Clients not communicating with CMG

Jackster 6 Reputation points
2020-10-09T21:54:39.177+00:00

Hi,

I'm trying to setup a CMG and I'm using PKI certs. I've deployed the proper certificates to the CMG and can see that they are bound in the Azure VM. I'm not using a CRL, so I unchecked those options on the CMG installation wizard and my site properties. When I use the CMG connection analyzer, everything looks good.
31317-aztest.jpg

However, when I try to use a client pointing to that CMG, I see the following in my LocationServices.log file
31345-locservlog.jpg

What certificate is missing and how do I apply it?

Thanks!

Not Monitored
Not Monitored
Tag not monitored by Microsoft.
36,203 questions
0 comments

7 answers

Sort by: Newest
Most helpful Newest Oldest
  1. BryanB 26 Reputation points
    2021-02-04T19:23:54.593+00:00

    We had the same symptoms as the original post after configuring our CMG. After working with MS it ended up being an enabled setting that didn't actually apply in the registry. We had the boxed checked for "Allow Configuration Manager cloud management gateway traffic" in the settings of our Management Point but for some reason it didn't update the registry and CMG traffic was still being blocked. We unchecked the box, hit apply, rechecked the box, hit apply again, at which point the registry updated correctly and our CMG started to work as expected. The specific key for us was HKLM\SOFTWARE\Microsoft\SMS\MP\EnableInternet and needs to equal DWORD of 1. We are running SCCM CB 1910.

    64145-mp.png

    64164-reg-mp.png

    4 people found this answer helpful.
  2. ChrisA 1 Reputation point
    2021-01-25T15:45:51.677+00:00

    We are experiencing this same issue. The suggestions provided did not resolve it. How did you get this resolved?

  3. Jackster 6 Reputation points
    2020-10-19T14:26:58.577+00:00

    Hi Rahul,

    I tried, but my client auth certs don't export the private key, so I can't even start the connection analyzer with the cert. Is it wise to modify the template so I can export the key?

    0 comments
  4. Rahul Jindal [MVP] 9,151 Reputation points MVP
    2020-10-17T22:54:26.247+00:00

    Have you tried running the connection analyzer using the Client auth cert? Also, where is your CMG connection point installed?

    0 comments
  5. Simon Ren-MSFT 30,501 Reputation points Microsoft Vendor
    2020-10-14T07:21:31.11+00:00

    Hi,

    Thanks for your reply.

    Please also uncheck the option "Verify Client Certificate Revocation" on the settings tab of the CMG connection point properties. As shown below:

    32253-cmg-connectiont-point.png

    Thanks for your time.

    Best regards,
    Simon

    If the response is helpful, please click "Accept Answer" and upvote it.
    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

    0 comments