Hello All,
We have observed that systems which try to connect to IBCM MECM Server over Internet are not able to connect and throwing the below error in the MECM client logs ccmmessaging.log:
ERROR_WINHTTP_SECURE_FAILURE
While we troubleshooting the error code ERROR_WINHTTP_SECURE_FAILURE, we have found that this is typically occurred when the MECM Client IBCM Certificate is fails to connect to CDP to CRL checks. In our environment, we have only LDAP as CDP and HTTP URL based CDP is absent)
We need more information on:
How to manage / allow CRL Checks for Internet Clients (which are not connecting corporate network by LAN / WiFi / VPN etc., however connecting from Internet) Does publishing HTTP URL based CDP is only option available and is it secure? Can we have both LDAP and HTTP URL CDP for CRL check? (My security team is afraid of allowing HTTP traffic from Public network)
I understood that we can disable CRL Check on SCCM Server properties for site system and install SCCM Client with /NoCRLCheck properties. However we are using Client Push Installation method to install MECM Client. How we can provide /NoCRLCheck switch using Client Push Installation method OR does Client installs automatically with CRL check bypass when this option is unchecked. We also need to understand - will this CRL check bypass intact when we upgrade the MECM Client upgrade whenever we upgrade MECM site.
have referred the below blogs so far:*
Please help.
Thanks and regards,
Kedar