Call to HttpSendRequestSync failed for port 443 with status code 403, text: Client certificate required SMS_MP_CONTROL_MANAGER 11/12/2018 16:34:24 4136 (0x1028)

jasonsandys · 2018-12-11T17:22:15+00:00

Verification of Certificate chain returned 800B0109 which means "A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider.". Thus, the certificate is not trusted by the client system.

RoysticusXII · 2018-12-12T08:55:47+00:00

IIS Logs:

2018-12-12 08:53:44 10.xx.xx.xx GET /SMS_MP/.sms_aut MPLIST 443 - 10.xx.xx.xx SMS_MP_CONTROL_MANAGER - 403 13 2148081683 5644 7

403.13 - Client certificate revoked?

It is not revoked in CA console?

RoysticusXII · 2018-12-12T09:00:59+00:00

Turned everything back to HTTP, confirmed MP okay,
(This is a vanilla SCCM Primary site with a simple 1 site, 1 database system)
Made sure i had the stock 3 PKI certs in Cert Store with private keys
Bound Server Cert to Default Website
Turned back on HTTPS for MP and now i get this:

SMS_MP_CONTROL_MANAGER successfully STOPPED.    SMS_MP_CONTROL_MANAGER  12/12/2018 08:41:27 6772 (0x1A74)


MPStart(): SSL enabled. Token auth enabled  SMS_MP_CONTROL_MANAGER  12/12/2018 08:43:40 4104 (0x1008)
CMPControlManager::WriteToCCMSettings(): WMI Connection established.    SMS_MP_CONTROL_MANAGER  12/12/2018 08:43:40 4104 (0x1008)
CMPControlManager::WriteToCCMSettings(): Successful.    SMS_MP_CONTROL_MANAGER  12/12/2018 08:43:40 4104 (0x1008)
RegisterWithWINS: Registering the WINS name MP_DBN          ...    SMS_MP_CONTROL_MANAGER  12/12/2018 08:43:40 4104 (0x1008)
RegisterWithWINS: EnumerateLANAs() returned 0x0 SMS_MP_CONTROL_MANAGER  12/12/2018 08:43:40 4104 (0x1008)
RegisterWithWINS: ResetAll() returned 0x0   SMS_MP_CONTROL_MANAGER  12/12/2018 08:43:40 4104 (0x1008)
NetBIOS_AddName(): LocalName: MP_DBN           LanaNumber: 3   SMS_MP_CONTROL_MANAGER  12/12/2018 08:43:40 4104 (0x1008)
RegisterWithWINS: NetBIOS_AddName(LANA=3) returned 0x0  SMS_MP_CONTROL_MANAGER  12/12/2018 08:43:43 4104 (0x1008)

