Hi guys,

I am having trouble getting workgroup machines to communicate with the MP of my primary site which uses HTTPS only.

The workgroup machine is using our domain DNS and has a static entry. It is also within a boundary of SCCM.
I use the following switches to install the client SMSMP=FQDN DNSSUFFIX=company.com SMSSITECODE=FQDN FSP=FQDN

I have also generated a client cert from our internal CA for this machine, root cert was already installed.

The LocationServices log has this entry:
Skipping DNS record of sccm.company.com port 443 as it is not compatible with Client
Failed to retrieve compatible DNS service record using _mssms_mp_vic._tcp.company.com lookup

Is there something I have missed? I'd prefer not to have to enable HTTP if possible.

Can someone assist with this issue?

Regards,
Locust12

It sounds like a problem with your certificates, as it's not accepting a HTTPS management point. Please have a look at your client log files, for example ClientIDManagerStartup.log for more information.

Have you published your site information to DNS? If not, using the DNSSUFFIX property is useless and is causing this message.

This message shouldn't be fatal though and given that its taken out of content, is not helpful beyond this single statement. Please post the entire, unedited and relevant portion of the locationsservices.log.

The ClientIDManagerStartup.log does not have much information, and the only warning is this:
RegTask: Failed to refresh site code. Error: 0x8000ffff

Regards,
Locust12

Yes, this site is published to AD.

Here is the LocationServices.log:

<![LOG[Sending Fallback Status Point message, STATEID='500'.]LOG]!><time="15:20:32.540-660" date="03-02-2015" component="LocationServices" context="" type="1" thread="5656" file="fspclientdeployassign.cpp:48">
<![LOG[Processing pending site assignment.]LOG]!><time="15:20:32.665-660" date="03-02-2015" component="LocationServices" context="" type="1" thread="5656" file="lsad.cpp:3509">
<![LOG[Assigning to site 'VIC']LOG]!><time="15:20:32.665-660" date="03-02-2015" component="LocationServices" context="" type="1" thread="5656" file="lsad.cpp:3515">
<![LOG[LSIsSiteCompatible : Verifying Site Compatibility for <VIC>]LOG]!><time="15:20:32.665-660" date="03-02-2015" component="LocationServices" context="" type="1" thread="5656" file="lsad.cpp:5419">
<![LOG[Workgroup client is in Unknown location]LOG]!><time="15:20:32.680-660" date="03-02-2015" component="LocationServices" context="" type="1" thread="5656" file="lsad.cpp:1078">
<![LOG[No INF MP available]LOG]!><time="15:20:32.680-660" date="03-02-2015" component="LocationServices" context="" type="1" thread="5656" file="lsad.cpp:2325">
<![LOG[Retrieved MP [sccm.company.COM] from Registry]LOG]!><time="15:20:32.680-660" date="03-02-2015" component="LocationServices" context="" type="1" thread="5656" file="lsad.cpp:2344">
<![LOG[Attempting to retrieve lookup MP(s) from DNS]LOG]!><time="15:20:32.696-660" date="03-02-2015" component="LocationServices" context="" type="1" thread="5656" file="lsad.cpp:2396">
<![LOG[Using default DNS suffix company.com]LOG]!><time="15:20:32.696-660" date="03-02-2015" component="LocationServices" context="" type="1" thread="5656" file="lsad.cpp:3244">
<![LOG[Attempting to retrieve default management points from DNS]LOG]!><time="15:20:32.696-660" date="03-02-2015" component="LocationServices" context="" type="1" thread="5656" file="lsad.cpp:3253">
<![LOG[Found DNS record of sccm.company.com port 443]LOG]!><time="15:20:32.696-660" date="03-02-2015" component="LocationServices" context="" type="1" thread="5656" file="lsad.cpp:3299">
<![LOG[Skipping DNS record of sccm.company.com port 443 as it is not compatible with Client]LOG]!><time="15:20:32.696-660" date="03-02-2015" component="LocationServices" context="" type="1" thread="5656" file="lsad.cpp:3325">
<![LOG[Failed to retrieve compatible DNS service record using _mssms_mp_vic._tcp.company.com lookup]LOG]!><time="15:20:32.696-660" date="03-02-2015" component="LocationServices" context="" type="2" thread="5656" file="lsad.cpp:3336">
<![LOG[No lookup MP(s) from DNS]LOG]!><time="15:20:32.696-660" date="03-02-2015" component="LocationServices" context="" type="1" thread="5656" file="lsad.cpp:2425">
<![LOG[Policy prevents failover to WINS for lookup]LOG]!><time="15:20:32.711-660" date="03-02-2015" component="LocationServices" context="" type="1" thread="5656" file="lsad.cpp:2449">
<![LOG[Raising event:

