PENDING Configuration Manager service connection point can reach the internet endpoints required for tenant attach

[Marek Belan]

On every preview function i see this error:

• Extension
  Microsoft_Intune_DeviceExplorer
• Content
  ScriptsBlade
• Error code
  6

Details
Error validating request. Verify that the Configuration Manager service connection point can reach the internet endpoints required for tenant attach. Learn more

 

[Prajwal Desai]

Hi Mark, let me know if this helps - https://docs.microsoft.com/en-us/mem/configmgr/tenant-attach/troubleshoot-client-details

 

[Marek Belan]

Hi Mark, let me know if this helps - https://docs.microsoft.com/en-us/mem/configmgr/tenant-attach/troubleshoot-client-details

Hi this not help.
I find this in in log CMGatewayNotificationWorker.log

Retrieved signing certificate CN=cmgatewaysigning.gateway.configmgr.manage.microsoft.com, OU=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=WA, C=US with thumbprint FA9FF8FEFDB45EA9267F2EC2547DC9AFAB270779 from service SMS_SERVICE_CONNECTOR_CMGatewayNotificationWorker 16.02.2022 15:22:18 130 (0x0082)
Released lock to refresh service signing certificate SMS_SERVICE_CONNECTOR_CMGatewayNotificationWorker 16.02.2022 15:22:18 130 (0x0082)
Error occured when process notification with notification Id e0ebb7f6-24d5-4e74-aeaa-d701bd41b027. Ignore the notification. SMS_SERVICE_CONNECTOR_CMGatewayNotificationWorker 16.02.2022 15:22:18 130 (0x0082)
Exception details: SMS_SERVICE_CONNECTOR_CMGatewayNotificationWorker 16.02.2022 15:22:18 130 (0x0082)
[Warning][CMGatewayNotificationWorker][0][System.IO.InvalidDataException][0x80131501]
Failed to check and load service signing certificate. System.ArgumentException: Fail to build chain. ElementSubjectName: CN=cmgatewaysigning.gateway.configmgr.manage.microsoft.com, OU=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=WA, C=US ElementChainStatus: RevocationStatusUnknown,OfflineRevocation
at Microsoft.ConfigurationManager.ManagedBase.CertificateUtility.ServiceCertificateUtility.VerifyCertificate(X509Certificate2 certificate, Boolean crlCheck, X509Chain& certificateChain, X509Certificate2Collection extraStore)
at Microsoft.ConfigurationManager.ManagedBase.CertificateUtility.ServiceCertificateUtility.Export(X509Certificate2 certificate, String& certificateBase64, String& subCaCertificatesBase64)
at Microsoft.ConfigurationManager.ServiceConnector.AccountOnboardingWorker.<RefreshServiceSigningCertificateAsync>d__25.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at Microsoft.ConfigurationManager.ServiceConnector.AccountOnboardingWorker.<RefreshServiceSigningCertificateIfNotExistsAsync>d__21.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
at Microsoft.ConfigurationManager.ServiceConnector.CMGatewayNotificationWorker.<ProcessNotifications>d__7.MoveNext() at Microsoft.ConfigurationManager.ServiceConnector.CMGatewayNotificationWorker.<ProcessNotifications>d__7.MoveNext() SMS_SERVICE_CONNECTOR_CMGatewayNotificationWorker 16.02.2022 15:22:18 130 (0x0082)
[Warning][CMGatewayNotificationWorker][1][System.ArgumentException][0x80070057]
Fail to build chain. ElementSubjectName: CN=cmgatewaysigning.gateway.configmgr.manage.microsoft.com, OU=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=WA, C=US ElementChainStatus: RevocationStatusUnknown,OfflineRevocation at Microsoft.ConfigurationManager.ManagedBase.CertificateUtility.ServiceCertificateUtility.VerifyCertificate(X509Certificate2 certificate, Boolean crlCheck, X509Chain& certificateChain, X509Certificate2Collection extraStore)
at Microsoft.ConfigurationManager.ManagedBase.CertificateUtility.ServiceCertificateUtility.Export(X509Certificate2 certificate, String& certificateBase64, String& subCaCertificatesBase64)
at Microsoft.ConfigurationManager.ServiceConnector.AccountOnboardingWorker.<RefreshServiceSigningCertificateAsync>d__25.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at Microsoft.ConfigurationManager.ServiceConnector.AccountOnboardingWorker.<RefreshServiceSigningCertificateIfNotExistsAsync>d__21.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
at Microsoft.ConfigurationManager.ServiceConnector.CMGatewayNotificationWorker.<ProcessNotifications>d__7.MoveNext() SMS_SERVICE_CONNECTOR_CMGatewayNotificationWorker 16.02.2022 15:22:18 130 (0x0082)

