Clients don't talk to CMG

Pavel Yannara Mirochnitchenko 6,911 Reputation points
2021-04-12T20:22:10.737+00:00

I have CMG setup successfully, CM is in 2010, already being in https-only mode and PKI infra. The problem is, that after provisioining cmg and changing client settings, clients do not have the Network Page setup for Internet-based MP.

  1. I created web cert with CMG special name from PKI and used it successfully during CMG greation.
  2. CMG analyze shows all agreen when testing with Azure GA account.
  3. CMG analyze with certificate - I can't do it for some reason, the analyze wizard don't accept any cert I am providing.
  4. I did enable MP and SUP to support CMG
  5. I enabled Cloud Services in Client Settings
  6. Clients jumps from Intranet mode to Internet mode just fine.

Being in Internet mode, client still tries to talk to MP and it seems not having the info about CMG availability.

Microsoft Configuration Manager
No comments
{count} votes

Accepted answer
  1. Pavel Yannara Mirochnitchenko 6,911 Reputation points
    2021-04-13T18:10:20.463+00:00

    Nailed it! I had 2 problems;

    1. My mistake, I didn´t export Root CA and did not set it when creating CMG. I had to delete previous Resource Group from Azure and I created new CMG instance with root ca inserted and without CRL check because I don´t have it in public.
    2. From here I learned, that the registry key was missing from MP even if CMW traffic was cheked in MP properties. See last post: https://learn.microsoft.com/en-us/answers/questions/122165/clients-not-communicating-with-cmg.html

3 additional answers

Sort by: Most helpful
  1. Rahul Jindal [MVP] 6,161 Reputation points Microsoft MVP
    2021-04-12T20:32:15.117+00:00

    Are you using default client settings or custom? Incase of custom settings you will need to deploy them.


  2. Pavel Yannara Mirochnitchenko 6,911 Reputation points
    2021-04-13T06:46:40.233+00:00

    I managed to create new client cert with key exported and loaded it to the console, got these errors. Will check and work on them...

    87255-cmg1.jpg

    87273-cmg2.jpg

    No comments

  3. Rahul Jindal [MVP] 6,161 Reputation points Microsoft MVP
    2021-04-13T07:01:52.63+00:00

    Clients not receiving CMG policy is one thing and clients not able to communicate with CMG is another thing. Which one is it for you?