ConfigMgr 2012 SP1: Failure while sending Content Validation Status and State Messages to Management Point, when Site has a MP enabled for HTTPS communication

Hi

I recently came through an issue with Content Validation on DPs, when MP is enabled for HTTPS communication in ConfigMgr 2012 SP1. 
 
Issue:
====
Errors in smsdpmon.log as below.

CSMSDPMonitoring::ReportPackageState failed; 0x80004005 SMS_Distribution_Point_Monitoring 26-08-2013 05:47:10 PM 2136 (0x0858)
Report status message 0x40000950 to MP SMS_Distribution_Point_Monitoring 26-08-2013 05:47:10 PM 2136 (0x0858)
CSMSDPMonitoring::ReportStatusMessage failed; 0x80004005 SMS_Distribution_Point_Monitoring 26-08-2013 05:47:10 PM 2136 (0x0858)
Report status message 0x40000959 to MP SMS_Distribution_Point_Monitoring 26-08-2013 05:47:10 PM 2136 (0x0858)

The above issue occurs with the below scenario.

Site has a Management Point which is running in HTTPS.
Distribution Point is enabled with Self Signed certificate.
ConfigMgr Distribution Points are enabled to Validate Content on Schedule.

Cause:
=====
When the DP is enabled for Content Validation, it successfully validates the Package, however it tries to send State and Status messages to the MP.
Now the MP is running with HTTPS communication, hence all the connections to MP requires SSL certificate Authentication.
Since the DP is not enabled with valid PKI certificate and imported in the DP properties, it will not be able to send the State or Status messages.

Solution:
======
- Check whether the below registry key contains value with the HTTPS URL of the management point

 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SMS\DP
 Name: ManagementPoints
 Type: REG_SZ
 Value: https://<ManagementPoint FQDN>

- If that is missing, update the value with HTTPS FQDN of the MP.
- Request a PKI Client Authentication Certificate from Certificate Authority.

For more information about creating a PKI certificate for use in the Distribution Point, see the section "Boot images for deploying operating systems" under "PKI Certificates for Clients" at the below link:
 PKI Certificate Requirements for Configuration Manager
 https://technet.microsoft.com/en-us/library/gg699362.aspx

 How to Export Certificates For Use With Operating System Deployment:
 https://technet.microsoft.com/en-us/library/bb632961.aspx

- Import the exported certificate (.pfx) in ConfigMgr Distribution Point Properties. Refer below article.
 https://technet.microsoft.com/en-us/library/gg682115.aspx#BKMK_ModifyDistributionPointSettings

- After importing wait for couple of minutes, the DP will start reporting State and Status messages to MP.

Thanks,
Senthilkumar Pandurangan.

 

Disclaimer:
This posting is provided "AS IS" with no warranties and confers no rights.