Hi,
We have a current issue in our SCCM Infrastructure where the internet based clients are no longer talking with the DMZ/Internet facing management point.
We have 2 MP's one of those being the Primary SCCM Server for Internal clients and software updates/distribution. In the middle of March our internet based clients stopped talking to the DMZ/Internet facing MP. After reviewing the logs this led us to believe it was a certificate expiration, however on reviewing the certificates none of them had expired on the primary MP (Internal) or the Internet facing MP.
We have also confirmed with the network team that all traffic is flowing as normal. Traffic communication has been reviewed and watched and no traffic is being blocked.
Our setup currently uses EHTTP on the internal MP (Primary) and HTTPS is used on the Distribution Points and HTTPS for the internet facing MP. Internally everything is working as expected. The reason for using EHTTP on the Primary MP is due to a similar style of issue we had last year where HTTPS Only/PKI suddenly stopped working. Again nothing had expired certificate wise, but changing to EHTTP made everything start working again, still unclear as to why, but the same could be happening with the DMZ/Internet facing MP, but that needs to remain HTTPS for secure reason.
To double/triple check our findings and workings we have followed many of Prajwal's guides and recreate certificates where required, making sure these certs are an exact replica of the previous working certs.
I have added screenshots of the errors we are seeing.
Any help or advice appreciated.
Thanks
We have a current issue in our SCCM Infrastructure where the internet based clients are no longer talking with the DMZ/Internet facing management point.
We have 2 MP's one of those being the Primary SCCM Server for Internal clients and software updates/distribution. In the middle of March our internet based clients stopped talking to the DMZ/Internet facing MP. After reviewing the logs this led us to believe it was a certificate expiration, however on reviewing the certificates none of them had expired on the primary MP (Internal) or the Internet facing MP.
We have also confirmed with the network team that all traffic is flowing as normal. Traffic communication has been reviewed and watched and no traffic is being blocked.
Our setup currently uses EHTTP on the internal MP (Primary) and HTTPS is used on the Distribution Points and HTTPS for the internet facing MP. Internally everything is working as expected. The reason for using EHTTP on the Primary MP is due to a similar style of issue we had last year where HTTPS Only/PKI suddenly stopped working. Again nothing had expired certificate wise, but changing to EHTTP made everything start working again, still unclear as to why, but the same could be happening with the DMZ/Internet facing MP, but that needs to remain HTTPS for secure reason.
To double/triple check our findings and workings we have followed many of Prajwal's guides and recreate certificates where required, making sure these certs are an exact replica of the previous working certs.
I have added screenshots of the errors we are seeing.
Any help or advice appreciated.
Thanks
