ERROR

500 Internal Server Error

hatasi aliyorum. yardimci ola bilecek biri varmi?

SCCM 2403
SQLSRV2019

Tengo el mismo caso, mi wsus esta en un servidor principal, cual seria el proceso. Tenemos que exportar el certificado IIS con el dns del servidor principal?? o con del servidor WSUS

Without this machines will not be able PXE boot. Took a lot of digging to find out why that wasn’t working.

Excellent video though, incredibly helpful!

I’m a little confused with the DP cert.

We have 9 DP’s, 6 of which are PXE enabled.
For the OSDCert, do I need to export one individually from each DP and them import it to each DP in the console?
I’m a bit concerned how it might screw up OSD.

Many thanks,

One question, if your Site Server and SQL are on separate boxes what do you need to do cert-wise on the SQL box which is the Site Database Server and Reporting Services Point?

Thanks

It’s just compatibility with ConfigMgr client, not sure why this is the case, but it’s a MSFT issue with newer I assume.

No, I don’t think this would work because the private key is needed during import.

My security team dont want to create a template for a cert that is exportable.
For the pfx file needed to the distribution point, could they just supply me a non exportable cert in pfx format and the password to use instead?
Of does the cert have to be exportable for it to work for OSD?

Thanks

Clients can time some time to detect the MP port change. This would happen at the client location lookup.

Existing clients should detect the sites HTTPs change in the next location lookups

great article. One question, we would like to implement IBCM and/or CMG for clients system from external to connect to SCCM Server. as part of the process when we change the SCCM from http to https, do we need to redeploy the clients tools and/or what is the effect on the clients?

I’m initially setting this in our lab to make sure it goes smoothly when we install in production. And following your videos, I was able to deploy SCCM 1902 and upgraded to 1910 successfully. I was able to deploy agents with no issue.

And from what I gather I need to implement HTTPS/PKI in order to use MBAM. I followed your procedure which I think I setup correctly. However, my client computers stopped communicating with the SCCM server after I switch it to HTTPS.

Here’s the error I’m getting from the client’s CcmMessaging.log.

“Post to http://sccm-server.domain.com/ccm_system/request failed with 0x87d00231.”

mpcontrol.log seems to show that MP is working.

“Call to HttpSendRequestSync succeeded for port 443 with status code 200, text: OK”

TIA

Finally got it after editing the host file and adding and SNI

This only happens on the SCCM server itself, all other computers get the correct cert.

You need to configure the correct cert in IIS

Additional info, when I open a browser on the server and go to https://SCCM the browser tries to use the “ConfigMgr SQL Server Identification Certificate” instead of the one I created with your tutorial.

Here is the message from the multicast site service.

MCS Control Manager detected MCS is not responding to HTTP requests. The http status code and text is 12029

Switching PKI would be out of my wheelhouse.

Could you please also create a guide on how to switch to another PKI in the same domain? So how to replase all certificates on the server side and on the client side in case you have a new PKI.

Thanks

Import the PFX into the personal store using certlm.msc

pfx

pfx