failed to get management point from cmg'cmgname.eastus.cloudapp.azure.com/CCM_Proxy_MutualAuth/ for site 'XYZ'

Faisal 0 Reputation points
2023-05-30T19:01:30.6033333+00:00
I have set up a cloud management gateway in my MECM Environment. PKI Infrastructure is also in place, and it is working as expected. The MECM clients function fine when communicating with the local MP (on-premises MP); however, clients cannot discover a CMG or connect to AD when they move to the Internet. 

I have attached a copy of the locationservices log file from one of the clients to provide additional context. If someone could look at the following log file and provide some help, that would be great.


Raising event:
instance of CCM_CcmHttp_Status
{
	DateTime = "20230530182448.888000+000";
	HostName = "cmggname.EASTUS.CLOUDAPP.AZURE.COM";
	HRESULT = "0x80072f8f";
	ProcessID = 1936;
	StatusCode = 1;
	ThreadID = 5856;
};
	LocationServices	5/30/2023 7:24:48 AM	5856 (0x16E0)
Status Agent hasn't been initialized yet. Attempting to create pending event.	LocationServices	5/30/2023 7:24:48 AM	5856 (0x16E0)
Raising pending event:
instance of CCM_CcmHttp_Status
{
	DateTime = "20230530182448.888000+000";
	HostName = "cmgname.EASTUS.CLOUDAPP.AZURE.COM";
	HRESULT = "0x80072f8f";
	ProcessID = 1936;
	StatusCode = 1;
	ThreadID = 5856;
};
	LocationServices	5/30/2023 7:24:48 AM	5856 (0x16E0)
Failed in WinHttpSendRequest API, ErrorCode = 0x2f8f	LocationServices	5/30/2023 7:24:48 AM	5856 (0x16E0)
[CCMHTTP] ERROR: URL=https://CMGNAME.EASTUS.CLOUDAPP.AZURE.COM/CCM_Proxy_ServerAuth/AADAuthInfo?TenantID=tenantIDnumber, Port=443, Options=224, Code=12175, Text=ERROR_WINHTTP_SECURE_FAILURE	LocationServices	5/30/2023 7:24:48 AM	5856 (0x16E0)
[CCMHTTP] ERROR INFO: StatusCode=<unknown> StatusText=	LocationServices	5/30/2023 7:24:48 AM	5856 (0x16E0)
Successfully queued event on HTTP/HTTPS failure for server 'CMGNAME.EASTUS.CLOUDAPP.AZURE.COM'.	LocationServices	5/30/2023 7:24:48 AM	5856 (0x16E0)
Failed to get AAD info from CMG with error 0x80072f8f, Status Code  0, StatusText 	LocationServices	5/30/2023 7:24:48 AM	5856 (0x16E0)
Getting metadata from CMG 'CMGNAME.EASTUS.CLOUDAPP.AZURE.COM'	LocationServices	5/30/2023 7:24:48 AM	5856 (0x16E0)
Client is not allowed to use or doesn't have PKI cert while talking to HTTPS server.	LocationServices	5/30/2023 7:24:48 AM	5856 (0x16E0)
[CCMHTTP] ERROR: URL=https://CMGNAME.EASTUS.CLOUDAPP.AZURE.COM/CCM_Proxy_MutualAuth/ServiceMetadata, Port=0, Options=224, Code=0, Text=CCM_E_NO_CLIENT_PKI_CERT	LocationServices	5/30/2023 7:24:48 AM	5856 (0x16E0)
[CCMHTTP] ERROR INFO: StatusCode=<unknown> StatusText=	LocationServices	5/30/2023 7:24:48 AM	5856 (0x16E0)
Raising event:
instance of CCM_CcmHttp_Status
{
	DateTime = "20230530182448.905000+000";
	HostName = "CMGNAME.EASTUS.CLOUDAPP.AZURE.COM";
	HRESULT = "0x87d00454";
	ProcessID = 1936;
	StatusCode = 0;
	ThreadID = 5856;
};
	LocationServices	5/30/2023 7:24:48 AM	5856 (0x16E0)
Status Agent hasn't been initialized yet. Attempting to create pending event.	LocationServices	5/30/2023 7:24:48 AM	5856 (0x16E0)
Raising pending event:
instance of CCM_CcmHttp_Status
{
	DateTime = "20230530182448.905000+000";
