SOLVED SCCM Certificate Issues EHTTP

mhpk0 · Mar 12, 2025

Our OSD task sequences started failing at Installing Applications. Digging in to I found that the SMS Role SSL Certificate had expired that is listed in certlm.msc. I am not sure what I did but now the SMS Role SSL Certificate is showing it expires 2/4/2026. That certificate shows in IIS, but SCCM is not showing the same certificate. Also, to make things worse, somehow PXE booting is broken now as well. Computers just show "Start PXE over IPv4" and never boots from the boot image.

How do I go about fixing this?

mhpk0 · Mar 12, 2025

The mpcontrol.log seems to show EHTTP is working:

Code:

>>> Selected Certificate [Thumbprint 82981205885d01b7a12f419536dadc03809c8cca] issued to 'SCCM19.domain.com' for HTTPS Client Authentication    SMS_MP_CONTROL_MANAGER    3/12/2025 1:35:01 PM    2012 (0x07DC)
Call to HttpSendRequestSync succeeded for port 443 with status code 200, text: OK    SMS_MP_CONTROL_MANAGER    3/12/2025 1:35:01 PM    2012 (0x07DC)
Inbox source is local on SCCM19.domain.com    SMS_MP_CONTROL_MANAGER    3/12/2025 1:35:01 PM    2012 (0x07DC)
Sent summary record of SMS Management Point on ["Display=\\SCCM19.domain.com\"]MSWNET:["SMS_SITE=ABC"]\\SCCM19.domain.com\ to \\SCCM19.domain.com\SMS_ABC\inboxes\sitestat.box\glj53o54.SUM, Availability 0, 1073723388 KB total disk space , 332537812 KB free disk space, installation state 0.    SMS_MP_CONTROL_MANAGER    3/12/2025 1:35:01 PM    2012 (0x07DC)
Http test request succeeded.    SMS_MP_CONTROL_MANAGER    3/12/2025 1:35:01 PM    2012 (0x07DC)
STATMSG: ID=5460 SEV=I LEV=M SOURCE="SMS Server" COMP="SMS_MP_CONTROL_MANAGER" SYS=SCCM19.domain.com SITE=ABC PID=4732 TID=2012 GMTDATE=Wed Mar 12 17:35:01.549 2025 ISTR0="" ISTR1="" ISTR2="" ISTR3="" ISTR4="" ISTR5="" ISTR6="" ISTR7="" ISTR8="" ISTR9="" NUMATTRS=0 LE=0X0    SMS_MP_CONTROL_MANAGER    3/12/2025 1:35:01 PM    2012 (0x07DC)
Successfully performed Management Point availability check against local computer.    SMS_MP_CONTROL_MANAGER    3/12/2025 1:35:01 PM    2012 (0x07DC)
SSL is enabled.    SMS_MP_CONTROL_MANAGER    3/12/2025 1:35:01 PM    2012 (0x07DC)
Using thread token for request    SMS_MP_CONTROL_MANAGER    3/12/2025 1:35:01 PM    2012 (0x07DC)
Call to HttpSendRequestSync succeeded for port 443 with status code 200, text: OK    SMS_MP_CONTROL_MANAGER    3/12/2025 1:35:01 PM    2012 (0x07DC)
Http test request succeeded.    SMS_MP_CONTROL_MANAGER    3/12/2025 1:35:01 PM    2012 (0x07DC)
STATMSG: ID=5465 SEV=I LEV=M SOURCE="SMS Server" COMP="SMS_MP_CONTROL_MANAGER" SYS=SCCM19.domain.com SITE=ABC PID=4732 TID=2012 GMTDATE=Wed Mar 12 17:35:01.570 2025 ISTR0="" ISTR1="" ISTR2="" ISTR3="" ISTR4="" ISTR5="" ISTR6="" ISTR7="" ISTR8="" ISTR9="" NUMATTRS=0 LE=0X0    SMS_MP_CONTROL_MANAGER    3/12/2025 1:35:01 PM    2012 (0x07DC)
Successfully performed User Service availability check against local computer for /CMUserService_WindowsAuth/applicationviewservice.asmx.    SMS_MP_CONTROL_MANAGER    3/12/2025 1:35:01 PM    2012 (0x07DC)

Prajwal Desai · Thursday at 12:14 AM

Go the DP properties and switch over to the Communication tab. Post the screenshot of it and lets see what is configured here.

mhpk0 · Thursday at 12:25 AM

Prajwal Desai said:
Go the DP properties and switch over to the Communication tab. Post the screenshot of it and lets see what is configured here.

It is worth noting that under the PXE tab, I set "Enable Preferred Management Point(s) for PXE requests to our MP and now PXE booting works but it just sticks on "retrieving policy for this computer"

Prajwal Desai · Thursday at 12:32 AM

Have you set up PKI certificates for ConfigMgr?. From the screenshot, I see you have the DP communication set to HTTPS and using a self-signed certificate.

mhpk0 · Thursday at 12:40 AM

Prajwal Desai said:
Have you set up PKI certificates for ConfigMgr?. From the screenshot, I see you have the DP communication set to HTTPS and using a self-signed certificate.

I was trying to set up HTTPS on everything at one point but had issues so I started switching to EHTTP and the settings I have currently are where I stopped because everything was working.

Prajwal Desai · Thursday at 12:44 AM

From what I see in the DP properties, you have not switched back to EHTTP correctly. I recommend you switch back to EHTTP completely and the PXE boot will work. In addition to making the changes to the DP, also ensure the client connections on your MP is also set to use EHTTP.

mhpk0 · Thursday at 1:27 AM

Prajwal Desai said:
From what I see in the DP properties, you have not switched back to EHTTP correctly. I recommend you switch back to EHTTP completely and the PXE boot will work. In addition to making the changes to the DP, also ensure the client connections on your MP is also set to use EHTTP.

It seems you are correct. I switched everything back to EHTTP and a task sequence is running now. We will see if Applications install properly now as well. I am not sure how this was working for a year without issues. Thank you for the assistance!

SOLVED SCCM Certificate Issues EHTTP

mhpk0

Active Member

Attachments

Prajwal Desai

mhpk0

Active Member

Prajwal Desai

Forum Owner

mhpk0

Active Member

Prajwal Desai

Forum Owner

mhpk0

Active Member

Prajwal Desai

Forum Owner

mhpk0

Active Member

Similar threads

Forum statistics

Latest posts

Trending content