instance of CCM_CcmHttp_Status
{
    DateTime = "20150302042034.461000+000";
    HostName = "sccm.company.COM";
    HRESULT = "0x00000000";
    ProcessID = 6984;
    StatusCode = 0;
    ThreadID = 5656;
};
]LOG]!><time="15:20:34.461-660" date="03-02-2015" component="LocationServices" context="" type="1" thread="5656" file="event.cpp:715">
<![LOG[Workgroup client is in Intranet]LOG]!><time="15:20:34.477-660" date="03-02-2015" component="LocationServices" context="" type="1" thread="5656" file="lsad.cpp:1070">
<![LOG[Retrieved MP [sccm.company.COM] from Registry]LOG]!><time="15:20:34.477-660" date="03-02-2015" component="LocationServices" context="" type="1" thread="5656" file="lsad.cpp:2344">
<![LOG[Attempting to retrieve lookup MP(s) from DNS]LOG]!><time="15:20:34.477-660" date="03-02-2015" component="LocationServices" context="" type="1" thread="5656" file="lsad.cpp:2396">
<![LOG[Using default DNS suffix company.com]LOG]!><time="15:20:34.477-660" date="03-02-2015" component="LocationServices" context="" type="1" thread="5656" file="lsad.cpp:3244">
<![LOG[Attempting to retrieve default management points from DNS]LOG]!><time="15:20:34.477-660" date="03-02-2015" component="LocationServices" context="" type="1" thread="5656" file="lsad.cpp:3253">
<![LOG[Found DNS record of sccm.company.com port 443]LOG]!><time="15:20:34.477-660" date="03-02-2015" component="LocationServices" context="" type="1" thread="5656" file="lsad.cpp:3299">
<![LOG[Skipping DNS record of sccm.company.com port 443 as it is not compatible with Client]LOG]!><time="15:20:34.477-660" date="03-02-2015" component="LocationServices" context="" type="1" thread="5656" file="lsad.cpp:3325">
<![LOG[Failed to retrieve compatible DNS service record using _mssms_mp_vic._tcp.company.com lookup]LOG]!><time="15:20:34.477-660" date="03-02-2015" component="LocationServices" context="" type="2" thread="5656" file="lsad.cpp:3336">
<![LOG[No lookup MP(s) from DNS]LOG]!><time="15:20:34.477-660" date="03-02-2015" component="LocationServices" context="" type="1" thread="5656" file="lsad.cpp:2425">
<![LOG[Policy prevents failover to WINS for lookup]LOG]!><time="15:20:34.477-660" date="03-02-2015" component="LocationServices" context="" type="1" thread="5656" file="lsad.cpp:2449">
<![LOG[Attempting to retrieve site information from lookup MP(s) via HTTP]LOG]!><time="15:20:34.493-660" date="03-02-2015" component="LocationServices" context="" type="1" thread="5656" file="lssecurity.cpp:6025">
<![LOG[Failed to send site information Location Request Message to sccm.company.COM]LOG]!><time="15:20:34.524-660" date="03-02-2015" component="LocationServices" context="" type="2" thread="5656" file="lssecurity.cpp:5558">
<![LOG[LSIsSiteCompatible : Failed to get Site Version from all directories]LOG]!><time="15:20:34.524-660" date="03-02-2015" component="LocationServices" context="" type="3" thread="5656" file="lsad.cpp:5470">
<![LOG[Sending Fallback Status Point message, STATEID='608'.]LOG]!><time="15:20:34.524-660" date="03-02-2015" component="LocationServices" context="" type="1" thread="5656" file="fspclientdeployassign.cpp:48">
<![LOG[Unable to retrieve AD site membership]LOG]!><time="15:23:00.941-660" date="03-02-2015" component="LocationServices" context="" type="1" thread="6676" file="lsad.cpp:775">
<![LOG[Unable to retrieve AD site membership]LOG]!><time="15:24:18.320-660" date="03-02-2015" component="LocationServices" context="" type="1" thread="6676" file="lsad.cpp:775">

"Yes, this site is published to AD." I didn't ask about AD, I asked about DNS. Since this is a workgroup system, AD is of no help. Thus, I'll ask again, is your MP published to *DNS*? Also, are you approving the resource in the ConfigMgr console?

Yes it is published to DNS, I have confirmed the record is in place.

The resource does not appear in the console at all.

I too am having this same issue. 

Attempting to retrieve default management points from DNS LocationServices 3/4/2015 10:18:51 AM 3516 (0x0DBC)
Found DNS record of SEVER22.domain.com port 443 LocationServices 3/4/2015 10:18:51 AM 3516 (0x0DBC)
Skipping DNS record of SERVER22.domain.com port 443 as it is not compatible with Client LocationServices 3/4/2015 10:18:51 AM 3516 (0x0DBC)
Found DNS record of SERVER21.domain.com port 443 LocationServices 3/4/2015 10:18:51 AM 3516 (0x0DBC)
Skipping DNS record of SERVER21.domain.com port 443 as it is not compatible with Client LocationServices 3/4/2015 10:18:51 AM 3516 (0x0DBC)
Failed to retrieve compatible DNS service record using _mssms_mp_bh1._tcp.domain.com lookup LocationServices 3/4/2015 10:18:51 AM 3516 (0x0DBC)

Is anyone able to assist with this?

Regards,
Locust12

Found a solution:

Including the /CCMHTTPSSTATE=31 switch in the install statement made the machine appear in the ConfigMgr console and is now in a managed state.

The above switch is used when HTTPS is enabled and no CRL checking.

Regards,
Locust12

• Marked as answer by Locust12 3 hours 39 minutes ago

Found a solution:

Including the /CCMHTTPSSTATE=31 switch in the install statement made the machine appear in the ConfigMgr console and is now in a managed state.

The above switch is used when HTTPS is enabled and no CRL checking.

Regards,
Locust12

• Marked as answer by Locust12 Wednesday, March 25, 2015 4:04 AM

That's not a supported solution. Why aren't you disabling CRL checking for your site the proper and supported way in your site settings if this is an issue?

CRL checking is currently disabled in the site settings.

Is there something else I should be doing?

Regards,
Locust12