Hello,
We are having trouble installing software center on internet clients pointed to our CMG. In the ccmsetup log, I am seeing the error: WINHTTP_CALLBACK_STATUS_FLAG_CERT_REV_FAILED is set
Our CMG is secured with a cert from an internal PKI. The root and intermediate CA are trusted on the client, and navigating to the CMG site in a browser, says the cert is OK. Additionally, the CRL is externally published via Azure. Installing using the /NoCRLCheck switch is successful, so it is definitely an issue with CRL checking.
Log snipped below. Any help you can provide would greatly appreciated. Thanks.
<![LOG[[CCMHTTP] AsyncCallback(): WINHTTP_CALLBACK_STATUS_SECURE_FAILURE Encountered]LOG]!><time="08:59:08.352+240" date="03-31-2022" component="ccmsetup" context="" type="3" thread="12536" file="ccmhttperror.cpp:58">
<![LOG[[CCMHTTP] : dwStatusInformationLength is 4
]LOG]!><time="08:59:08.352+240" date="03-31-2022" component="ccmsetup" context="" type="3" thread="12536" file="ccmhttperror.cpp:59">
<![LOG[[CCMHTTP] : *lpvStatusInformation is 0x1
]LOG]!><time="08:59:08.352+240" date="03-31-2022" component="ccmsetup" context="" type="3" thread="12536" file="ccmhttperror.cpp:60">
<![LOG[[CCMHTTP] : WINHTTP_CALLBACK_STATUS_FLAG_CERT_REV_FAILED is set
]LOG]!><time="08:59:08.352+240" date="03-31-2022" component="ccmsetup" context="" type="3" thread="12536" file="ccmhttperror.cpp:64">
<![LOG[[CCMHTTP] AsyncCallback(): -----------------------------------------------------------------]LOG]!><time="08:59:08.352+240" date="03-31-2022" component="ccmsetup" context="" type="3" thread="12536" file="ccmhttperror.cpp:90">
<![LOG[Failed in WinHttpSendRequest API, ErrorCode = 0x2f8f]LOG]!><time="08:59:08.353+240" date="03-31-2022" component="ccmsetup" context="" type="2" thread="12536" file="requestresponse.cpp:826">
<![LOG[[CCMHTTP] ERROR: URL=https://MYCMG.EASTUS.CLOUDAPP.AZURE.COM/CCM_Proxy_ServerAuth/72057594037927939/CCM_STS, Port=443, Options=224, Code=12175, Text=ERROR_WINHTTP_SECURE_FAILURE]LOG]!><time="08:59:08.353+240" date="03-31-2022" component="ccmsetup" context="" type="1" thread="12536" file="ccmhttperror.cpp:306">
<![LOG[[CCMHTTP] ERROR INFO: StatusCode=<unknown> StatusText=]LOG]!><time="08:59:08.353+240" date="03-31-2022" component="ccmsetup" context="" type="1" thread="12536" file="ccmhttperror.cpp:317">
<![LOG[RetrieveTokenFromStsServerImpl failed with error 0x80072f8f]LOG]!><time="08:59:08.353+240" date="03-31-2022" component="ccmsetup" context="" type="3" thread="12536" file="ccmtoken.cpp:624">
<![LOG[Failed to create SMS client object. Error 0x80040154]LOG]!><time="08:59:08.354+240" date="03-31-2022" component="ccmsetup" context="" type="2" thread="12536" file="ccmtoken.cpp:456">
<![LOG[Failed to get CCM access token and client doesn't have PKI issued cert to use SSL. Error 0x80070002]LOG]!><time="08:59:08.354+240" date="03-31-2022" component="ccmsetup" context="" type="3" thread="12536" file="requestresponse.cpp:347">
<![LOG[[CCMHTTP] ERROR: URL=https://MYCMG.EASTUS.CLOUDAPP.AZURE.COM/CCM_Proxy_MutualAuth/72057594037927939/CCM_Client/ccmsetup.cab, Port=0, Options=224, Code=0, Text=CCM_E_NO_TOKEN_AUTH]LOG]!><time="08:59:08.354+240" date="03-31-2022" component="ccmsetup" context="" type="1" thread="12536" file="ccmhttperror.cpp:306">
<![LOG[[CCMHTTP] ERROR INFO: StatusCode=<unknown> StatusText=]LOG]!><time="08:59:08.354+240" date="03-31-2022" component="ccmsetup" context="" type="1" thread="12536" file="ccmhttperror.cpp:317">