question

MichaelMendoza-2870 avatar image
0 Votes"
MichaelMendoza-2870 asked MichaelMendoza-2870 answered

Device on CMG not reporting in properly.

We have a Hybrid Azure AD with SCCM and MEM/Intune in a Co-Managed configuration.


We have spun up a CMG with its connection point to a dedicated internet-only MP.

Test application deployments to internet-based clients have been successful; however, the device isn’t properly reporting back state/status. The device is showing ‘False’ for ‘Device Online From Internet’ and it also does not show the CMG for ‘Device Online Management Point’. The device also does not reflect a current ‘Policy Request’ for its activity, but ‘Client Evaluation’ is accurate.

The CMG shows a ‘Ready’ status. Connection Point has status of ‘Connected’. Connection Analyzer is all green. This is all good; however we are showing one consistent error in the MP Control Manager Log: MP Control Manager detected User Service is not responding to HTTP requests. The http error is 401.

On the MP, navigating to ‘http://<servername>//sms_mp/.sms_aut?mplist’ get’s me:
<Version>9040</Version>
<Capabilities SchemaVersion="1.0">
<Property Name="SSLState" Value="0"/><
/Capabilities>
</MP></MPList>

Anyone have any insight on this?




mem-cm-co-management
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

MichaelMendoza-2870 avatar image
0 Votes"
MichaelMendoza-2870 answered

Thank you @AllenLiu-MSFT

Our certs are correct as clients are receiving deployments properly.
As for the original reason for this post (MP communication issues over CMG)...this has been resolved. We installed the SUP role on the same server as the problematic MP. We installed the prereqs, then installed the SUP role and configured. After we did this our CMG MP started communicating correctly. I suspect we had a misconfigured IIS...and installing the SUP role jarred it back into the right configuration. Success entries from MP logs/monitor:
-This component started.

-MP Control Manager verified that User Service is responding to HTTP requests.

-MP Control Manager verified that Management Point is responding to HTTP requests.

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

AllenLiu-MSFT avatar image
0 Votes"
AllenLiu-MSFT answered

Hi, @MichaelMendoza-2870
Thank you for posting in Microsoft Q&A forum.
It sounds weird, have we tried to reinstall the MP?
Is there any more useful message in mpcontrol.log?
And from client side, is there any error in CcmMessaging.log on client?


If the response is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.


5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

MichaelMendoza-2870 avatar image
0 Votes"
MichaelMendoza-2870 answered MichaelMendoza-2870 commented

Hi @AllenLiu-MSFT

Thank you for your review.

We originally created a Site System with a MP and SUP. We ran into the issue and removed all roles, reinstalling the MP.

On the client side, all looks well:
"Raising event instance of CCM...' and it references the CMG 'xxx.cloudapp.net'"
"Outgoing Message...: Delivered successfully to host 'xxx.cloudapp.net/…"

On the server mpcontrol.log we see:
"Call to HttpSendRequestSync failed for port 80 with status code 401, text: Authentication failed"
"Http test request failed, status code is 401, 'Authentication failed'."

Compmonlog has:
"Failed to read the required Operations Management component (SMS_TEM) registry key values on local computer; error=6(0x6)."
"Failed to read in current property values and initialize COpsMgmtComponent object; error = 6(0x6)."

One thing to note: The Server Cert we used for the CMG was from this new MP and not the Site Server. Should I generate/use a cert from the Site Server instead?

· 2
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Thank you @AllenLiu-MSFT

Our certs are correct as clients are receiving deployments properly.
As for the original reason for this post (MP communication issues over CMG)...this has been resolved. We installed the SUP role on the same server as the problematic MP. We installed the prereqs, then installed the SUP role and configured. After we did this our CMG MP started communicating correctly. I suspect we had a misconfigured IIS...and installing the SUP role jarred it back into the right configuration. Success entries from MP logs/monitor:
-This component started.

-MP Control Manager verified that User Service is responding to HTTP requests.

-MP Control Manager verified that Management Point is responding to HTTP requests.

0 Votes 0 ·