Environment: SCCM 1602, full HTTPS communication throughout.
I ran into this problem recently at a client where we’d installed SCCM 1602 with full HTTPS communication throughout. One of the requirements was to deploy software and software updates to clients on the internet as well as the intranet. All went pretty much according to plan until I put a laptop on the internet to test deployment of said software. The issue I faced was that whatever I did, I couldn’t make the laptop drop to Currently Internet from Currently Intranet. Looking at the LocationServices.log confirmed my suspicions: it was trying to contact an MP on the internal network.
Attempting to refresh TRK from AD LocationServices 22/06/2016 16:27:50 3024 (0x0BD0)
Unexpected row count (0) retrieved from AD. LocationServices 22/06/2016 16:27:50 3024 (0x0BD0)
Failed to get TRK from AD LocationServices 22/06/2016 16:27:50 3024 (0x0BD0)
Failed to send request to /SMS_MP/.sms_aut?MPKEYINFORMATIONEX at host ICSKSCCMMP02.local.com, error 0x2ee2 LocationServices 22/06/2016 16:28:11 3024 (0x0BD0)
[CCMHTTP] ERROR: URL=https://ICSKSCCMMP02.local.com/SMS_MP/.sms_aut?MPKEYINFORMATIONEX, Port=443, Options=63, Code=12002, Text=ERROR_WINHTTP_TIMEOUT LocationServices 22/06/2016 16:28:11 3024 (0x0BD0)
Raising event:
instance of CCM_CcmHttp_Status
{
ClientID = “GUID:0abd2d73-79a1-4b55-91de-1bc56d93050c”;
DateTime = “20160622152811.098000+000”;
HostName = “ICSKSCCMMP02.local.com”;
HRESULT = “0x80072ee2”;
ProcessID = 2948;
StatusCode = 600;
ThreadID = 3024;
};
LocationServices 22/06/2016 16:28:11 3024 (0x0BD0)
Successfully queued event on HTTP/HTTPS failure for server ‘ICSKSCCMMP02.local.com’. LocationServices 22/06/2016 16:28:11 3024 (0x0BD0)
MP ICSKSCCMMP02 capability is not available LocationServices 22/06/2016 16:28:11 3024 (0x0BD0)
Executing Task LSRefreshDefaultMPTask LocationServices 22/06/2016 16:28:12 2136 (0x0858)
Current AD site of machine is North-West LocationServices 22/06/2016 16:28:12 6028 (0x178C)
Failed to send request to /SMS_MP/.sms_aut?MPKEYINFORMATIONEX at host ICSKSCCMMP02, error 0x2ee2 LocationServices 22/06/2016 16:28:32 3024 (0x0BD0)
During my investigations I looked into what criteria ConfigMgr used to discover if it was on the internet and found the answer here:
When the client detects a change in network, this kicks off service location to find its intranet management point (the default management point in its assigned site or proxy management point if it’s within the boundaries of a secondary site that belongs to its assigned site). If service location fails, the client deduces that it must be on the Internet and so tries to communicate with its assigned Internet-based management point. The assigned Internet-based management point always directs the client to the Internet-based site systems in the site, and never to intranet-based site systems or to Internet-based site systems in another site.
So I looked at my default management point. This was also set (via an alias) as the internet management point (owing to the IP policy here they don’t really ‘do’ DMZs but that’s another story). So what was happening? Well essentially when the local network was disconnected and the computer was switched over to an internet connection, it wasn’t able to differentiate the default MP from the internet MP and hence thought it was still on the local network.
The Solution
I changed the default Management Point from the internet facing MP to a local MP that wasn’t accessible via the internet. This allowed the client to figure out that it was no longer on the local network and change over to the internet. Once this happened, it was then able to pick the correct MP and the correct DP to talk to and order was once again restored. I guess this isn’t a common scenario but something to look out for if you’re experiencing the problem described.
Hello Bondy,
Thank you for posting your experience with SCCM client working on Internet.
Based on your article (https://bondy.tech/?p=324), you mentioned as part of your solution, that “I changed the default Management Point from the internet facing MP to a local MP that wasn’t accessible via the internet. ”
Where/How did you make this change (physically)? On the site-server or client side? If possible, can you please provide overall steps?
You mentioned you took a laptop and found this issue. Was this specific issue just on one laptop or all your Internet based systems?
I will be very helpful if you can answer my questions as I am currently having same issues (but I am running SCCM CB 1806 version) with Clould Management Gateway (CMG).
Thank you in advance.
Hi Irfan
This was a little while ago now in a IBCM configuration. It was also worth noting that it was in a relatively non-standard (for an enterprise, at least) environment which as I point out didn’t use DMZs. In any case, I simply changed the default management point under Administration | Sites | | Config Site Components | Mgmt Point on the site server.
This was obviously pre-CMG and I’m not 100% sure whether this would apply in your situation or not (must confess, I’ve not configured the CMG in my lab to test).
As regards the issue itself, I don’t recall whether it applied to only that laptop or all internet systems as it was something I came across in initial setup. I think I saw it on more than one client machine but as I say it was a while back and memory is fuzzy!