Management point health showing as Critical in MECM

Garima Das 1,061 Reputation points
2021-11-05T12:19:53.783+00:00

Hi Experts,

I have installed MECM and the Management Point is showing as Critical. I checked the Component Status error and the SMS_MP_CONTROL_Manager was showing an error as shown below:

146969-mp-error1.png

I also checked the mp_control.log. This showed the below error:

147010-mp-error2.png

After this, I tried to access the "http://SERVERNAME/sms_mp/.sms_aut?mplist" and "http://SERVERNAME/sms_mp/.sms_aut?mpcert" but this was also showing as 403: Forbidden as shown:

147082-mp-error3.png

I need to have MP communication Protocol as HTTPS. How do I proceed from here?

Windows development | Internet Information Services
Microsoft Security | Intune | Configuration Manager | Other
0 comments No comments
{count} votes

Accepted answer
  1. Garima Das 1,061 Reputation points
    2021-11-12T06:04:02.28+00:00

    I added the Root CA Cert in the ConfigMgr Site Communication Settings, and changed the registry settings in the location shown below, and it resolved the issue that was showing up.

    148735-mp-error5.png

    0 comments No comments

3 additional answers

Sort by: Most helpful
  1. ESWARARAJU KONETI 2,206 Reputation points MVP Volunteer Moderator
    2021-11-05T14:30:17.093+00:00

    This is due to cert related issue.
    Do you have cert selection in the IIS bindings? what is your site communication properties looks like? do you use CRL checking?
    Try to uncheck the CRL if you are not using in the site communication settings.

    Thanks,
    Eswar
    www.eskonr.com


  2. Rahul Jindal 10,911 Reputation points
    2021-11-05T15:42:20.937+00:00

    First of all, you should always remove or mask sensitive information when sharing screenshots. Secondly, as EswarKoneti suggested, you need to check for certificate requirements if you are planning to use full Https mode for communication. Alternatively, you do have the option to use Ehttp as well.

    0 comments No comments

  3. Rahul Jindal 10,911 Reputation points
    2021-11-07T17:04:38.22+00:00

    Are you using PKI certs? Is your ConfigMgr configure d correctly for PKI? Look at the official link below to validate your configuration.

    plan-for-certificates

    I still suggest to consider Ehttp if it is not an absolute requirement for you to use full Https. Microsoft introduced Ehttp for this very scenario to reduce the burden of managing PKI certs.

    0 comments No comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.