SCCM/MECM client stops communicating with the CMG

John Mabasa 41 Reputation points
2023-06-30T18:35:06.5733333+00:00

We have Clients that would stop talking to the CMG suddenly after being OK for some time. I one case, I noticed the client stop working and started working again after a month.

The issue seems random as majority of the machines are either OK, or may have experienced this but no longer.

Reinstalling the client will not fix the problem (we use bulk registration token) since installing the client on prem is not an option for us right now.

We are in an Enhanced HTTP environment and chose to use external certs.

The log message I see that pops out is that it fails to get a ccm access token or doesn't have a PKI issued cert to use SSL. This could be a root cause, but I really don't know where to begin with that as My googling only show solutions applicable to people using internal PKI certs.

ccmmessaging.log shows this:

[CCMHTTP] AsyncCallback(): -----------------------------------------------------------------	CcmMessaging	6/22/2023 4:33:34 PM	13660 (0x355C)
[CCMHTTP] AsyncCallback(): WINHTTP_CALLBACK_STATUS_SECURE_FAILURE Encountered	CcmMessaging	6/22/2023 4:33:34 PM	13660 (0x355C)
[CCMHTTP]                : dwStatusInformationLength is 4
	CcmMessaging	6/22/2023 4:33:34 PM	13660 (0x355C)
[CCMHTTP]                : *lpvStatusInformation is 0x80000000
	CcmMessaging	6/22/2023 4:33:34 PM	13660 (0x355C)
[CCMHTTP]            : WINHTTP_CALLBACK_STATUS_FLAG_SECURITY_CHANNEL_ERROR is set
	CcmMessaging	6/22/2023 4:33:34 PM	13660 (0x355C)
[CCMHTTP] AsyncCallback(): -----------------------------------------------------------------	CcmMessaging	6/22/2023 4:33:34 PM	13660 (0x355C)
 and

Successfully queued event on HTTP/HTTPS failure for server 'COMPANY.COM'.	CcmMessaging	6/22/2023 4:33:34 PM	13660 (0x355C)
RetrieveTokenFromStsServerImpl failed with error 0x80072f8f	CcmMessaging	6/22/2023 4:33:34 PM	13660 (0x355C)
Failed to get CCM access token and client doesn't have PKI issued cert to use SSL. Error 0x80072f8f	CcmMessaging	6/22/2023 4:33:34 PM	13660 (0x355C)


Microsoft Configuration Manager
0 comments No comments
{count} votes

2 answers

Sort by: Most helpful
  1. Simon Ren-MSFT 38,751 Reputation points Microsoft Vendor
    2023-07-03T06:17:56.2533333+00:00

    Hi,

    Thank you for posting in Microsoft Q&A forum.

    1,One possible cause for this issue could be related to the external certificates that are being used in an Enhanced HTTP environment. It is essential to ensure that the root CA certificate is present on the clients to validate the CMG server authentication certificate.

    2,In addition, uncheck the certificate revocation list (CRL) to have a try. Or use the /NoCRLCheck parameter when run the ccmsetup.exe run with the bulk registration token generated.

    3, Review the ClientLocation.log and LocationServices.log to see if there is any useful information.

    Thanks for your time. Have a nice day!

    Best regards,

    Simon


    If the response is helpful, please click "Accept Answer" and upvote it.

    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

    0 comments No comments

  2. Simon Ren-MSFT 38,751 Reputation points Microsoft Vendor
    2023-07-19T09:39:10.7533333+00:00

    Hi,

    Hope everything goes well. Do you need any further assistance about this issue? If yes, please feel free to let us know, we will do our best to help you.

    If the response is helpful, it's appreciated that you could click "Accept Answer" and upvote it, this will help other users to search for useful information more quickly.

    Thanks for your time.

    Best regards,

    Simon

    0 comments No comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.