Hello,
I've got an issue with one of my servers. After switching all DP's and the primary site to https only communication with pki, the ccm client on one of the servers was broken. I tried reinstalling it, but it fails everytime.
Errors in ccmsetup.log:
Both AAD token auth and client PreAuth are not ready. Cannot get CCM token
Client doesn't have PKI issued cert and cannot get CCM access token. Error 0x8000ffff
[CCMHTTP] ERROR: URL=https://<servername>/ccm_system/request, Port=443, Options=1087, Code=0, Text=CCM_E_NO_TOKEN_AUTH
[CCMHTTP] ERROR INFO: StatusCode=403 StatusText=Forbidden
Failed (0x87d00455) to send location request to '<Servername>'. StatusCode 403, StatusText 'Forbidden'
Failed to send location message to 'https://<servername>'. Status text 'Forbidden'
GetDPLocations failed with error 0x87d00455
Failed to get DP locations as the expected version from MP 'https://<Servername>'. Error 0x87d00455
The server has a valid certificate in it's store, it also uses it:
The Certificate [Thumbprint xxxxxxxxxxxx] issued to '<Servername>' has 'Client Authentication' capability.
Completed validation of Certificate [Thumbprint xxxxxxxxxxxx] issued to '<Servername>'
>>> Client selected the PKI Certificate [Thumbprint xxxxxxxxxxxx] issued to '<Servername>'
Other servers don't have this problem. All of them use the same certificate template.
The commandline I'm using is:
C:\windows\ccmsetup\ccmsetup.exe /forceinstall /mp:https://<Servername> SMSCACHESIZE=20000 SMSSITECODE=XXX /BITSPriority:HIGH /UsePKICert /NoCRLCheck
I also tried using the SMSMP= Parameter instead of /mp and experimented with /UsePKICert and /NoCRLCheck (once set, once not set, etc.) but everytime I get the exact same outcome.
I even tried cleaning the ccm installation with ccmclean.exe (I know it's not supported, but I was desperate).
Server was rebooted several times.
All other clients and servers do not have this problem.
PS: This server is one of the two domain controllers, the other one works just fine as mentioned.
Does anyone else had this issue or knows how to fix it?
I've got an issue with one of my servers. After switching all DP's and the primary site to https only communication with pki, the ccm client on one of the servers was broken. I tried reinstalling it, but it fails everytime.
Errors in ccmsetup.log:
Both AAD token auth and client PreAuth are not ready. Cannot get CCM token
Client doesn't have PKI issued cert and cannot get CCM access token. Error 0x8000ffff
[CCMHTTP] ERROR: URL=https://<servername>/ccm_system/request, Port=443, Options=1087, Code=0, Text=CCM_E_NO_TOKEN_AUTH
[CCMHTTP] ERROR INFO: StatusCode=403 StatusText=Forbidden
Failed (0x87d00455) to send location request to '<Servername>'. StatusCode 403, StatusText 'Forbidden'
Failed to send location message to 'https://<servername>'. Status text 'Forbidden'
GetDPLocations failed with error 0x87d00455
Failed to get DP locations as the expected version from MP 'https://<Servername>'. Error 0x87d00455
The server has a valid certificate in it's store, it also uses it:
The Certificate [Thumbprint xxxxxxxxxxxx] issued to '<Servername>' has 'Client Authentication' capability.
Completed validation of Certificate [Thumbprint xxxxxxxxxxxx] issued to '<Servername>'
>>> Client selected the PKI Certificate [Thumbprint xxxxxxxxxxxx] issued to '<Servername>'
Other servers don't have this problem. All of them use the same certificate template.
The commandline I'm using is:
C:\windows\ccmsetup\ccmsetup.exe /forceinstall /mp:https://<Servername> SMSCACHESIZE=20000 SMSSITECODE=XXX /BITSPriority:HIGH /UsePKICert /NoCRLCheck
I also tried using the SMSMP= Parameter instead of /mp and experimented with /UsePKICert and /NoCRLCheck (once set, once not set, etc.) but everytime I get the exact same outcome.
I even tried cleaning the ccm installation with ccmclean.exe (I know it's not supported, but I was desperate).
Server was rebooted several times.
All other clients and servers do not have this problem.
PS: This server is one of the two domain controllers, the other one works just fine as mentioned.
Does anyone else had this issue or knows how to fix it?
Last edited:
