SCCM | Intune | Windows 365 | Windows 11 Forums

Register a free account today to become a member! Once signed in, you'll be able to participate on this site by adding your own topics and posts, as well as connect with other members. Please post your questions in the correct category.

Connection Point Server - Disconnected - after CMG cert renewal and sync config

Damian1984

New Member
Messages
1
Points
1
Hi All,



I hope you are well.



last week we renew certificate for our CMG - from that time CMG stays in ready state but Connection Point Server stays disconnected. In SMS_CLOUD_PROXYCONNECTOR.log i see:



Starting to connect to Proxy server XXXXXXXXXXXXXXXXXXXXXXXXX:443 with client certificate 7B96C5251E6F6C5C48412E87F07749D7DB201C35 and connection ID d5b1432f-2030-49cb-94a6-1bab1c4b8af8...

Starting to connect to Proxy server xxxx:10140 with client certificate 7B96C5251E6F6C5C48412E87F07749D7DB201C35 and connection ID d99de605-abbb-47cc-81df-0827ab4cb656...

And then:



ERROR: Failed to build Tcp connection d99de605-abbb-47cc-81df-0827ab4cb656 with server XXXXXXXXXXXXXXXXXXXXXXXXX:10140. Exception: System.Net.WebException: TCP CONNECTION: Failed to connect TCP socket with proxy server ---> System.Net.Sockets.SocketException: A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond xx.xxx.xx.xx:10140~~ at System.Net.Sockets.TcpClient.Connect(String hostname, Int32 port)~~ at Microsoft.ConfigurationManager.CloudConnection.ProxyConnector.TcpConnection.Connect()~~ --- End of inner exception stack trace ---~~ at Microsoft.ConfigurationManager.CloudConnection.ProxyConnector.TcpConnection.Connect()~~ at Microsoft.ConfigurationManager.CloudConnection.ProxyConnector.ConnectionBase.Online()~~ at

Microsoft.ConfigurationManager.CloudConnection.ProxyConnector.ConnectionBase.Start()~~ at Microsoft.ConfigurationManager.CloudConnection.ProxyConnector.ConnectionManager.MaintainConnections()




ERROR: Failed to build Http connection d5b1432f-2030-49cb-94a6-1bab1c4b8af8 with server xxx:443. Exception: System.Net.WebException: HTTP CONNECTION: Failed to send data to proxy server ---> System.Net.WebException: Unable to connect to the remote server ---> System.Net.Sockets.SocketException: A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond xxx:443~~ at System.Net.Sockets.Socket.DoConnect(EndPoint endPointSnapshot, SocketAddress socketAddress)~~ at System.Net.ServicePoint.ConnectSocketInternal(Boolean connectFailure, Socket s4, Socket s6, Socket& socket, IPAddress& address, ConnectSocketState state, IAsyncResult asyncResult, Exception& exception)~~ --- End of inner exception stack trace ---~~ at System.Net.HttpWebRequest.GetRequestStream(TransportContext& context)~~ at System.Net.HttpWebRequest.GetRequestStream()~~ at Microsoft.ConfigurationManager.CloudConnection.ProxyConnector.HttpConnection.PopulateStream(HttpWebRequest request, IAsyncResult asynchronousResult, String requestString, Byte[] data)~~ --- End of inner exception stack trace ---~~ at Microsoft.ConfigurationManager.CloudConnection.ProxyConnector.HttpConnection.PopulateStream(HttpWebRequest request, IAsyncResult asynchronousResult, String requestString, Byte[] data)~~ at Microsoft.ConfigurationManager.CloudConnection.ProxyConnector.HttpConnection.Connect()~~ at Microsoft.ConfigurationManager.CloudConnection.ProxyConnector.ConnectionBase.Online()~~ at Microsoft.ConfigurationManager.CloudConnection.ProxyConnector.ConnectionBase.Start()~~ at Microsoft.ConfigurationManager.CloudConnection.ProxyConnector.ConnectionManager.MaintainConnections()

From Azure site, under CMG config I have:

ProxyService_IN_0: FailedStartingRole
Recovering role... System is initializing. [2024-04-23T13:25:07.000Z] Last exit time: [2024/04/19, 11:28:56.533]. Last exit code: 0.


Under SmsAdminUI.log I see:

at Microsoft.ConfigurationManagement.AdminConsole.AzureServices.CMGAnalyzer.backgroundWorker_DoWork(Object sender, DoWorkEventArgs e)\r\nSystem.Net.Sockets.SocketException\r\nA connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond xx.xx.xx.xx:443\r\n at

System.Net.Sockets.Socket.DoConnect(EndPoint endPointSnapshot, SocketAddress socketAddress)


and

at System.Net.ServicePoint.ConnectSocketInternal(Boolean connectFailure, Socket s4, Socket s6, Socket& socket, IPAddress& address, ConnectSocketState state, IAsyncResult asyncResult, Exception& exception)\r\n

When I checked Cloud Proxy Connector cert with thumbprint: 7B96C5251E6F6C5C48412E87F07749D7DB201C35 I see information:

This CA Root certificate is not trusted. To enable trust**,** install this certificate in the Trusted Root Certification Authorities store

I assume it is not normal situation for this cert? Also from what I read this cert should be only under SMS cert store? Is that correct? Could you please advise what is the best way to fix that?

As I mentioned all problems started after cert renewal, however after that I ran Synchronize Configuration so I am wondering if there might be some other changes done in the past that affects CMG just after Config Sync? We made an in place upgrade for SCCM Primary Site Server a couple of months ago (from 2012 R2 to 2019).

Thank you in advance for any tip.

Best regards,

Damian
 
Back
Top