Damian1984
New Member
- Messages
- 1
- Points
- 1
Hi All,
I hope you are well.
last week we renew certificate for our CMG - from that time CMG stays in ready state but Connection Point Server stays disconnected. In SMS_CLOUD_PROXYCONNECTOR.log i see:
Starting to connect to Proxy server XXXXXXXXXXXXXXXXXXXXXXXXX:443 with client certificate 7B96C5251E6F6C5C48412E87F07749D7DB201C35 and connection ID d5b1432f-2030-49cb-94a6-1bab1c4b8af8...
Starting to connect to Proxy server xxxx:10140 with client certificate 7B96C5251E6F6C5C48412E87F07749D7DB201C35 and connection ID d99de605-abbb-47cc-81df-0827ab4cb656...
And then:
ERROR: Failed to build Tcp connection d99de605-abbb-47cc-81df-0827ab4cb656 with server XXXXXXXXXXXXXXXXXXXXXXXXX:10140. Exception: System.Net.WebException: TCP CONNECTION: Failed to connect TCP socket with proxy server ---> System.Net.Sockets.SocketException: A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond xx.xxx.xx.xx:10140~~ at System.Net.Sockets.TcpClient.Connect(String hostname, Int32 port)~~ at Microsoft.ConfigurationManager.CloudConnection.ProxyConnector.TcpConnection.Connect()~~ --- End of inner exception stack trace ---~~ at Microsoft.ConfigurationManager.CloudConnection.ProxyConnector.TcpConnection.Connect()~~ at Microsoft.ConfigurationManager.CloudConnection.ProxyConnector.ConnectionBase.Online()~~ at
Microsoft.ConfigurationManager.CloudConnection.ProxyConnector.ConnectionBase.Start()~~ at Microsoft.ConfigurationManager.CloudConnection.ProxyConnector.ConnectionManager.MaintainConnections()
ERROR: Failed to build Http connection d5b1432f-2030-49cb-94a6-1bab1c4b8af8 with server xxx:443. Exception: System.Net.WebException: HTTP CONNECTION: Failed to send data to proxy server ---> System.Net.WebException: Unable to connect to the remote server ---> System.Net.Sockets.SocketException: A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond xxx:443~~ at System.Net.Sockets.Socket.DoConnect(EndPoint endPointSnapshot, SocketAddress socketAddress)~~ at System.Net.ServicePoint.ConnectSocketInternal(Boolean connectFailure, Socket s4, Socket s6, Socket& socket, IPAddress& address, ConnectSocketState state, IAsyncResult asyncResult, Exception& exception)~~ --- End of inner exception stack trace ---~~ at System.Net.HttpWebRequest.GetRequestStream(TransportContext& context)~~ at System.Net.HttpWebRequest.GetRequestStream()~~ at Microsoft.ConfigurationManager.CloudConnection.ProxyConnector.HttpConnection.PopulateStream(HttpWebRequest request, IAsyncResult asynchronousResult, String requestString, Byte[] data)~~ --- End of inner exception stack trace ---~~ at Microsoft.ConfigurationManager.CloudConnection.ProxyConnector.HttpConnection.PopulateStream(HttpWebRequest request, IAsyncResult asynchronousResult, String requestString, Byte[] data)~~ at Microsoft.ConfigurationManager.CloudConnection.ProxyConnector.HttpConnection.Connect()~~ at Microsoft.ConfigurationManager.CloudConnection.ProxyConnector.ConnectionBase.Online()~~ at Microsoft.ConfigurationManager.CloudConnection.ProxyConnector.ConnectionBase.Start()~~ at Microsoft.ConfigurationManager.CloudConnection.ProxyConnector.ConnectionManager.MaintainConnections()
From Azure site, under CMG config I have:
ProxyService_IN_0: FailedStartingRole
Recovering role... System is initializing. [2024-04-23T13:25:07.000Z] Last exit time: [2024/04/19, 11:28:56.533]. Last exit code: 0.
Under SmsAdminUI.log I see:
at Microsoft.ConfigurationManagement.AdminConsole.AzureServices.CMGAnalyzer.backgroundWorker_DoWork(Object sender, DoWorkEventArgs e)\r\nSystem.Net.Sockets.SocketException\r\nA connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond xx.xx.xx.xx:443\r\n at
System.Net.Sockets.Socket.DoConnect(EndPoint endPointSnapshot, SocketAddress socketAddress)
and
at System.Net.ServicePoint.ConnectSocketInternal(Boolean connectFailure, Socket s4, Socket s6, Socket& socket, IPAddress& address, ConnectSocketState state, IAsyncResult asyncResult, Exception& exception)\r\n
When I checked Cloud Proxy Connector cert with thumbprint: 7B96C5251E6F6C5C48412E87F07749D7DB201C35 I see information:
This CA Root certificate is not trusted. To enable trust**,** install this certificate in the Trusted Root Certification Authorities store
I assume it is not normal situation for this cert? Also from what I read this cert should be only under SMS cert store? Is that correct? Could you please advise what is the best way to fix that?
As I mentioned all problems started after cert renewal, however after that I ran Synchronize Configuration so I am wondering if there might be some other changes done in the past that affects CMG just after Config Sync? We made an in place upgrade for SCCM Primary Site Server a couple of months ago (from 2012 R2 to 2019).