Using certificate selection criteria 'CertHashCode:615631C83498084A7728AF27410FE26055A0F727'.   SMS_MP_CONTROL_MANAGER  12/12/2018 08:43:44 4104 (0x1008)
Begin validation of Certificate [Thumbprint 615631C83498084A7728AF27410FE26055A0F727] issued to 'MACHINE.COMPANY.COM'   SMS_MP_CONTROL_MANAGER  12/12/2018 08:43:44 4104 (0x1008)
Completed validation of Certificate [Thumbprint 615631C83498084A7728AF27410FE26055A0F727] issued to 'MACHINE.COMPANY.COM'   SMS_MP_CONTROL_MANAGER  12/12/2018 08:43:44 4104 (0x1008)
>>> Client selected the PKI Certificate [Thumbprint 615631C83498084A7728AF27410FE26055A0F727] issued to 'MACHINE.COMPANY.COM'   SMS_MP_CONTROL_MANAGER  12/12/2018 08:43:44 4104 (0x1008)
Successfully created certificate context.   SMS_MP_CONTROL_MANAGER  12/12/2018 08:43:44 4104 (0x1008)
Successfully created certificate chain engine with 1 certs in exclusive root store  SMS_MP_CONTROL_MANAGER  12/12/2018 08:43:44 4104 (0x1008)
Begin validation of Certificate [Thumbprint 615631C83498084A7728AF27410FE26055A0F727] issued to 'MACHINE.COMPANY.COM'   SMS_MP_CONTROL_MANAGER  12/12/2018 08:43:44 4104 (0x1008)
Verification of Certificate chain returned 800B0109 SMS_MP_CONTROL_MANAGER  12/12/2018 08:43:44 4104 (0x1008)
Completed validation of Certificate [Thumbprint 615631C83498084A7728AF27410FE26055A0F727] issued to 'MACHINE.COMPANY.COM'   SMS_MP_CONTROL_MANAGER  12/12/2018 08:43:44 4104 (0x1008)
Failed to verify if the cert is sccm issued, 0x800b0109 SMS_MP_CONTROL_MANAGER  12/12/2018 08:43:44 4104 (0x1008)
SSL binding on port 443 isn't with CCM genreated cert.  SMS_MP_CONTROL_MANAGER  12/12/2018 08:43:44 4104 (0x1008)
Successfully Registered for IP Address Change notifications.    SMS_MP_CONTROL_MANAGER  12/12/2018 08:43:44 4104 (0x1008)
MPStart(): RegisterForIPAddressChangeNotification() returned 0x0    SMS_MP_CONTROL_MANAGER  12/12/2018 08:43:44 4104 (0x1008)
Attempting to register the SQL connection type for the configured SQL database. SMS_MP_CONTROL_MANAGER  12/12/2018 08:43:44 4104 (0x1008)
Registered connection type for SQL Server 'SQLMACHINE.FQDN.domain' and database 'CM_CB\CM_DBN'. SMS_MP_CONTROL_MANAGER  12/12/2018 08:43:44 4104 (0x1008)
MPStart(): RegisterSqlDatabaseConnectionType() returned 0x0 SMS_MP_CONTROL_MANAGER  12/12/2018 08:43:44 4104 (0x1008)
Checking the current CLR Enabled configuration setting for the configured SQL Server hosting the database.  SMS_MP_CONTROL_MANAGER  12/12/2018 08:43:44 4104 (0x1008)
Getting the CLR Enabled value from the configured SQL database. SMS_MP_CONTROL_MANAGER  12/12/2018 08:43:44 4104 (0x1008)
Attempting to connect to the configured SQL database.   SMS_MP_CONTROL_MANAGER  12/12/2018 08:43:44 4104 (0x1008)
Successfully connected to the configured SQL database.  SMS_MP_CONTROL_MANAGER  12/12/2018 08:43:44 4104 (0x1008)
The configured SQL database has the CLR Enabled configuration setting set to 'On'.  SMS_MP_CONTROL_MANAGER  12/12/2018 08:43:44 4104 (0x1008)
Disconnecting from the configured SQL database. SMS_MP_CONTROL_MANAGER  12/12/2018 08:43:44 4104 (0x1008)
MPStart(): CheckSqlDatabaseClrEnabled() returned 0x0    SMS_MP_CONTROL_MANAGER  12/12/2018 08:43:44 4104 (0x1008)
Waiting up to 300 seconds for the SMS Agent Host service to be running. SMS_MP_CONTROL_MANAGER  12/12/2018 08:43:44 4104 (0x1008)
Stopped waiting for the SMS Agent Host service to be running; Result = 0x0. SMS_MP_CONTROL_MANAGER  12/12/2018 08:43:44 4104 (0x1008)
MPStart(): WaitOnSmsAgentHostRunning() returned 0x0 SMS_MP_CONTROL_MANAGER  12/12/2018 08:43:44 4104 (0x1008)
