This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(307.2, 50%, 39%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EBT%3C/text%3E%3C/svg%3E)
Hello all,
hopefully someone will be able to help us on an issue we have in our SCCM environment.
We use a SCCM environment to manage our servers.
This environment is successfully configured using PKI based on AD-enrolled certificates.
Our MP and DP are configured using only HTTPS communications and this works fine with our clients.
Since we have a great deal of branch offices (small locations with only a couple of servers) where we cannot deploy a DP, we decided to use peer caching on one of the servers that will act as a local content source for the rest of the servers.
We created a separate client collection that contain the specific servers on these locations, which has specific client settings deployed to it to enable Peer cache settings.
I can confirm this works, since when a package has been deployed on this server and another server in the same subnet requests for any content sources of this package from the MP, the server acting as peer cache gets returned as first content source location:
Now the issue is that whenever another server in the same subnet tries to download the content, this will fail when using the peer cache source.
In the DataTransferService.log I can see the following behavior:
The client reports an error with HTTP code 400 Bad request.
When I try to visit the same location of this server I notice it reports a certificate issue:
The certificate used seems to be a self-signed certificate:
To me it looks like this is the cause of the issue, since we are using a PKI environment for SCCM.
Since the certificate is not a valid certificate, the client will not accept its validity and thus errors out with a HTTP code 400.
Right now, I am a bit stumped on how to solve this, since it seems I am unable to change or do anything to fix this problem.
Anyone here that can confirm this and has a solution or can confirm the same behavior?
Thanks for the help.
Kind regards,
B. ten Velden
You should open a support case. From what I can tell, this is a known issue and we have a work item tracking it, but it's not fixed yet. Opening a support case will validate that you are having the same issue, provide the devs will more info, and provide additional weight to prioritize addressing the issue.
What ConfigMgr version (site and client) are you running?
site is running ConfigMgr 2103 UR KB10036164, clients are all running the latest version (5.00.9049.1035).
Thanks for hte help Jason, I will do that.