NEW Made a mistake with SSL, all clients inactive

[Ben Radlinski]

Long time, first time. I had a perfectly healthy SCCM environment, running on 2K12 R2, CM 1706, but then I decided I was going to roll out SSL so I could begin managing mobile devices. Unfortunately I got a little ahead of myself and turned everything on before setting up any PKI in our environment. So now all of my clients are cut off from the SCCM server because they're unable to get a certificate.
I went back into the configuration to remove my changes and did the following:
-Removed the MP System Role and reinstalled it with HTTP.
-Removed the DP System Role and reinstalled it with HTTP.

The clients are still not able to contact the server. I'm not sure what logs I should look at on the client side in order to troubleshoot this issue.

Any help would be appreciated.

 

[Youssef Saad]

Hi Ben Radlinski,

The communication between your SCCM server and clients is configured with HTTPS ? To check this: Site Configuration, Sites, Proprieties of your site server, communication clients.
Your MP is correctly published in your AD & DNS with HTTP ?

 

[Ben Radlinski]

They were communicating with HTTP, then I switched to HTTPS and then switched the configuration back to HTTP. I have confirmed that the MP is published using HTTP. The _mssms_mp_site entry is pointing at our sccm server with port 80 listed.

 

[Ben Radlinski]

Looks like I fixed it. I guess I needed to wait for the changes to replicate back. Thanks for your help Youssef.

 

[Youssef Saad]

Good, you can check the MP's log "Folder Installation SCCM\Logs\mpcontrol.log" for more details on the state of MP (update every 10 minutes).

Resolved.

 

[Edy]

make sure you install the certificate on the server and add the certificate to the site (IIS Site Bindings) otherwise the clients and the servers wont communicate. To this day i still couldnt get HTTPS working in my environment and we have VPN rolled out.

Logs you should be looking:
ClientAuth
ClientIDManagerStartup
MP_RegistrationManager