SCMDM: Enrollment fails if a port other than 443 is used for the Enrollment Service

  • Article

Here's another SP1 issue that we came across.  If your server and client logs indicate that Enrollment failed because it could not resolve the Enrollment server URL and you changed the port then this may be your issue:

========

Issue: The server and client logs indicate that enrollment failed because it could not resolve the enrollment server URL.

Cause: Enrollment can fail if PAT (Port Address Translation) is used or if an alternate port other than 443 is used for the Enrollment Service.

Setup itself does not allow you to specify an alternate port number for the enrollment server when it is installed, so if an alternate port is specified in IIS after installation, and the SCP value for the enrollment server is not changed, then client auto discovery breaks. What happens is that the client is sent back a request to switch to the URI of an enrollment server without the alternate port causing the enrollment to fail.

Resolution: If the port number in IIS is changed to a port other than 443, the SCP value must also be changed.

To change the SCP value follow these steps:

1. Launch ADSIEDIT.MSC.

2. Right click on “CN=Instance” to bring up the property dialog box.

3. Check the ‘Show only attributes that have values’ checkbox.

4. Double click on ‘keywords’ attribute.

5. Change the “enurl= …” value to the new port number.

========

J.C. Hornbeck | Manageability Knowledge Engineer