 

[rulozg]

good morning,

Have you found a solution to this problem? It's showing up on my computers.

Thank you very much and greetings.

 

[SurjeetSJ]

So, I also ran into this issue and here's what you'd need to do: Ask your network team to ensure they have whitelisted the following URL's on the ConfigMgr server running Service Connection Point Role and your W10 endpoints

Internet endpoints

• https://aka.ms/configmgrgateway
• https://*.manage.microsoft.com for Azure public cloud customers
• https://dc.services.visualstudio.com
• http://crl3.digicert.com
• http://crl4.digicert.com
• http://ocsp.digicert.com
• http://www.d-trust.net
• http://root-c3-ca2-2009.ocsp.d-trust.net
• http://crl.microsoft.com
• http://oneocsp.microsoft.com
• http://ocsp.msocsp.com
• http://www.microsoft.com/pkiops

Proxy Exception URL​	Description​	Ports​
https://manage.windowsazure.com/	ManagementPortalURL	80 and 443
https://manage.windowsazure.com/publishsettings/index	PublishSettingsURL	80 and 443
https://management.core.windows.net/	ServiceManagementEndpoint	80 and 443
https://management.azure.com/	ResourceManagerEndpoint	80 and 443
https://login.microsoftonline.com/	ActiveDirectoryEndpoint	80 and 443
https://gallery.azure.com/	GalleryEndpoint	80 and 443
https://vault.azure.net/	KeyVaultEndpoint	80 and 443
https://graph.windows.net/	GraphEndpoint	80 and 443
core.windows.net	StorageEndpointSuffix	80 and 443
database.windows.net	SQLDatabaseDNSSuffix	80 and 443
trafficmanager.net	TrafficManagerDNSSuffix	80 and 443
vault.azure.net	KeyVaultDNSSuffix	80 and 443
servicebus.azure.com	ServiceBusEndpointSuffix	80 and 443
cloudapp.net	CloudServiceSuffix	80 and 443
*.akamaiedge.net	SCCM Updates and servicing	80 and 443
*.akamaitechnologies.com	SCCM Updates and servicing	80 and 443
*.manage.microsoft.com	SCCM Updates and servicing	80 and 443
go.microsoft.com	SCCM Updates and servicing	80 and 443
blob.core.windows.net	SCCM Updates and servicing	80 and 443
download.microsoft.com	SCCM Updates and servicing	80 and 443
download.windowsupdate.com	SCCM Updates and servicing	80 and 443
sccmconnected.a01.cloudapp.net	SCCM Updates and servicing	80 and 443
*manage.microsoft.com	Microsoft Intune	80 and 443
https://bspmts.mp.microsoft.com/V	Microsoft Intune	80 and 443
https://login.microsoftonline.com/{TenantID}	Microsoft Intune	80 and 443
download.microsoft.com	Windows 10 servicing	80 and 443
https://go.microsoft.com/fwlink/?LinkID=619849	Windows 10 servicing	80 and 443
*.manage.microsoft.com	Intune	80 and 443

 

[bala113]

Any update on this issue resolution?

 

[Gopi Krishna]

I am also facing the same issue. Is there any update on this solution?

 

[Garth]

I am also facing the same issue. Is there any update on this solution?

Did you follow @SurjeetSJ suggestion?

​

 

[Gopi Krishna]

Did you follow @SurjeetSJ suggestion?

​

My networking team wants a source from Microsoft Website to follow the instructions. They are very strict on this.

 

[Garth]

My networking team wants a source from Microsoft Website to follow the instructions. They are very strict on this.

Then you should contact your TAM. They can provide for to you.