1,753 questions
I added the Root CA Cert in the ConfigMgr Site Communication Settings, and changed the registry settings in the location shown below, and it resolved the issue that was showing up.
Management point health showing as Critical in MECM
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(281.6, 81%, 37%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EGD%3C/text%3E%3C/svg%3E)
Garima Das
1,061
Reputation points
Hi Experts,
I have installed MECM and the Management Point is showing as Critical. I checked the Component Status error and the SMS_MP_CONTROL_Manager was showing an error as shown below:
I also checked the mp_control.log. This showed the below error:
After this, I tried to access the "http://SERVERNAME/sms_mp/.sms_aut?mplist" and "http://SERVERNAME/sms_mp/.sms_aut?mpcert" but this was also showing as 403: Forbidden as shown:
I need to have MP communication Protocol as HTTPS. How do I proceed from here?
Windows development | Internet Information Services
Microsoft Security | Intune | Configuration Manager | Other
4,608 questions
Accepted answer
3 additional answers
Sort by: Most helpful
-
ESWARARAJU KONETI 2,206 Reputation points MVP Volunteer Moderator2021-11-05T14:30:17.093+00:00 This is due to cert related issue.
Do you have cert selection in the IIS bindings? what is your site communication properties looks like? do you use CRL checking?
Try to uncheck the CRL if you are not using in the site communication settings.Thanks,
Eswar
www.eskonr.com-
Garima Das 1,061 Reputation points
2021-11-07T08:05:38.257+00:00 Hi,
Yeah, I have the Cert selection made in the IIS bindings. My Site communication Properties is selected as HTTP or HTTPS communication, and the CRL is checked.
-
Garima Das 1,061 Reputation points
2021-11-07T10:52:56.483+00:00 I disabled the CRL using the post-https://karthickjokirathinam.com/2015/05/27/configmgr-2012-mp-troubleshooting-http-test-request-failed-status-code-is-403-forbidden/ but still, the error exists.
-
Garima Das 1,061 Reputation points
2021-11-07T11:11:47.773+00:00 Below is the error that I receive in the IIS Log files.
Sign in to comment -
-
Rahul Jindal 10,911 Reputation points2021-11-05T15:42:20.937+00:00 First of all, you should always remove or mask sensitive information when sharing screenshots. Secondly, as EswarKoneti suggested, you need to check for certificate requirements if you are planning to use full Https mode for communication. Alternatively, you do have the option to use Ehttp as well.
-
Rahul Jindal 10,911 Reputation points
2021-11-07T17:04:38.22+00:00 Are you using PKI certs? Is your ConfigMgr configure d correctly for PKI? Look at the official link below to validate your configuration.
I still suggest to consider Ehttp if it is not an absolute requirement for you to use full Https. Microsoft introduced Ehttp for this very scenario to reduce the burden of managing PKI certs.