Niklas

client_location_log.JPG

Share this post

Link to post
Share on other sites
anyweb Proficient

anyweb

Posted
Posted

on the server side,  did you add the CMG connection point ?

and did you enable the SUP and MP settings for Internet communication ?

image.png

and on the site server, do you see any errors in your CloudMgr.log ?

Once the CMG and site system roles are running, clients get the location of the CMG service automatically on the next location request.  Clients must be on the intranet to receive the location of the CMG service, unless you install and assign Windows 10 clients using Azure AD for authentication. You can speed that up via restarting the sms_agent_host service

 

 

 

Share this post

Link to post
Share on other sites
Nicked Newbie

Nicked

Posted
Posted (edited)

yes, cloud management gateway traffic is allowed on the MP on the primary server


image.png.dac822fe05c49f4c7b217d92e5a2e864.png

 

SUP

image.png.a06f2f32325f671cc656ff999f220e65.png


CMG Role
image.png.88febebe9f7430faee2898a317258bed.png
 

Root and intermediate certs added

image.png.4c33a81c1c1036f1a93b36f2827018a2.png
 

 

No errors in CloudMgr.log


image.thumb.png.b9ab99bc577cda126210f82f8716ba92.png
 

I have only on prem domain joined Windows 10 machines, no azure joined yet.


Connection Analyzer are all green checks

Stats of the CMG in the console, I am not sure on how it should look but client request seems low, only 1 request.
Keep in mind I rebooted the CMG late night yesterday and switched to a new certificate since the older one was going to expire after summer so it was still valid.


image.png.0a876ed5692163ec1deee1ad6d1ef320.png

If only looking at this it seems fine but going to a client and looking at the logs and trying to install an applications just doesn´t seem correct and no installations work.

image.png.17263cb0d8a0c75adadde114cdbe65a4.png

 

Edited by Nicked
added more info

Share this post

Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
×
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.