Failed to connect to the CMG service

Lorin Davis 21 Reputation points
2020-09-23T14:15:22+00:00

Hi,

We have deployed CMG service from standalone Primary site server version SCCM 1910 with required server authentication certificate from internal PKI. We have not uploaded client trusted root certificate as the clients are Azure AD authenticated.

Under "Certificates uploaded to the cloud service" we have not enabled Client certificate revocation as we have not published our CRL externally. The CMG service provisioning is also completed and CMG service is in Ready state. CMG service name is also added to our DNS.

However, the connection analyzer resulted in "Failed to connect to CMG service". Smsadminui.log has the error "Authentication failed because the remote party has closed the transport stream".

Please guide on this error. Certificate end looks fine, not sure what is missing. Also we have not yet installed CMG connection point due to this authentication error. Do you suggest to go ahead and install the connection point role and then run the connection analyzer ?

Microsoft Configuration Manager
{count} votes

1 answer

Sort by: Most helpful
  1. Nick Hogarth 3,431 Reputation points
    2020-09-24T22:21:24.167+00:00

    I don't think this is related to the error, but do the clients have a trusted root certificate to trust the internal PKI cert that you used for the CMG? See https://learn.microsoft.com/en-us/mem/configmgr/core/clients/manage/cmg/certificates-for-cloud-management-gateway#bkmk_cmgroot

    Yes you should install the CMG connection point. Is your Management Point using HTTPS or E-HTTP?