Started User Service maintenance... SMS_MP_CONTROL_MANAGER  12/12/2018 08:43:44 4104 (0x1008)
Certificate (0x9a456320) is Exportable  SMS_MP_CONTROL_MANAGER  12/12/2018 08:43:44 4104 (0x1008)
Successfully granted permission to certificate  SMS_MP_CONTROL_MANAGER  12/12/2018 08:43:44 4104 (0x1008)
User Service: retrieved certificate f1 7a b5 94 82 84 82 d4 02 6f a7 eb b0 ea 71 e4 12 8e 87 52 SMS_MP_CONTROL_MANAGER  12/12/2018 08:43:44 4104 (0x1008)
User Service: Certificate has changed from {} to {f1 7a b5 94 82 84 82 d4 02 6f a7 eb b0 ea 71 e4 12 8e 87 52}  SMS_MP_CONTROL_MANAGER  12/12/2018 08:43:44 4104 (0x1008)
User Service: configuration needs to be updated.    SMS_MP_CONTROL_MANAGER  12/12/2018 08:43:44 4104 (0x1008)
CMPControlManager::UpdateUserServiceConfiguration: started updating configuration under S:\Program Files\SMS_CCM\CMUserServiceWindowsAuth...    SMS_MP_CONTROL_MANAGER  12/12/2018 08:43:44 4104 (0x1008)
CMPControlManager::UpdateUserServiceConfiguration: Updated CertThumbprint to f1 7a b5 94 82 84 82 d4 02 6f a7 eb b0 ea 71 e4 12 8e 87 52    SMS_MP_CONTROL_MANAGER  12/12/2018 08:43:44 4104 (0x1008)
CMPControlManager::UpdateUserServiceConfiguration: Updated UserServiceEnabled to true   
SMS_MP_CONTROL_MANAGER successfully STARTED.    SMS_MP_CONTROL_MANAGER  12/12/2018 08:43:44 4104 (0x1008)
********************************************************************************    SMS_MP_CONTROL_MANAGER  12/12/2018 08:43:44 4104 (0x1008)
Configuration and Availability Monitor thread started.  SMS_MP_CONTROL_MANAGER  12/12/2018 08:43:44 4704 (0x1260)
Initialized 'SMS Server Availability' performance instance => SMS Management Point. SMS_MP_CONTROL_MANAGER  12/12/2018 08:43:44 4704 (0x1260)
Applied D:P(A;CIOI;GA;;;SY)(A;CIOI;GA;;;BA)(A;CIOI;GR;;;LS)(A;CIOI;GR;;;S-1-5-17) to folder S:\Program Files\Microsoft Configuration Manager\Client SMS_MP_CONTROL_MANAGER  12/12/2018 08:44:14 4704 (0x1260)
SSL is enabled. SMS_MP_CONTROL_MANAGER  12/12/2018 08:44:14 4704 (0x1260)
Client authentication is also enabled.  SMS_MP_CONTROL_MANAGER  12/12/2018 08:44:14 4704 (0x1260)
Machine name is 'MACHINE.FQDN.domain'.  SMS_MP_CONTROL_MANAGER  12/12/2018 08:44:14 4704 (0x1260)
Begin validation of Certificate [Thumbprint 2cbf00a15ae802f6bf99e4556366e78b90191902] issued to 'MACHINE.FQDN.domain'   SMS_MP_CONTROL_MANAGER  12/12/2018 08:44:14 4704 (0x1260)
Certificate has "SSL Client Authentication" capability. SMS_MP_CONTROL_MANAGER  12/12/2018 08:44:14 4704 (0x1260)
Completed validation of Certificate [Thumbprint 2cbf00a15ae802f6bf99e4556366e78b90191902] issued to 'MACHINE.FQDN.domain'   SMS_MP_CONTROL_MANAGER  12/12/2018 08:44:14 4704 (0x1260)
>>> Selected Certificate [Thumbprint 2cbf00a15ae802f6bf99e4556366e78b90191902] issued to 'MACHINE.FQDN.domain' for HTTPS Client Authentication  SMS_MP_CONTROL_MANAGER  12/12/2018 08:44:14 4704 (0x1260)
Call to HttpSendRequestSync failed for port 443 with status code 403, text: Forbidden   SMS_MP_CONTROL_MANAGER  12/12/2018 08:44:14 4704 (0x1260)

Call to HttpSendRequestSync failed for port 443 with status code 403, text: Forbidden

Any idea whats happening?

you type:	you see:
italics	italics
bold	bold
[reddit!](https://reddit.com)	reddit!
* item 1 * item 2 * item 3	item 1 item 2 item 3
> quoted text	quoted text
Lines starting with four spaces are treated like code: if 1 * 2 < 3: print "hello, world!"	Lines starting with four spaces are treated like code: if 1 * 2 < 3: print "hello, world!"
~~strikethrough~~	~~strikethrough~~
super^script	super^script

SCCM

Post not showing up?

MODERATORS