question

DominiqueDUCHEMIN-4668 avatar image
0 Votes"
DominiqueDUCHEMIN-4668 asked MaikelHendriks-7703 answered

ERROR: Failed to download Admin UI content payload with exception: The underlying connection was closed: An unexpected error occurred on a send.

Hello,

I just saw in the dmpdownloader.log this repetitive error (every 5 minutes):


AdminUI Content Download thread is starting... SMS_DMP_DOWNLOADER 11/23/2020 1:42:43 PM 12636 (0x315C)
Download Admin UI content payload SMS_DMP_DOWNLOADER 11/23/2020 1:42:43 PM 12636 (0x315C)
Get AdminUI content cab url SMS_DMP_DOWNLOADER 11/23/2020 1:42:43 PM 12636 (0x315C)
The payload will be downloaded to C:\Program Files\Microsoft Configuration Manager\AdminUIContentPayload\ConfigMgr.AdminUIContent.AUC SMS_DMP_DOWNLOADER 11/23/2020 1:42:43 PM 12636 (0x315C)
Download manifest.cab SMS_DMP_DOWNLOADER 11/23/2020 1:42:43 PM 12636 (0x315C)
Redirected to URL https://<sccm_site_server>/adminuicontent/ConfigMgr.AdminUIContent.cab SMS_DMP_DOWNLOADER 11/23/2020 1:42:43 PM 12636 (0x315C)
Got fwdlink and recreating the httprequest/response SMS_DMP_DOWNLOADER 11/23/2020 1:42:43 PM 12636 (0x315C)
ERROR: Failed to download Admin UI content payload with exception: The underlying connection was closed: An unexpected error occurred on a send. SMS_DMP_DOWNLOADER 11/23/2020 1:42:43 PM 12636 (0x315C)
Failed to call AdminUIContentDownload. error = Error -2146233079 SMS_DMP_DOWNLOADER 11/23/2020 1:42:43 PM 12636 (0x315C)
AdminUI Content Download thread is exiting... SMS_DMP_DOWNLOADER 11/23/2020 1:42:43 PM 12636 (0x315C)
HasIntuneSubscription: Site has no Intune subscription. SMS_DMP_DOWNLOADER 11/23/2020 1:47:43 PM 7104 (0x1BC0)
AdminUI Content Download thread is starting... SMS_DMP_DOWNLOADER 11/23/2020 1:47:43 PM 13708 (0x358C)

===================================================================

It happened on several Primary Server for the various site I am managing...
What is the issue?

Thanks,
Dom

mem-cm-general
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Hollisorama-2295 avatar image
1 Vote"
Hollisorama-2295 answered Hollisorama-2295 commented

I was able to resolve this by allowing our firewall to inspect the traffic so that it initiates the connection on behalf of the Configuration Manager server using TLS 1.2. We need to do some planning before we enforce TLS 1.2 for Configuration Manager in our environment.

· 3
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

@Hollisorama-2295

Thank you very much for the update and sharing the solution here. I believe this should be useful for someone who has similar issue in the future.

0 Votes 0 ·

Hi,

Can you expound on what you had to do within your Firewall to allow this communication? We are now experiencing this same error loop every 5 minutes. We use a Cisco ASA5616 firewall within our environment.

0 Votes 0 ·

Hi @TonyUpson-9836. The issue is that this connection to Microsoft requires TLS 1.2 now. At the time we had this issue, our site server was still using TLS 1.0 and our firewall was bypassing HTTPs inspection for our servers so the traffic was passing as TLS 1.0. By enabling HTTPs inspection on our Checkpoint firewall the connection then left our network negotiated as TLS 1.2 because the firewall re-negotiated the connection. That was temporary until we upgraded our ConfigMgr servers to Windows Server 2019 and converted our ConfigMgr infrastructure and clients to support TLS 1.2 natively. At that point, we removed the HTTPs inspection done by the firewall because the Site Server communication now had TLS 1.2 enforced. The firewall change we made was a temporary workaround.

0 Votes 0 ·
DominiqueDUCHEMIN-4668 avatar image
0 Votes"
DominiqueDUCHEMIN-4668 answered

Hello,

I checked
https://docs.microsoft.com/en-us/archive/blogs/configmgrdogs/configuration-manager-proxy-exceptions

but did not see the URL in the dmpdownloader.log???
Thanks,
Dom

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

FionaYan-MSFT avatar image
1 Vote"
FionaYan-MSFT answered FionaYan-MSFT edited

@DominiqueDUCHEMIN-4668

Thank you for posting in Microsoft Q&A forum.

