SCCM 2012 R2/Intune integration

Hi,

I am integrating Intune with SCCM 2012 R2 and am having issues with getting the service to connect.

I have added the subscription and installed the connector in SCCM and get the following errors in the dmpdownloader.log and dmpuploader.log...

dmpdownloader.log - ERROR: GetServiceAddresses - LSU cannot be reached: System.ServiceModel.Security.SecurityNegotiationException: Could not establish secure channel for SSL/TLS with authority 'manage.microsoft.com'. ---> System.Net.WebException: The request was aborted: Could not create SSL/TLS secure channel.~~   at System.Net.HttpWebRequest.GetResponse()~~   at System.ServiceModel.Channels.HttpChannelFactory`1.HttpRequestChannel.HttpChannelRequest.WaitForReply(TimeSpan timeout)~~   --- End of inner exception stack trace ---~~~~Server stack trace: ~~   at System.ServiceModel.Channels.HttpChannelUtilities.ProcessGetResponseWebException(WebException webException, HttpWebRequest request, HttpAbortReason abortReason)~~   at System.ServiceModel.Channels.HttpChannelFactory`1.HttpRequestChannel.HttpChannelRequest.WaitForReply(TimeSpan timeout)~~   at System.ServiceModel.Channels.RequestChannel.Request(Message message, TimeSpan timeout)~~   at System.ServiceModel.Channels.ServiceChannel.Call(String action, Boolean oneway, ProxyOperationRuntime operation, Object[] ins, Object[] outs, TimeSpan timeout)~~   at System.ServiceModel.Channels.ServiceChannelProxy.InvokeService(IMethodCallMessage methodCall, ProxyOperationRuntime operation)~~   at System.ServiceModel.Channels.ServiceChannelProxy.Invoke(IMessage message)~~~~Exception rethrown at [0]: ~~   at System.Runtime.Remoting.Proxies.RealProxy.HandleReturnMessage(IMessage reqMsg, IMessage retMsg)~~   at System.Runtime.Remoting.Proxies.RealProxy.PrivateInvoke(MessageData& msgData, Int32 type)~~   at Microsoft.ConfigurationManager.DmpConnector.Connector.ILocationService.GetServices(Message request)~~   at Microsoft.ConfigurationManager.DmpConnector.Connector.LocationServicesClient.GetServiceAddresses(X509Certificate2 certificate).

Failed to call SaveAccountInfo. error = Unknown error 0x8013150C

dmpuploader.log - ERROR: GetServiceAddresses - LSU cannot be reached: System.ServiceModel.Security.SecurityNegotiationException: Could not establish secure channel for SSL/TLS with authority 'manage.microsoft.com'. ---> System.Net.WebException: The request was aborted: Could not create SSL/TLS secure channel.~~   at System.Net.HttpWebRequest.GetResponse()~~   at System.ServiceModel.Channels.HttpChannelFactory`1.HttpRequestChannel.HttpChannelRequest.WaitForReply(TimeSpan timeout)~~   --- End of inner exception stack trace ---~~~~Server stack trace: ~~   at System.ServiceModel.Channels.HttpChannelUtilities.ProcessGetResponseWebException(WebException webException, HttpWebRequest request, HttpAbortReason abortReason)~~   at System.ServiceModel.Channels.HttpChannelFactory`1.HttpRequestChannel.HttpChannelRequest.WaitForReply(TimeSpan timeout)~~   at System.ServiceModel.Channels.RequestChannel.Request(Message message, TimeSpan timeout)~~   at System.ServiceModel.Channels.ServiceChannel.Call(String action, Boolean oneway, ProxyOperationRuntime operation, Object[] ins, Object[] outs, TimeSpan timeout)~~   at System.ServiceModel.Channels.ServiceChannelProxy.InvokeService(IMethodCallMessage methodCall, ProxyOperationRuntime operation)~~   at System.ServiceModel.Channels.ServiceChannelProxy.Invoke(IMessage message)~~~~Exception rethrown at [0]: ~~   at System.Runtime.Remoting.Proxies.RealProxy.HandleReturnMessage(IMessage reqMsg, IMessage retMsg)~~   at System.Runtime.Remoting.Proxies.RealProxy.PrivateInvoke(MessageData& msgData, Int32 type)~~   at Microsoft.ConfigurationManager.DmpConnector.Connector.ILocationService.GetServices(Message request)~~   at Microsoft.ConfigurationManager.DmpConnector.Connector.LocationServicesClient.GetServiceAddresses(X509Certificate2 certificate).

