Peer cache source certificate issue

Bas ten Velden 1 Reputation point

Hello all,

hopefully someone will be able to help us on an issue we have in our SCCM environment.
We use a SCCM environment to manage our servers.
This environment is successfully configured using PKI based on AD-enrolled certificates.
Our MP and DP are configured using only HTTPS communications and this works fine with our clients.

Since we have a great deal of branch offices (small locations with only a couple of servers) where we cannot deploy a DP, we decided to use peer caching on one of the servers that will act as a local content source for the rest of the servers.
We created a separate client collection that contain the specific servers on these locations, which has specific client settings deployed to it to enable Peer cache settings.
I can confirm this works, since when a package has been deployed on this server and another server in the same subnet requests for any content sources of this package from the MP, the server acting as peer cache gets returned as first content source location:

Now the issue is that whenever another server in the same subnet tries to download the content, this will fail when using the peer cache source.
In the DataTransferService.log I can see the following behavior:

The client reports an error with HTTP code 400 Bad request.
When I try to visit the same location of this server I notice it reports a certificate issue:

The certificate used seems to be a self-signed certificate:

To me it looks like this is the cause of the issue, since we are using a PKI environment for SCCM.
Since the certificate is not a valid certificate, the client will not accept its validity and thus errors out with a HTTP code 400.

Right now, I am a bit stumped on how to solve this, since it seems I am unable to change or do anything to fix this problem.
Anyone here that can confirm this and has a solution or can confirm the same behavior?

Thanks for the help.

Kind regards,

B. ten Velden

Microsoft Configuration Manager
0 comments No comments
{count} votes

4 answers

Sort by: Most helpful
  1. Jason Sandys 31,181 Reputation points Microsoft Employee

    You should open a support case. From what I can tell, this is a known issue and we have a work item tracking it, but it's not fixed yet. Opening a support case will validate that you are having the same issue, provide the devs will more info, and provide additional weight to prioritize addressing the issue.

    1 person found this answer helpful.
    0 comments No comments

  2. Jason Sandys 31,181 Reputation points Microsoft Employee

    What ConfigMgr version (site and client) are you running?

    0 comments No comments

  3. Bas ten Velden 1 Reputation point

    site is running ConfigMgr 2103 UR KB10036164, clients are all running the latest version (5.00.9049.1035).

    0 comments No comments

  4. Bas ten Velden 1 Reputation point

    Thanks for hte help Jason, I will do that.

    0 comments No comments