To get better support, could we know what operation we do after we seen this error in our dmpdownloader.log? Does it happens updated our site server or someone else? Because i haven't seen you mention it.

May we know how many servers are facing this issue, we said that "several" means more than one less than few servers, right? Have we seen the good one?

Have a nice day!


If the response is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.


5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

DominiqueDUCHEMIN-4668 avatar image
0 Votes"
DominiqueDUCHEMIN-4668 answered FionaYan-MSFT edited

Hello,

  1. No Action specifically done after this error as it was discovered by chance. Nothing looks updated...

  2. I just checked the Primary server for the two sites we have so far only 2 servers have been checked and have this error. Which other servers (role(s)) for you want me to check?

Thanks,
Dom

· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

@DominiqueDUCHEMIN-4668

Thank you for the kindly reply.

Could we know that is our primary server still working normally? Also, double confirm that have we made any changes before we got this error?

Have a good day!


0 Votes 0 ·
DominiqueDUCHEMIN-4668 avatar image
0 Votes"
DominiqueDUCHEMIN-4668 answered FionaYan-MSFT edited

Hello,

The Primary servers are working fine apparently...
The last upgrade was done in September but not sure if there was an issue by this time, as the error was seen during another troubleshooting...

It does not seem to impact the application but it is filling up the log file in red for ever ...

Thanks,
Dom

· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

@DominiqueDUCHEMIN-4668

Thank your for the reply.

From our description, it may not affect our environment currently. If you have any questions in future, we warmly welcome you to post in this forum again.

Have a nice day!

0 Votes 0 ·
Hollisorama-2295 avatar image
1 Vote"
Hollisorama-2295 answered FionaYan-MSFT edited

I have the same issue after upgrading my site to 2010. I'm thinking the site server is using either TLS 1.0/1.1 or can't find a compatible cipher suite to negotiate TLS. Can you confirm @FionaYan-MSFT if the site https://configmgrbits.azureedge.net/adminuicontent/ConfigMgr.AdminUIContent.cab is now requiring TLS 1.2?

· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

@Hollisorama-2295

We could check the security protocol on our server side to see if we use the TLS 1.0/1.1 by the following method:
53242-image.png

If we use the TLS 1.0/1.1, this protocol is out of lifecycle, we may need to choose TLS 1.2.
Here is a helpful article for you to refer to:
enabling-tls-v1-2-support-in-sccm[enabling-tls-v1-2-support-in-sccm
Note: this is non-official Microsoft article just for your refernce.

The phenomenon of upgrading issue, I will try the best to deliver the information to the product team to see if they have some additional comments, but not guaranteed. once there is a reply, i will get back to you at the first time. thank you for your kind understanding.


Have a nice day!


0 Votes 0 ·
image.png (22.7 KiB)
DominiqueDUCHEMIN-4668 avatar image
0 Votes"
DominiqueDUCHEMIN-4668 answered

Hello,

TLS looks great
129238-2021-09-03-20-05-16-vitsccmcb-tls.png

Thanks,
Dom



5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Andy-De-Deckker avatar image
7 Votes"
Andy-De-Deckker answered KitchenJeff-0052 commented

In case somebody stumbles across this post:
Apart from the necessary steps for enabling TLS 1.2 etc, I had to manually enable the following cipher suites (you can use Nartac IIS Crypto for that)

TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 (0x9f)
TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 (0x9e)

· 4
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Thanks Andy! This worked for me. Was really stumped after enabling TLS 1.2 but still getting same messages in dmpdownloader.log as the OP.

0 Votes 0 ·

Awesome! Thanks for sharing - resolved the problem!

0 Votes 0 ·

Thanks Andy this also fixed the issue for me!

0 Votes 0 ·

This worked!!!! I don't like downloading and installing things on production boxes... Two days of hitting my head on my desk and working with our Network folks.. Thank you

0 Votes 0 ·
SebastianCerazy-1155 avatar image
0 Votes"
SebastianCerazy-1155 answered

Excellent, thanks Andy!

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

DucheminDominique-7551 avatar image
0 Votes"
DucheminDominique-7551 answered DucheminDominique-7551 edited

Thanks a lot Andy

TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 (0x9f)
TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 (0x9e)

resolved my issue as the cycle of 5 minutes getting this error is no more happening... the last one was at 1:31 PM and now it is 2:16 pm so 45 minutes (8 or 9 Cycles) with no error ...

Thanks,
Dom

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.