Trying to install an agent through a firewall. Have verified 443 & 8531 are open via telnet. CCMsetup.log shows the setup using HTTP, not HTTPS. Thought it was supposed to try using both HTTP and HTTPS. I can find the switch to specify the HTTPS port number, but cannot find a switch to make it use HTTPS over HTTP. We are new to SCCM2012, not an existing SCCM2007 shop. Have edited hosts file so that it can resolve the name of the mgmt point server on the inside of the firewall (cfgman23.acme.com).
Launch setup
ccmsetup.exe smssitecode=XXX dnssuffix=dmz.acme.com /mp:cfgman23.acme.com CCMLOGLEVEL=3
Hilights from the log, particularly the last line written. CCMsetup prcocess never exits. Keeps retrying, failing.
Log would not paste as is. Too many <> chars? Replaced with {}
{![LOG[MSI properties: SMSSITECODE="XXX" DNSSUFFIX="dmz.acme.com" CCMLOGLEVEL="3" CCMHTTPPORT="80" CCMHTTPSPORT="443" CCMHTTPSSTATE="224" CCMFIRSTCERT="1"]LOG]!}{time="12:59:49.446+300" date="08-01-2012" component="ccmsetup" context="" type="1" thread="3872" file="ccmsetup.cpp:3738"}
{![LOG[Sending message body '{ContentLocationRequest SchemaVersion="1.00"}
{ClientPackage/}
{ClientLocationInfo LocationType="SMSPACKAGE" DistributeOnDemand="0" UseProtected="0" AllowCaching="0" BranchDPFlags="0" AllowHTTP="1" AllowSMB="0" AllowMulticast="0" UseInternetDP="0"}
{ADSite Name="SITE1"/}
{Forest Name="dmz.acme.com"/}
{Domain Name="dmz.acme.com"/}
{IPAddresses}
{IPAddress SubnetAddress="10.11.12.0" Address="10.11.12.66"/}
{/IPAddresses}
{/ClientLocationInfo}
{/ContentLocationRequest}
']LOG]!}{time="12:59:49.587+300" date="08-01-2012" component="ccmsetup" context="" type="0" thread="1096" file="util.cpp:2205"}
{![LOG[Sending message header '{Msg SchemaVersion="1.1"}{ID}{644FC761-CC17-4F41-8BA1-43C211AA497F}{/ID}{SourceHost}DUMMY{/SourceHost}{TargetAddress}mp:[http]MP_LocationManager{/TargetAddress}{ReplyTo}direct:DUMMY:LS_ReplyLocations{/ReplyTo}{Priority}3{/Priority}{Timeout}600{/Timeout}{ReqVersion}5931{/ReqVersion}{TargetHost}cfgman23.acme.com{/TargetHost}{TargetEndpoint}MP_LocationManager{/TargetEndpoint}{ReplyMode}Sync{/ReplyMode}{Protocol}http{/Protocol}{SentTime}2012-08-01T17:59:49Z{/SentTime}{Body Type="ByteRange" Offset="0" Length="1054"/}{Hooks}{Hook3 Name="zlib-compress"/}{/Hooks}{Payload Type="inline"/}{/Msg}']LOG]!}{time="12:59:49.587+300" date="08-01-2012" component="ccmsetup" context="" type="0" thread="1096" file="util.cpp:2286"}
{![LOG[CCM_POST 'HTTP://cfgman23.acme.com/ccm_system/request']LOG]!}{time="12:59:49.587+300" date="08-01-2012" component="ccmsetup" context="" type="1" thread="1096" file="httphelper.cpp:802"}
So I happen to work for a company that also has a MS Premier support. It's often tedious and not terribly productive since MS has offshored the service, so it's not usually my first choice for problem resolution. However, in this case they were able to help me after a couple hours.
Despite all the documentation to the effect that the SCCM agent happily works over HTTP and HTTPS, it doesn't readily HTTPS during setup unless you help it out a little. Documentation for the MP and SMSMP switches says they should be used to provide server names. It does not say that you can also control the protocol that is used to connect to that server if you do the following:
ccmsetup.exe smssitecode=XXX dnssuffix=dmz.acme.com CCMLOGLEVEL=3 /mp:https://cfgman23.acme.com smsmp=https://cfgman23.acme.com /source=\\domaindfs\stuff\scm12 /UsePKICertThe MS tech I worked with implied that this was a defect that could be corrected by MS some day. If you're a SCCM newbie like myself, you might also like to know that it helps to use the CCMTrace tool to read the XML based SCCM log files.C:\Program Files\Microsoft Configuration Manager\tools\CCMtrace.exe