I have 1 MP in the DMZ which is one of three MP's in the site. This MP is configured to use HTTPS for internet clients only. Internet clients connect properly. However on the site monitoring tab in the console i keep getting this message stating that the MP is not responding to HTTP requests. When i check the MPLIST url on port 80 i get an 404 page not found. 

In IIS log on the MP i can see the following:

It is the site server that tries to connect using HTTP however the IIS website is not returning any value. Probably i missed a configuration somewhere. Anyone?

Well it does actually, i have configured a GPO for alle SCCM agents (including servers) which contains a certificate based on this manual: https://technet.microsoft.com/en-us/library/gg682023.aspx#BKMK_client2008_cm2012

This MP is configured to use HTTPS for internet clients only. [...] When i check the MPLIST url on port 80 i get an 404 page not found. 

This MP is configured to use HTTPS for internet clients only. [...] When i check the MPLIST url on port 80 i get an 404 page not found. 

Well https should be using 44

What should be the SSL Settings on the Default Web Site in which the SMS_MP service resides? 

Right now it is configured:

• Required SSL not checked
• Client certificates: Accept

I find it more logical when this would be:

• Required SSL checked
• Client certificates: Require

I have configured the MP to use HTTPS, shouldn't this configure the SSL settings to require SSL? And what about the Client certificates?

Thanks

Well it does actually, i have configured a GPO for alle SCCM agents (including servers) which contains a certificate based on this manual: https://technet.microsoft.com/en-us/library/gg682023.aspx#BKMK_client2008_cm2012

 

Yes, i can confirm that each SCCM client (servers as well) are provided with a proper client cert. The site server included (which is the one that is trying to connect using port 80). 

The only error that i have is that the management point is not resonding to HTTP requests:

"MP Control Manager detected management point is not responding to HTTP requests. The HTTP status code and text is , ."

The server in the DMZ is a domain joined server, so normal GPO processing occurs. 

• Edited by Dutch guy 17 hours 55 minutes ago

Sorry, just to clear here, the MP Control Manager does not run on the site server, at least not the one in this case. The error message above is a self check performed by the local MP Control Manager on the MP it is on. Thus, this check is originating on the MP and not the primary site server and so its the system in the DMZ that requires the client auth cert.

Have you reviewed the certificatemaintenance.log on the MP? Also, have you manually verified that the cert is actually there on t

in IIS i found that the source IP address was coming from the site server: 

So that's why i suggested the site server. 

The CertificateMaintenance.log repeatedly is logging the following every hour:

i can also see the following log message in the most recent log:

HTTPS is enforced for Site Role. The current state is 31. 

That most likely indicates that it can't find an appropriate certificate (on an HTTPS MP that I have available, there's an additional line in that file: "Raising event: instance of..."

Which takes us to manually verifying that the cert is there.

Yes, i can confirm that each SCCM client (servers as well) are provided with a proper client cert. The site server included (which is the one that is trying to connect using port 80). 

The only error that i have is that the management point is not resonding to HTTP requests:

"MP Control Manager detected management point is not responding to HTTP requests. The HTTP status code and text is , ."

The server in the DMZ is a domain joined server, so normal GPO processing occurs. 

• Edited by Dutch guy Thursday, August 06, 2015 1:56 PM

i now have the following errors:

When i try to open the test request url i get:

HTTP Error 403.4 - Forbidden // The page you are trying to access is secured with Secure Sockets Layer (SSL). 

How should the SSL Settings be configured for the MP virtual Directories? Which should be configured as followed?:

If you are using HTTPS on that site server, yes. That configuration is done by ConfigMgr itself and should not be touched. Also, are you testing the URL simply through your web browser? If so, make sure that your web browser has the right certificate configured. If you use the web browser as a user, it won't use the configured certificates of the

Yes, I know this is an old post, but Im trying to clean them up. Did you solve this problem, if so what was the solution?

Since no one has answer this post, I recommend opening  a support case with Microsoft Customer Support Services (CSS) as they can work with you to solve this problem.