ERROR: StartUpload exception: [GetServiceAddresses - LSU cannot be reached: System.ServiceModel.Security.SecurityNegotiationException: Could not establish secure channel for SSL/TLS with authority 'manage.microsoft.com'. ---> System.Net.WebException: The request was aborted: Could not create SSL/TLS secure channel.~~   at System.Net.HttpWebRequest.GetResponse()~~   at System.ServiceModel.Channels.HttpChannelFactory`1.HttpRequestChannel.HttpChannelRequest.WaitForReply(TimeSpan timeout)~~   --- End of inner exception stack trace ---~~~~Server stack trace: ~~   at System.ServiceModel.Channels.HttpChannelUtilities.ProcessGetResponseWebException(WebException webException, HttpWebRequest request, HttpAbortReason abortReason)~~   at System.ServiceModel.Channels.HttpChannelFactory`1.HttpRequestChannel.HttpChannelRequest.WaitForReply(TimeSpan timeout)~~   at System.ServiceModel.Channels.RequestChannel.Request(Message message, TimeSpan timeout)~~   at System.ServiceModel.Channels.ServiceChannel.Call(String action, Boolean oneway, ProxyOperationRuntime operation, Object[] ins, Object[] outs, TimeSpan timeout)~~   at System.ServiceModel.Channels.ServiceChannelProxy.InvokeService(IMethodCallMessage methodCall, ProxyOperationRuntime operation)~~   at System.ServiceModel.Channels.ServiceChannelProxy.Invoke(IMessage message)~~~~Exception rethrown at [0]: ~~   at System.Runtime.Remoting.Proxies.RealProxy.HandleReturnMessage(IMessage reqMsg, IMessage retMsg)~~   at System.Runtime.Remoting.Proxies.RealProxy.PrivateInvoke(MessageData& msgData, Int32 type)~~   at Microsoft.ConfigurationManager.DmpConnector.Connector.ILocationService.GetServices(Message request)~~   at Microsoft.ConfigurationManager.DmpConnector.Connector.LocationServicesClient.GetServiceAddresses(X509Certificate2 certificate).]

I have tried removing the subscription and connector and readding/installing. Ensured the server is completely up to date. Confirmed that no traffic is being blocked by the firewall. Performed a site reset on the SCCM install.

The setup is an SCCM 2012 R2 CU3 CAS on Server 2008 R2 behind an F5 firewall.

May 19th, 2015 4:33am
Are you connecting to the Asia region? If so: http://status.manage.microsoft.com/StatusPage/ServiceDashboard. There#s maintenance going on right now. 
Free Windows Admin Tool Kit Click here and download it now
May 19th, 2015 5:10am

Hi Torsten,

No, this is a UK based company we are doing this on behalf of. We first attempted the integration on Thursday and have been unable to get any further with it.

May 19th, 2015 5:22am

As visivle in the log file, can you do a Name Resolution and ping for 'manage.microsoft.com' ?

Which address are you trying to connect?

Free Windows Admin Tool Kit Click here and download it now
May 21st, 2015 9:52am

Hi Isnips,

Did you get this resolved as I'm seeing a similar error on a new 2012 R2 updated to SP1 installation, also from the UK.

Cheers,

June 12th, 2015 8:59am

Hey Isnips,

Have the customer (re)check the firewall logs.
Just seen a similar issue for two different customers where they saw traffic getting blocked to different IP's even though there were exceptions in place for manage.microsoft.com addresses.

137.135.x.x

134.170.x.x

What's more these were bypassing the proxy settings on one of the customers and trying to go direct.

Regards,
Steve

Free Windows Admin Tool Kit Click here and download it now
June 17th, 2015 7:03pm

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics