Hi,
We have just setup a (Azure / PAS hosted) CMG.
Our Config Manager site is configured to use Enterprise PKI (HTTPS only).
We have created the CMG as documented on the various step-by-step guides such as those below:
how-to-setup-cloud-management-gateway-cmg-in-microsoft-sccm-video-guide
setup-and-configure-sccm-cloud-management-gateway-1806
Whilst some (approx 60) of our internet connected clients are connecting to the CMG, the majority are failing with the error below shown in the ClientLocation / LocationServices logs:
When running the CMG connection analyser we see the following:
I have masked the MP name but can confirm it is using a cert from the same PKI CA as the CMG.
We only have the one internet enabled MP and of the clients which are connecting successfully they are all using PKI certs from different (but obviously trusted CA's) to that of the site systems.
The article below states that the CMG connection point requires a client authentication cert (which it has, at least by virtue of being on the same server as the MP and having a valid client auth cert in the computer personal store)
cmg-communication-error-403
Please could someone clarify / suggest possible causes of this issue?
Is there a way to verify which cert the CMG Connection point is using?
And why would it be that a number (approx 60) devices are connecting successfully via the CMG using cert authentication?
Thanks,
Phil