403.7 error when testing mpcert / mplist
Hey,Running ConfigMgr SP1 + R2 in Native Mode on Windows Server 2008 SP2 x64. Trying to test the MP via https://server.example/sms_mp/.sms_aut?mplistand https://server.example/sms_mp/.sms_aut?mpcert but I get: HTTP Error 403.7 - Forbidden The page you are attempting to access requires your browser to have a Secure Sockets Layer (SSL) client certificate that the Web server recognizes. I've captured a screenshot of the error withmore detailed logginghere: http://img21.imageshack.us/img21/8876/4037f.jpg.I already have a Client Authentication computer certificate auto-enrolled via Group Policy on the client computer and the site server (i.e., MP).I can clearly see the client certificates in the Certificates (Local Computer) MMC snap-in on each computer. I am accessing the URLs over HTTPS. The client certificates are currently valid and have not expired.They wereissued by an internal trusted root CA whose root certificate is already installedin the Trusted Root Certification Authorities > Certificates store automatically by Active Directory Domain Services.The web server (i.e., the MP) itself has the ConfigMgr site installed into the Default Web Site. After installation, in Edit Bindings, HTTPS was missing so I added it with the default port 443 and selected the Server Authentication certificate which I enrolled by following the guide here: http://technet.microsoft.com/en-us/library/bb680312.aspx.My clients are appearing in the console OK. They can retrieve and process policies. They can execute advertisements. OSD is even working. Just not sure what's going on with this MP. Here's what appears in mpcontrol.log every 5 minutes: http://img692.imageshack.us/img692/3158/mpcontrol.jpg. On the MP, I have 3 certificates in installed: Code Signing, Web Server, Client.Any ideas? Thanks.
October 29th, 2009 11:42am