Changing MP from HTTP to HTTPS

Certificates made and enrolled through CA.

Client & Web Cert inserted into Computer Account -> Personal store.

mpcontrol.log gives:

Performing machine FQDN to SAN2 search.

Certificate doesn't have SAN2 extension.

Certificate doesn't have SAN2 extension.

Certificate doesn't have SAN2 extension.

Using custom selection criteria based on the machine NetBIOS name.

Machine name is 'CUSTOMERSERVERFQDN'.

Begin validation of Certificate [Thumbprint f9880ead742e701ce7498d2ebf0b2f367f146cfa] issued to 'WMSvc-SERVERFQDN'

Completed validation of Certificate [Thumbprint f9880ead742e701ce7498d2ebf0b2f367f146cfa] issued to 'WMSvc-SERVERFQDN'

Skipping this certificate which is not valid for ConfigMgr usage.

Begin validation of Certificate [Thumbprint cf56802b1184d4f36b135de0cd59c933ce15383f] issued to 'SERVERFQDN'

Failed in  CryptAcquireCertificatePrivateKey(...): 0x80090014

Certificate [Thumbprint cf56802b1184d4f36b135de0cd59c933ce15383f] issued to 'SERVERFQDN' doesn't have private key or associated private key cannot be accessed.

Completed validation of Certificate [Thumbprint cf56802b1184d4f36b135de0cd59c933ce15383f] issued to 'SERVERFQDN'

Skipping this certificate which is not valid for ConfigMgr usage.

Begin validation of Certificate [Thumbprint 665b269be1feaa13dce1d9053564d7be2f5cda80] issued to 'SERVERFQDN'

Failed in  CryptAcquireCertificatePrivateKey(...): 0x80090014

Certificate [Thumbprint 665b269be1feaa13dce1d9053564d7be2f5cda80] issued to 'SERVERFQDN' doesn't have private key or associated private key cannot be accessed.

Completed validation of Certificate [Thumbprint 665b269be1feaa13dce1d9053564d7be2f5cda80] issued to 'SERVERFQDN'

Skipping this certificate which is not valid for ConfigMgr usage.

There are no certificate(s) that meet the criteria.

Failed to retrieve client certificate. Error -2147467259

Call to HttpSendRequestSync failed for port 443 with -2147467259 error code.

Sent summary record of SMS Management Point on ["Display=\\SERVERFQDN\"]MSWNET:["SMS_SITE=PS1"]\\SERVERFQDN\ to E:\SMS\MP\OUTBOXES\sitestat.box\ayo0j81f.SUM, Availability 1, 1171740668 KB total disk space , 1085950416 KB free disk space, installation state 0.

Http test request failed, error code is -2147467259.

The Web Server cert does have a private key - i'm able to export the cert with the private key.

Im a bit pussled by the apparently missing SAN2 extension, never seen that before.

Any tips or explanations are greatly appreciated. 

April 27th, 2015 6:59am
Is there a cert with client auth capabilities available for the MP?
Free Windows Admin Tool Kit Click here and download it now
April 27th, 2015 9:20am

Jason,

How can you tell if you have such a cert?

May 26th, 2015 4:09pm
Open the MMC certificates snap-in for the local computer and check the personal store. You can also use certutil or PowerShell.
Free Windows Admin Tool Kit Click here and download it now
May 26th, 2015 4:28pm

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics