Remote device can not connect to SCCM cloud gateway

Hi All,

We have an issue with our remote devices not talking to the SCCM cloud management gateway. A device that is on the internet will not connect to the gateway. The LocationServices.LOG will return entries like WINHTTP_SECURE_FAILURE. When the device starts up a VPN connection with the company network, it connects properly to the on premise SCCM MP. Oddly enough, when deconnecting the VPN, the device switches over to the cloud gateway without any problem and stays connected. After a reboot, for instance, the same story starts all over again.
Could there be an issue with the SSL certificate on the cloud gateway? I believe it has been configured correctly. Below is included an excerpt of the locationservices.log. Any help would be very much appreciated!!

]LOG]!><time="08:26:06.909-60" date="02-14-2018" component="LocationServices" context="" type="1" thread="10500" file="event.cpp:840">
<![LOG[Failed to send request to /CCM_Proxy_MutualAuth/72057594037927939/SMS_MP/.sms_aut?SITESIGNCERT at host ABCDEFG.CLOUDAPP.NET, error 0x2f8f]LOG]!><time="08:26:06.910-60" date="02-14-2018" component="LocationServices" context="" type="2" thread="10500" file="ccmhttpget.cpp:1599">
<![LOG[[CCMHTTP] ERROR: URL=https://ABCDEFG.CLOUDAPP.NET/CCM_Proxy_MutualAuth/72057594037927939/SMS_MP/.sms_aut?SITESIGNCERT, Port=443, Options=480, Code=12175, Text=ERROR_WINHTTP_SECURE_FAILURE]LOG]!><time="08:26:06.910-60" date="02-14-2018" component="LocationServices" context="" type="1" thread="10500" file="ccmhttperror.cpp:291">
<![LOG[Successfully queued event on HTTP/HTTPS failure for server 'ABCDEFG.CLOUDAPP.NET'.]LOG]!><time="08:26:06.910-60" date="02-14-2018" component="LocationServices" context="" type="1" thread="10500" file="ccmhttperror.cpp:357">
<![LOG[2 internet MP errors in the last 10 minutes, threshold is 5.]LOG]!><time="08:26:06.910-60" date="02-14-2018" component="LocationServices" context="" type="2" thread="14012" file="lsutils.cpp:2862">
<![LOG[Domain joined client is in Unknown location]LOG]!><time="08:26:06.910-60" date="02-14-2018" component="LocationServices" context="" type="1" thread="10500" file="lsad.cpp:1183">
<![LOG[Using INF MP ABCDEFG.CLOUDAPP.NET/CCM_Proxy_MutualAuth/72057594037927939 as lookup MP.]LOG]!><time="08:26:06.911-60" date="02-14-2018" component="LocationServices" context="" type="1" thread="10500" file="lsad.cpp:2391">
<![LOG[Assigned MP error threshold reached, moving to next MP.]LOG]!><time="08:26:06.912-60" date="02-14-2018" component="LocationServices" context="" type="2" thread="4432" file="lsutils.cpp:2800">
<![LOG[Retrieved MP [SCCMSERVER.COMPANY.INTERNAL] from Registry]LOG]!><time="08:26:06.912-60" date="02-14-2018" component="LocationServices" context="" type="1" thread="10500" file="lsad.cpp:2415">
<![LOG[Attempting to retrieve lookup MP(s) from DNS]LOG]!><time="08:26:06.912-60" date="02-14-2018" component="LocationServices" context="" type="1" thread="10500" file="lsad.cpp:2467">
<![LOG[Using default DNS suffix COMPANY.INTERNAL]LOG]!><time="08:26:06.912-60" date="02-14-2018" component="LocationServices" context="" type="1" thread="10500" file="lsad.cpp:3556">
<![LOG[Attempting to retrieve default management points from DNS]LOG]!><time="08:26:06.912-60" date="02-14-2018" component="LocationServices" context="" type="1" thread="10500" file="lsad.cpp:3565">
<![LOG[Failed to retrieve DNS service record using _mssms_mp_s01._tcp.COMPANY.INTERNAL lookup. DNS returned error 9003]LOG]!><time="08:26:06.944-60" date="02-14-2018" component="LocationServices" context="" type="2" thread="10500" file="lsad.cpp:3591">
<![LOG[No lookup MP(s) from DNS]LOG]!><time="08:26:06.944-60" date="02-14-2018" component="LocationServices" context="" type="1" thread="10500" file="lsad.cpp:2496">
<![LOG[Policy prevents failover to WINS for lookup]LOG]!><time="08:26:06.944-60" date="02-14-2018" component="LocationServices" context="" type="1" thread="10500" file="lsad.cpp:2520">
<![LOG[Attempting to retrieve default management points from lookup MP(s) via HTTPS]LOG]!><time="08:26:06.959-60" date="02-14-2018" component="LocationServices" context="" type="1" thread="10500" file="lsad.cpp:2707">
<![LOG[Unable to retrieve AD forest + domain membership. Error 0x8007054b]LOG]!><time="08:26:06.959-60" date="02-14-2018" component="LocationServices" context="" type="2" thread="10500" file="lsad.cpp:902">
<![LOG[Failed to send request to /SMS_MP/.sms_aut?SITESIGNCERT at host SCCMSERVER.COMPANY.INTERNAL, error 0x2ee7]LOG]!><time="08:26:06.959-60" date="02-14-2018" component="LocationServices" context="" type="2" thread="10500" file="ccmhttpget.cpp:1599">
<![LOG[[CCMHTTP] ERROR: URL=http://SCCMSERVER.COMPANY.INTERNAL/SMS_MP/.sms_aut?SITESIGNCERT, Port=80, Options=480, Code=12007, Text=ERROR_WINHTTP_NAME_NOT_RESOLVED]LOG]!><time="08:26:06.959-60" date="02-14-2018" component="LocationServices" context="" type="1" thread="10500" file="ccmhttperror.cpp:291">
<![LOG[Raising event:

instance of CCM_CcmHttp_Status
{
      ClientID = "GUID:6FE1B6F1-CBE2-4FED-A1AB-2A45787DADDC";
      DateTime = "20180214072606.959000+000";
      HostName = "SCCMSERVER.COMPANY.INTERNAL";
      HRESULT = "0x80072ee7";
      ProcessID = 12892;
      StatusCode = 600;
      ThreadID = 10500;
};
Piet VanbeckbergenInfrastructure engineerAsked:
Who is Participating?
 
Kyle SantosCustomer RelationsCommented:
Hi,

I am following up on your question.  Do you still need help?

If you solved the problem on your own, would you please post the solution here in case others have the same problem?

Regards,

Kyle Santos
Customer Relations
0
 
Piet VanbeckbergenInfrastructure engineerAuthor Commented:
Hi Kyle,

not solved yet, due to other priorities. I have however found following article and will try that out when I get the time.

https://docs.microsoft.com/en-us/sccm/core/clients/manage/cmg/setup-cloud-management-gateway#modify-a-cmg
0
 
Kyle SantosCustomer RelationsCommented:
OK thank you for letting me know.  Would you like me to send more calls out to experts to help solve this?
0
 
Piet VanbeckbergenInfrastructure engineerAuthor Commented:
Any suggestion or advice would be more than welcome :)
0
All Courses

From novice to tech pro — start learning today.