Background:

1 Primary site, 2 MPs, both use the site db -

                  1 in the DMZ - which is a domain joined MP, supports HTTPS

                  1 supports HTTP

The application catalog web service point is HTTP and application catalog website point (HTTPS) are both  on the Management point

All servers are Windows Server 2012 R2, SCCM 2012 R2, SQL 2012

Within the last week, I've now been getting the following errors every hour:

Portal Web Site Control Manager detected PORTALWEB is not responding to HTTP requests.  The http error is 12030.

Possible cause: IIS service is not responding.
Solution: Manually restart the W3SVC service on the PORTALWEB.

For more information, refer to Microsoft Knowledge Base article 838891.
 Message ID is 8001

Restarting the service doesn't work, KB 838891 didn't work.

Snippet from portctl.log on the MP that is HTTP:

Starting certificate maintenance...  $$<SMS_PORTALWEB_CONTROL_MANAGER><02-11-2014 11:01:33.900+300><thread=4336 (0x10F0)>
Successfully completed certificate maintenance  $$<SMS_PORTALWEB_CONTROL_MANAGER><02-11-2014 11:01:33.900+300><thread=4336 (0x10F0)>
SSL is enabled.  $$<SMS_PORTALWEB_CONTROL_MANAGER><02-11-2014 11:01:33.900+300><thread=4336 (0x10F0)>
Using thread token for request  $$<SMS_PORTALWEB_CONTROL_MANAGER><02-11-2014 11:01:33.900+300><thread=4336 (0x10F0)>
Failed to send http request /CMApplicationCatalog//default.aspx. Error 12030  $$<SMS_PORTALWEB_CONTROL_MANAGER><02-11-2014 11:01:33.900+300><thread=4336 (0x10F0)>
Call to HttpSendRequestSync failed for port 443 with 12030 error code.  $$<SMS_PORTALWEB_CONTROL_MANAGER><02-11-2014 11:01:33.900+300><thread=4336 (0x10F0)>
PORTALWEBs http check returned hr=0, bFailed=1  $$<SMS_PORTALWEB_CONTROL_MANAGER><02-11-2014 11:01:33.900+300><thread=4336 (0x10F0)>
PORTALWEB's previous status was 1 (0 = Online, 1 = Failed, 4 = Undefined)  $$<SMS_PORTALWEB_CONTROL_MANAGER><02-11-2014 11:01:33.900+300><thread=4336 (0x10F0)>
Health check operation failed, error code is 12030  $$<SMS_PORTALWEB_CONTROL_MANAGER><02-11-2014 11:01:33.900+300><thread=4336 (0x10F0)>
STATMSG: ID=8001 SEV=E LEV=M SOURCE="SMS Server" COMP="SMS_PORTALWEB_CONTROL_MANAGER" SYS=MgmtPt.domain SITE=009 PID=1500 TID=4336 GMTDATE=Tue Feb 11 16:01:33.900 2014 ISTR0="12030" ISTR1="" ISTR2="" ISTR3="" ISTR4="" ISTR5="" ISTR6="" ISTR7="" ISTR8="" ISTR9="" NUMATTRS=0  $$<SMS_PORTALWEB_CONTROL_MANAGER><02-11-2014 11:01:33.900+300><thread=4336 (0x10F0)>
Completed the PORTALWEB availability check against local computer.  $$<SMS_PORTALWEB_CONTROL_MANAGER><02-11-2014 11:01:33.931+300><thread=4336 (0x10F0)>
Waiting for changes for 60 minutes  $$<SMS_PORTALWEB_CONTROL_MANAGER><02-11-2014 11:01:33.931+300><thread=4336 (0x10F0)>

From the ServicePortalWebSite log on the Managment Point, I see this message:

PID:2944][02/11/2014 14:58:26] :System.ServiceModel.Security.SecurityNegotiationException: SOAP security negotiation with 'http://MgmtPt.domain/CMApplicationCatalogSvc/ApplicationOfferService.svc' for target 'http://MgmtPt.domain/CMApplicationCatalogSvc/ApplicationOfferService.svc' failed. See inner exception for more details.

What/where is "inner exception"?

Also, in addition to getting this fixed, I'm wondering if I should move the app catalog roles to the server in the DMZ since the app catalog will be supporting both MACS and Windows clients?

Since I have 2 management points, I didn't think that they both had to be HTTPS?  But do they based on "Call to HttpSendRequestSync failed for port 443"....?

And, of course, I am getting the "cannot connect to application server" when trying to open the application catalog.  I see the tabs, etc, but no apps.

• Edited by mandp Tuesday, February 11, 2014 8:24 PM

Hi,

Have you already tried running %windir%\Microsoft.NET\Framework64\v4.0.30319\aspnet_regiis.exe i enable

in IIS, is HTTP activation installed or not?

Yes, HTTP activation is installed.

Yes, I already tried running %windir%\Microsoft.NET\Framework64\v4.0.30319\aspnet_regiis.exe i enable

Also tried http://social.technet.microsoft.com/Forums/en-US/65f647f3-ae38-427e-94ae-65ec470e308a/application-catalog-cannot-connect-to-the-application-server?forum=configmanagerdeployment

Still  having the issue...

Just a thought > Are the bindings in IIS configured for that port?

Having a domain server in the DMZ requires A LOT of ports to be open, both ways - especially if you have the Application Catalog front and back end components in the DMZ.  The member server in the DMZ will also need to be able to locate and authenticate against a domain controller - so check the secure channel is active.

yes, the bindings are  configured in IIS.

I can  however now, access the application catalog, but I'm still getting the error:

Portal Web Site Control Manager detected PORTALWEB is not responding to HTTP requests.  The http error is 12030.

So, here's the latest update on this issue....

I'm able to access the application catalog using https (which is the way we want it).

However, I'm still getting the 8001 message ID every hour (as mentioned in my original post.)

On the application catalog web service point it is configured for http and I cannot change it (grayed out) unless I reinstall the role.

The application catalog website point is configured for https

I was told that the process checks both http and https every hour and that there is no way to change this and that I would always have this error (and therefore the SMS_PORTALWEB_CONTROL_MANAGER would always be in a warning or critical state).

Are the web service point and website point supposed to be configured the same (both https or both http)?

Since we are supporting MAC clients with this, I need to use https....

I am finding it tough to just accept "that's just the way it is"...

Has anyone else seen/had this same issue????

Yes, I know this is an old post, but Im trying to clean them up. Did you solve this problem, if so what was the solution?

Since no one has answer this post, I recommend opening  a support case with CSS as they can work with you to solve this problem.