	HostName = "CMGNAME.EASTUS.CLOUDAPP.AZURE.COM";
	HRESULT = "0x87d00454";
	ProcessID = 1936;
	StatusCode = 0;
	ThreadID = 5856;
};
	LocationServices	5/30/2023 7:24:48 AM	5856 (0x16E0)
Successfully queued event on HTTP/HTTPS failure for server 'CMGNAME.EASTUS.CLOUDAPP.AZURE.COM'.	LocationServices	5/30/2023 7:24:48 AM	5856 (0x16E0)
Unexpected empty response from CMG metadata query.	LocationServices	5/30/2023 7:24:48 AM	5856 (0x16E0)
Failed to get management points from CMG 'CMGNAME.EASTUS.CLOUDAPP.AZURE.COM/CCM_Proxy_MutualAuth/MutualAuthNumber for site 'AUG'. Error 0x8000ffff	LocationServices	5/30/2023 7:24:48 AM	5856 (0x16E0)
Client is not allowed to use or doesn't have PKI cert while talking to HTTPS server.	LocationServices	5/30/2023 7:24:48 AM	5856 (0x16E0)
[CCMHTTP] ERROR: URL=https://CMGNAME.EASTUS.CLOUDAPP.AZURE.COM/CCM_Proxy_MutualAuth/MutualAuthNumber/SMS_MP/.sms_aut?SITESIGNCERT, Port=0, Options=224, Code=0, Text=CCM_E_NO_CLIENT_PKI_CERT	LocationServices	5/30/2023 7:24:48 AM	5856 (0x16E0)
[CCMHTTP] ERROR INFO: StatusCode=<unknown> StatusText=	LocationServices	5/30/2023 7:24:48 AM	5856 (0x16E0)
Raising event:
instance of CCM_CcmHttp_Status
{
	DateTime = "20230530182448.923000+000";
	HostName = "CMGNAME.EASTUS.CLOUDAPP.AZURE.COM";
	HRESULT = "0x87d00454";
	ProcessID = 1936;
	StatusCode = 0;
	ThreadID = 5856;
};
	LocationServices	5/30/2023 7:24:48 AM	5856 (0x16E0)
Status Agent hasn't been initialized yet. Attempting to create pending event.	LocationServices	5/30/2023 7:24:48 AM	5856 (0x16E0)
Raising pending event:
instance of CCM_CcmHttp_Status
{
	DateTime = "20230530182448.923000+000";
	HostName = "CMGNAME.EASTUS.CLOUDAPP.AZURE.COM";
	HRESULT = "0x87d00454";
	ProcessID = 1936;
	StatusCode = 0;
	ThreadID = 5856;
};
	LocationServices	5/30/2023 7:24:48 AM	5856 (0x16E0)
Successfully queued event on HTTP/HTTPS failure for server 'CMGNAME.EASTUS.CLOUDAPP.AZURE.COM'.	LocationServices	5/30/2023 7:24:48 AM	5856 (0x16E0)
Workgroup client is in Unknown location	LocationServices	5/30/2023 7:24:48 AM	5856 (0x16E0)
Ignoring MP error during post-rotation flush period of 20 seconds.	LocationServices	5/30/2023 7:24:48 AM	7828 (0x1E94)
0 internet MP errors in the last 10 minutes, threshold is 5.	LocationServices	5/30/2023 7:24:48 AM	7828 (0x1E94)

Microsoft Configuration Manager
{count} votes

1 answer

Sort by: Most helpful
  1. Simon Ren-MSFT 32,146 Reputation points Microsoft Vendor
    2023-05-31T06:39:02.9566667+00:00

    Hi,

    Thank you for posting in Microsoft Q&A forum.

    The error 0x80072f8f means "A security error occurred". Please make sure the PKI certificates are working well. Also check the following options:

    1,Check if the root CA is present or not. Clients need the root CA certificate to validate the CMG server authentication certificate.

    2,Check if the option 'Check CRL' in the Site Properties under client communications is checked. If it's checked, you need to publish the CRL on the internet.

    Thanks for your time. Have a nice day!

    Best regards,

    Simon


    If the response is helpful, please click "Accept Answer" and upvote it.

    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

    0 comments No comments