Thank you in advance for any tip.
Best regards,
Damian
I hope you are well.
last week we renew certificate for our CMG - from that time CMG stays in ready state but Connection Point Server stays disconnected. In SMS_CLOUD_PROXYCONNECTOR.log i see:
Starting to connect to Proxy server XXXXXXXXXXXXXXXXXXXXXXXXX:443 with client certificate 7B96C5251E6F6C5C48412E87F07749D7DB201C35 and connection ID d5b1432f-2030-49cb-94a6-1bab1c4b8af8...
Starting to connect to Proxy server xxxx:10140 with client certificate 7B96C5251E6F6C5C48412E87F07749D7DB201C35 and connection ID d99de605-abbb-47cc-81df-0827ab4cb656...
And then:
ERROR: Failed to build Tcp connection d99de605-abbb-47cc-81df-0827ab4cb656 with server XXXXXXXXXXXXXXXXXXXXXXXXX:10140. Exception: System.Net.WebException: TCP CONNECTION: Failed to connect TCP socket with proxy server ---> System.Net.Sockets.SocketException: A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond xx.xxx.xx.xx:10140~~ at System.Net.Sockets.TcpClient.Connect(String hostname, Int32 port)~~ at Microsoft.ConfigurationManager.CloudConnection.ProxyConnector.TcpConnection.Connect()~~ --- End of inner exception stack trace ---~~ at Microsoft.ConfigurationManager.CloudConnection.ProxyConnector.TcpConnection.Connect()~~ at Microsoft.ConfigurationManager.CloudConnection.ProxyConnector.ConnectionBase.Online()~~ at
Microsoft.ConfigurationManager.CloudConnection.ProxyConnector.ConnectionBase.Start()~~ at Microsoft.ConfigurationManager.CloudConnection.ProxyConnector.ConnectionManager.MaintainConnections()
ERROR: Failed to build Http connection d5b1432f-2030-49cb-94a6-1bab1c4b8af8 with server xxx:443. Exception: System.Net.WebException: HTTP CONNECTION: Failed to send data to proxy server ---> System.Net.WebException: Unable to connect to the remote server ---> System.Net.Sockets.SocketException: A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond xxx:443~~ at System.Net.Sockets.Socket.DoConnect(EndPoint endPointSnapshot, SocketAddress socketAddress)~~ at System.Net.ServicePoint.ConnectSocketInternal(Boolean connectFailure, Socket s4, Socket s6, Socket& socket, IPAddress& address, ConnectSocketState state, IAsyncResult asyncResult, Exception& exception)~~ --- End of inner exception stack trace ---~~ at System.Net.HttpWebRequest.GetRequestStream(TransportContext& context)~~ at System.Net.HttpWebRequest.GetRequestStream()~~ at Microsoft.ConfigurationManager.CloudConnection.ProxyConnector.HttpConnection.PopulateStream(HttpWebRequest request, IAsyncResult asynchronousResult, String requestString, Byte[] data)~~ --- End of inner exception stack trace ---~~ at Microsoft.ConfigurationManager.CloudConnection.ProxyConnector.HttpConnection.PopulateStream(HttpWebRequest request, IAsyncResult asynchronousResult, String requestString, Byte[] data)~~ at Microsoft.ConfigurationManager.CloudConnection.ProxyConnector.HttpConnection.Connect()~~ at Microsoft.ConfigurationManager.CloudConnection.ProxyConnector.ConnectionBase.Online()~~ at Microsoft.ConfigurationManager.CloudConnection.ProxyConnector.ConnectionBase.Start()~~ at Microsoft.ConfigurationManager.CloudConnection.ProxyConnector.ConnectionManager.MaintainConnections()
From Azure site, under CMG config I have:
ProxyService_IN_0: FailedStartingRole
Recovering role... System is initializing. [2024-04-23T13:25:07.000Z] Last exit time: [2024/04/19, 11:28:56.533]. Last exit code: 0.
Under SmsAdminUI.log I see:
at Microsoft.ConfigurationManagement.AdminConsole.AzureServices.CMGAnalyzer.backgroundWorker_DoWork(Object sender, DoWorkEventArgs e)\r\nSystem.Net.Sockets.SocketException\r\nA connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond xx.xx.xx.xx:443\r\n at
System.Net.Sockets.Socket.DoConnect(EndPoint endPointSnapshot, SocketAddress socketAddress)
and
at System.Net.ServicePoint.ConnectSocketInternal(Boolean connectFailure, Socket s4, Socket s6, Socket& socket, IPAddress& address, ConnectSocketState state, IAsyncResult asyncResult, Exception& exception)\r\n
When I checked Cloud Proxy Connector cert with thumbprint: 7B96C5251E6F6C5C48412E87F07749D7DB201C35 I see information:
This CA Root certificate is not trusted. To enable trust**,** install this certificate in the Trusted Root Certification Authorities store
I assume it is not normal situation for this cert? Also from what I read this cert should be only under SMS cert store? Is that correct? Could you please advise what is the best way to fix that?
As I mentioned all problems started after cert renewal, however after that I ran Synchronize Configuration so I am wondering if there might be some other changes done in the past that affects CMG just after Config Sync? We made an in place upgrade for SCCM Primary Site Server a couple of months ago (from 2012 R2 to 2019).
Thank you in advance for any tip.
Best regards,
Damian