Clients don't talk to CMG

Question

I have CMG setup successfully, CM is in 2010, already being in https-only mode and PKI infra. The problem is, that after provisioining cmg and changing client settings, clients do not have the Network Page setup for Internet-based MP.

1. I created web cert with CMG special name from PKI and used it successfully during CMG greation.
2. CMG analyze shows all agreen when testing with Azure GA account.
3. CMG analyze with certificate - I can't do it for some reason, the analyze wizard don't accept any cert I am providing.
4. I did enable MP and SUP to support CMG
5. I enabled Cloud Services in Client Settings
6. Clients jumps from Intranet mode to Internet mode just fine.

Being in Internet mode, client still tries to talk to MP and it seems not having the info about CMG availability.

Answer 1

Nailed it! I had 2 problems;

1. My mistake, I didn´t export Root CA and did not set it when creating CMG. I had to delete previous Resource Group from Azure and I created new CMG instance with root ca inserted and without CRL check because I don´t have it in public.
2. From here I learned, that the registry key was missing from MP even if CMW traffic was cheked in MP properties. See last post: https://learn.microsoft.com/en-us/answers/questions/122165/clients-not-communicating-with-cmg.html

Answer 2

Are you using default client settings or custom? Incase of custom settings you will need to deploy them.

Answer 3

I managed to create new client cert with key exported and loaded it to the console, got these errors. Will check and work on them...

Answer 4

Clients not receiving CMG policy is one thing and clients not able to communicate with CMG is another thing. Which one is it for you?