PENDING SCCM PKI/HTTPS HTTP Error 500.0

[ListerEngineer]

I've just updated our server to 2025 and SCCM 2409. Up until now I've been using Self-signed but now have to move to PKI/HTTPS. I've uploaded my Root certificate, and I've followed this guide twice with someone else's video that is pretty much the same. Twice.

https://www.prajwaldesai.com/pki-certificates-for-sccm/

I still cannot get my clients to talk to the server? I'm pretty sure something somewhere is either blocking the HTTPS or is missing. Happy to share log information, please let me know which are best to share.

Many thanks.

 

[Prajwal Desai]

If you have followed the guides, there is no way you should encounter the issues. But since you're encountering issues, my suggestion is to start my analyzing the management point logs. Check if the clients are communicating with MP. And the MP is responding to the client requests.

 

[ListerEngineer]

Clients are not talking to the server. Even the servers client isn't talking. I open configuration manager and they all say Self-Signed still.
I cannot re-install the client either, just gives up.

 

[Prajwal Desai]

So some configuration has been either missing or not done correctly. Logs can tell you that but you will have to show us what have you configured under the MP properties, DP properties and IIS bindings.

 

[ListerEngineer]

Does this help?

 

[Prajwal Desai]

Looks good to me. Upload the management point logs. If you don't want to upload it here, you can send it to me by going to the contact form.

List of SCCM Management Point Logs - Prajwal.org

This post lists all the SCCM management point logs. When working on management point issues, you should be aware of the log files. These log files help you

www.prajwal.org

 

[ListerEngineer]

I trust you got the logs, I realise it may take time for them to be reviewed. To add on, as I'm convinced it's something to do with HTTP/HTTPS and the certificate. When I run this test link:
https://<server>/sms_mp/.sms_aut?mplist
I get:
HTTP Error 500.0 - Internal Server Error
The page cannot be displayed because an internal server error has occurred.

In the example video for testing this link it indicates I should get a 403 if there is no certificate, but should work if there is?

 

[Garth]

I trust you got the logs, I realise it may take time for them to be reviewed. To add on, as I'm convinced it's something to do with HTTP/HTTPS and the certificate. When I run this test link:
https://<server>/sms_mp/.sms_aut?mplist
I get:
HTTP Error 500.0 - Internal Server Error
The page cannot be displayed because an internal server error has occurred.

In the example video for testing this link it indicates I should get a 403 if there is no certificate, but should work if there is?

Getting a 500 error says that there is a problem with your MP. You need to look at it and fix it first.

 

[ListerEngineer]

Getting a 500 error says that there is a problem with your MP. You need to look at it and fix it first.

Well attempting to remove the Management Point role and putting it back on broke my SCCM. I restored the server and now things are gradually updating and switching to PKI today. https://<server>/sms_mp/.sms_aut?mplist is still giving me a 500 error though. I am most confused as I have not repaired anything.