ConfigMgr 2012 SP1: Failure while sending Content Validation Status and State Messages to Management Point, when Site has a MP enabled for HTTPS communication


Hi

I recently came through an issue with Content Validation on DPs, when MP is enabled for HTTPS communication in ConfigMgr 2012 SP1. 
 
Issue:
====
Errors in smsdpmon.log as below.

CSMSDPMonitoring::ReportPackageState failed; 0x80004005     SMS_Distribution_Point_Monitoring      26-08-2013 05:47:10 PM       2136 (0x0858)
Report status message 0x40000950 to MP            SMS_Distribution_Point_Monitoring      26-08-2013 05:47:10 PM 2136 (0x0858)
CSMSDPMonitoring::ReportStatusMessage failed; 0x80004005  SMS_Distribution_Point_Monitoring      26-08-2013 05:47:10 PM       2136 (0x0858)
Report status message 0x40000959 to MP            SMS_Distribution_Point_Monitoring      26-08-2013 05:47:10 PM 2136 (0x0858)

The above issue occurs with the below scenario.

Site has a Management Point which is running in HTTPS.
Distribution Point is enabled with Self Signed certificate.
ConfigMgr Distribution Points are enabled to Validate Content on Schedule.

Cause:
=====
When the DP is enabled for Content Validation, it successfully validates the Package, however it tries to send State and Status messages to the MP.
Now the MP is running with HTTPS communication, hence all the connections to MP requires SSL certificate Authentication.
Since the DP is not enabled with valid PKI certificate and imported in the DP properties, it will not be able to send the State or Status messages.

Solution:
======
- Check whether the below registry key contains value with the HTTPS URL of the management point

 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SMS\DP
 Name: ManagementPoints
 Type: REG_SZ
 Value: https://<ManagementPoint FQDN>

- If that is missing, update the value with HTTPS FQDN of the MP.
- Request a PKI Client Authentication Certificate from Certificate Authority.

For more information about creating a PKI certificate for use in the Distribution Point, see the section "Boot images for deploying operating systems" under "PKI Certificates for Clients" at the below link:
 PKI Certificate Requirements for Configuration Manager
 http://technet.microsoft.com/en-us/library/gg699362.aspx

 How to Export Certificates For Use With Operating System Deployment:
 http://technet.microsoft.com/en-us/library/bb632961.aspx

- Import the exported certificate (.pfx) in ConfigMgr Distribution Point Properties. Refer below article.
 http://technet.microsoft.com/en-us/library/gg682115.aspx#BKMK_ModifyDistributionPointSettings

- After importing wait for couple of minutes, the DP will start reporting State and Status messages to MP.

Thanks,
Senthilkumar Pandurangan.

 

Disclaimer:
This posting is provided "AS IS" with no warranties and confers no rights.

Comments (3)

  1. Chanakya says:

    You saved my time…Thanks……Senthil

  2. Ioan Popovici says:

    My site has 3 management points and only one is HTTPS enabled, I get the same error when a DP tries to connect to a HTTP management point. I’ve even tried out this fix even though it made no sense but I get the same error.

  3. karthick says:

    We are facing similar issue and SMSDPUSAGE scheduled task which runs on DPM role server that helps in running the builtin report query called DP USAGE REPORT in the console is not giving any output. When checked the SMSDPUSAGE.LOG, seeing the below 4 line errors which keep occuring and seeing the same above error in smsdpmon.log too. So hope creating this MP FQDN value on registry will work. Let me update you my further updates.
    Gathering statistics from C:\inetpub\logs\LogFiles\W3SVC1\ex170719.log
    Report state message 0x00000000 to MP
    HTTPS is enforced for Client. The current state is 31.
    Failed to validate an MP from registry: . 00000000

Skip to main content