Nicked Posted May 29, 2020 Report post Posted May 29, 2020 Hi, I have an issue with my CMG and I can´t seem to resolve it. Running ConfigMgr 1910 and using only HTTPS mode with internal PKI. I need some help on where to look, I have replaced the CMG certificate in an attempt to see if that fixed the issue but to no avail. Attached the client location log and it says it can´t resolve the name I can do nslookup and get the cloudapp.net from the external server domain address. I also have a client computer certificate, which should work since we use PKI internally for ConfigMgr too. Cleared the WinHTTP settings just in case since I got an error that it could not resolve the name via WinHTTP. I can download the PKI CRL file (http), it is in the certificate. Regards Niklas Quote Share this post Link to post Share on other sites More sharing options...
anyweb Posted May 29, 2020 Report post Posted May 29, 2020 on the server side, did you add the CMG connection point ? and did you enable the SUP and MP settings for Internet communication ? and on the site server, do you see any errors in your CloudMgr.log ? Once the CMG and site system roles are running, clients get the location of the CMG service automatically on the next location request. Clients must be on the intranet to receive the location of the CMG service, unless you install and assign Windows 10 clients using Azure AD for authentication. You can speed that up via restarting the sms_agent_host service Quote Share this post Link to post Share on other sites More sharing options...
Nicked Posted May 29, 2020 Report post Posted May 29, 2020 (edited) yes, cloud management gateway traffic is allowed on the MP on the primary server SUP CMG Role Root and intermediate certs added No errors in CloudMgr.log I have only on prem domain joined Windows 10 machines, no azure joined yet. Connection Analyzer are all green checks Stats of the CMG in the console, I am not sure on how it should look but client request seems low, only 1 request. Keep in mind I rebooted the CMG late night yesterday and switched to a new certificate since the older one was going to expire after summer so it was still valid. If only looking at this it seems fine but going to a client and looking at the logs and trying to install an applications just doesn´t seem correct and no installations work. Edited May 29, 2020 by Nicked added more info Quote Share this post Link to post Share on other sites More sharing options...