Hi,
We have deployed CMG service from standalone Primary site server version SCCM 1910 with required server authentication certificate from internal PKI. We have not uploaded client trusted root certificate as the clients are Azure AD authenticated.
Under "Certificates uploaded to the cloud service" we have not enabled Client certificate revocation as we have not published our CRL externally. The CMG service provisioning is also completed and CMG service is in Ready state. CMG service name is also added to our DNS.
However, the connection analyzer resulted in "Failed to connect to CMG service". Smsadminui.log has the error "Authentication failed because the remote party has closed the transport stream".
Please guide on this error. Certificate end looks fine, not sure what is missing. Also we have not yet installed CMG connection point due to this authentication error. Do you suggest to go ahead and install the connection point role and then run the connection analyzer ?