Hi All,
I`m currently experiencing a strange issue where I can see internet based clients on my SCCM primary console connected and reporting Policy Requests, Hardware Scans etc. which has DMZ site server as a assigned management point.
I can deploy applications to these devices and I have previously been able to deploy Windows updates from the DMZ Site system which has MP, DP and SUP roles installed. Reviewing the logs on the DMZ site system everything appears to be fine.
The problem is I have multiple 401 entries in my IIS logs on port 443 from all the clients attempting to authenticate to the server, I have a PKI infrastructure and all these devices have enrolled successfully, the DMZ site system has the correct certificate enrolled and assigned in IIS (mpcontrol confirms this).
Due to the above my clients are now struggling to find a MP and is assigning the SCCM primary (internal) server for WSUS according to the following logs and errors;
LocationServices:
DMZ Site System FQDN - ERROR_WINHTTP_SECURE_FAILURE
ClientLocation:
Current internet management point is the only internet management point.
IIS Logs:
"Client", -, 10/14/2016, 11:25:40, W3SVC1, "SCCM Site server hostname", "SCCM Site Server IP" 484, 129, 282, 401, 5, HEAD, /ccm_system_AltAuth/request, -,
Any assistance would be greatly appreciated.
Thanks,
Scott.