[CCMHTTP] : WINHTTP_CALLBACK_STATUS_FLAG_CERT_CN_INVALID is set


I’ve been building up a greenfield ConfigMgr site recently and the site is using PKI. Everything was working well but then suddenly SSL comms ground to a halt and nothing was speaking to the management point successfully.

I found the problem when I attempted to install the ConfigMgr client on a new device. The ccmsetup.log reported a sea of red around SSL.

The issue was due to the fact that I had issued the IIS certificate on the Management Point server with a NETBIOS and a FQDN in the DNS field of the Subject Alternative name of the IIS cert.

I deleted the IIS cert, and reissued the certificate with just the FQDN and this resolved the problem.

Hope this helps if you get the same problem.

3 comments

  1. Hi Paul,

    I was about to post the same link as John. If you go to 14mins,19secs in, Justin adds the hostname and FQDN to the cert. The same with this guide also: https://www.windows-noob.com/forums/topic/16300-how-can-i-configure-system-center-configuration-manager-in-https-mode-pki-part-1/

    Might still try what you did as we are getting some WinHTTP errors when installing the client on our Server 2008 SP2 Standard Servers (I Know!), all other devices work, just that OS failing with:

    MP ‘SCCM.FQDN’ is not compatible
    Failed to get client version for sending state messages. Error 0x8004100e
    IsSslClientAuthEnabled – Determining provisioning mode state failed with 80070002. Defaulting to state of 63.
    Failed in WinHttpReceiveResponse API, ErrorCode = 0x2efd
    [CCMHTTP] ERROR: URL=https://SCCM.FQDN/ccm_system/request, Port=443, Options=63, Code=12029, Text=ERROR_WINHTTP_CANNOT_CONNECT
    [CCMHTTP] ERROR INFO: StatusCode=200 StatusText=
    Failed (0x80072efd) to send location request to ‘SCCM.FQDN’. StatusCode 200, StatusText ”
    Failed to send location message to ‘SCCM.FQDN’. Status text ”
    GetDPLocations failed with error 0x80072efd

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s