question

BastenVelden-3118 avatar image
0 Votes"
BastenVelden-3118 asked BastenVelden-3118 answered

Peer cache source certificate issue

Hello all,

hopefully someone will be able to help us on an issue we have in our SCCM environment.
We use a SCCM environment to manage our servers.
This environment is successfully configured using PKI based on AD-enrolled certificates.
Our MP and DP are configured using only HTTPS communications and this works fine with our clients.

Since we have a great deal of branch offices (small locations with only a couple of servers) where we cannot deploy a DP, we decided to use peer caching on one of the servers that will act as a local content source for the rest of the servers.
We created a separate client collection that contain the specific servers on these locations, which has specific client settings deployed to it to enable Peer cache settings.
I can confirm this works, since when a package has been deployed on this server and another server in the same subnet requests for any content sources of this package from the MP, the server acting as peer cache gets returned as first content source location:
127728-2021-08-31-09-41-31-window.png


Now the issue is that whenever another server in the same subnet tries to download the content, this will fail when using the peer cache source.
In the DataTransferService.log I can see the following behavior:
127787-image.png

The client reports an error with HTTP code 400 Bad request.
When I try to visit the same location of this server I notice it reports a certificate issue:
127797-image.png

The certificate used seems to be a self-signed certificate:
127835-image.png

To me it looks like this is the cause of the issue, since we are using a PKI environment for SCCM.
Since the certificate is not a valid certificate, the client will not accept its validity and thus errors out with a HTTP code 400.

Right now, I am a bit stumped on how to solve this, since it seems I am unable to change or do anything to fix this problem.
Anyone here that can confirm this and has a solution or can confirm the same behavior?

Thanks for the help.

Kind regards,


B. ten Velden


mem-cm-general
image.png (37.2 KiB)
image.png (15.2 KiB)
image.png (17.8 KiB)
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Jason-MSFT avatar image
0 Votes"
Jason-MSFT answered

What ConfigMgr version (site and client) are you running?

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

BastenVelden-3118 avatar image
0 Votes"
BastenVelden-3118 answered

site is running ConfigMgr 2103 UR KB10036164, clients are all running the latest version (5.00.9049.1035).

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Jason-MSFT avatar image
1 Vote"
Jason-MSFT answered

You should open a support case. From what I can tell, this is a known issue and we have a work item tracking it, but it's not fixed yet. Opening a support case will validate that you are having the same issue, provide the devs will more info, and provide additional weight to prioritize addressing the issue.

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

BastenVelden-3118 avatar image
0 Votes"
BastenVelden-3118 answered

Thanks for hte help Jason, I will do that.

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.