question

yannara avatar image
0 Votes"
yannara asked saldana-msft edited

Clients don't talk to CMG

I have CMG setup successfully, CM is in 2010, already being in https-only mode and PKI infra. The problem is, that after provisioining cmg and changing client settings, clients do not have the Network Page setup for Internet-based MP.

  1. I created web cert with CMG special name from PKI and used it successfully during CMG greation.

  2. CMG analyze shows all agreen when testing with Azure GA account.

  3. CMG analyze with certificate - I can't do it for some reason, the analyze wizard don't accept any cert I am providing.

  4. I did enable MP and SUP to support CMG

  5. I enabled Cloud Services in Client Settings

  6. Clients jumps from Intranet mode to Internet mode just fine.

Being in Internet mode, client still tries to talk to MP and it seems not having the info about CMG availability.



mem-cm-site-deploymentmem-cm-co-management
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

yannara avatar image
0 Votes"
yannara answered SimonRenMSFT-3639 commented

Nailed it! I had 2 problems;

  1. My mistake, I didn´t export Root CA and did not set it when creating CMG. I had to delete previous Resource Group from Azure and I created new CMG instance with root ca inserted and without CRL check because I don´t have it in public.

  2. From here I learned, that the registry key was missing from MP even if CMW traffic was cheked in MP properties. See last post: https://docs.microsoft.com/en-us/answers/questions/122165/clients-not-communicating-with-cmg.html

· 2
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

You don’t need to delete the resource group or cmg instance every time such modifications are required.

0 Votes 0 ·

Hi,

Thank you very much for your feedback and sharing. We're glad that the question is solved now. It may help others who have similar issue. If you have any questions in future, we warmly welcome you to post in Microsoft Q&A forum again.

Have a nice day!

Best Regards,
Simon

0 Votes 0 ·
RahulJindal-2267 avatar image
0 Votes"
RahulJindal-2267 answered yannara commented

Clients not receiving CMG policy is one thing and clients not able to communicate with CMG is another thing. Which one is it for you?

· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

I guess both then...

0 Votes 0 ·
yannara avatar image
0 Votes"
yannara answered

I managed to create new client cert with key exported and loaded it to the console, got these errors. Will check and work on them...

87255-cmg1.jpg


87273-cmg2.jpg



cmg1.jpg (64.9 KiB)
cmg2.jpg (65.3 KiB)
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

RahulJindal-2267 avatar image
0 Votes"
RahulJindal-2267 answered RahulJindal-2267 commented

Are you using default client settings or custom? Incase of custom settings you will need to deploy them.

· 4
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Custom and they are deployed fine, resultant checked. I added cloud services to Default Policy now but I doubt there will be any change...

0 Votes 0 ·

Then there could be an issue with the machines not pulling down the policies because there is no additional configuration involved here. This just works out of the box. Anything in policyagent locationservices logs?

0 Votes 0 ·

87308-cmg3.jpg



Let me make sure, if I would have any other problems related to certs or connectivity to cmg, would this value still be here? Where from it picks up the value? It is not written in the Policy.

Policies are fine.


0 Votes 0 ·
cmg3.jpg (40.1 KiB)
Show more comments