question

EvanMorrissey-0820 avatar image
EvanMorrissey-0820 asked ·

All MECM Management Points dead WINHTTP_CALLBACK_STATUS_FAILURE

Not sure what happened to my ConfigMgr... Over the weekend it appears all the Management Points have died... from mpcontrol.log:

 >>> Selected Certificate [Thumbprint c60d8a5ae15c3cb3f3514db07b3c63302339c42f] issued to 'SCCMFCSEDUMP1.fcps.org' for HTTPS Client Authentication    SMS_MP_CONTROL_MANAGER    10/26/2020 2:32:28 PM    7732 (0x1E34)
 WINHTTP_CALLBACK_STATUS_SECURE_FAILURE    SMS_MP_CONTROL_MANAGER    10/26/2020 2:32:28 PM    7732 (0x1E34)
 [BASEUTIL] AsyncCallback(): -----------------------------------------------------------------    SMS_MP_CONTROL_MANAGER    10/26/2020 2:32:28 PM    7732 (0x1E34)
 [BASEUTIL] AsyncCallback(): WINHTTP_CALLBACK_STATUS_SECURE_FAILURE Encountered    SMS_MP_CONTROL_MANAGER    10/26/2020 2:32:28 PM    7732 (0x1E34)
 [BASEUTIL]            : dwStatusInformationLength is 4    SMS_MP_CONTROL_MANAGER    10/26/2020 2:32:28 PM    7732 (0x1E34)
 [BASEUTIL]            : *lpvStatusInformation is 0x1    SMS_MP_CONTROL_MANAGER    10/26/2020 2:32:28 PM    7732 (0x1E34)
 [BASEUTIL]            : WINHTTP_CALLBACK_STATUS_FLAG_CERT_REV_FAILED is set    SMS_MP_CONTROL_MANAGER    10/26/2020 2:32:28 PM    7732 (0x1E34)
 CCMHTTP AsyncCallback(): -----------------------------------------------------------------    SMS_MP_CONTROL_MANAGER    10/26/2020 2:32:28 PM    7732 (0x1E34)
 Failed to send http request /SMS_MP/.sms_aut?MPLIST. Error 12175    SMS_MP_CONTROL_MANAGER    10/26/2020 2:32:28 PM    7732 (0x1E34)
 Call to HttpSendRequestSync failed for port 443 with 12175 error code.    SMS_MP_CONTROL_MANAGER    10/26/2020 2:32:28 PM    7732 (0x1E34)
 Sent summary record of SMS Management Point on ["Display=\\SCCMFCSEDUMP1.FCPS.ORG\"]MSWNET:["SMS_SITE=FCS"]\\SCCMFCSEDUMP1.FCPS.ORG\ to D:\SMS\MP\OUTBOXES\sitestat.box\c8hprl1d.SUM, Availability 1, 629142524 KB total disk space , 317743032 KB free disk space, installation state 0.    SMS_MP_CONTROL_MANAGER    10/26/2020 2:32:28 PM    7732 (0x1E34)
 Http test request failed, error code is 12175.    SMS_MP_CONTROL_MANAGER    10/26/2020 2:32:28 PM    7732 (0x1E34)

The cert is fine... CRL is fine... confirmed it's using the cert it's supposed to. Rebooted all the server (site servers too). Uninstalled MP role and reinstalled it (on a different server but they all have the same errors). SUP role and WSUS are on these MPs too and they work perfectly fine and are using the same cert in IIS. SMP role is on one server and that role has the same errors.

KB4577668 was installed on these servers recently. Removed it from one, no changes at all.

I'm at a bit of a loss what the problem could even be, as the log isn't really giving me much to go on here. Any ideas?

mem-cm-general
10 |1000 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

EvanMorrissey-0820 avatar image
EvanMorrissey-0820 answered ·

The CRL had some invalid data, once corrected things were back to normal

2 comments Share
10 |1000 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Curious how you figured this out and what you did to correct it? Did you simply publish a new CRL?

0 Votes 0 · ·

Yes I had to publish a new CRL. Not sure what happened to the old one or why only SCCM was impacted

0 Votes 0 · ·
Jason-MSFT avatar image
Jason-MSFT answered ·

If you review the IIS log on this system, you'll get a more exact error message/code as to which cert is being revoked and why.

Share
10 |1000 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Amandayou-MSFT avatar image
Amandayou-MSFT answered ·

Hi,

Besides mentioned above, we could check if it is normal by creating the user certificate and send request to /SMS_MP/.sms_aut by https.


If the response is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.


1 comment Share
10 |1000 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Hi,

May we know the current status of the question? If there is any other assistance we can provide, please feel free to let us know, we will do our best to help you.

Best regards,
Amanda You

0 Votes 0 · ·