Connection Error after upgrading to version 2203
On Monday, I upgraded Endpoint Manager to version 2203. Everything appears to be working fine on the server itself. We only have one Endpoint Manager server with SQL collocated. After upgrading the Endpoint Manager console on remote systems, I am having some errors. When I go to the Console Extensions node or the Console Connections under Administration, I receive the following message Configuration Manager can’t connect to the administration service The Configuration Manager console can’t connect to the site database through the administration service on <ServerFQDN> Verify the following There’s no certificate on the SMS Provider site system server. Make sure it has a valid PKI or Configuration Manager-generated certificate for the site. Additionally, It looks like until I’m able to make this connection I can’t update the WebView2 extension and without that extension the console crashed with I try to access the Windows Servicing and Microsoft Edge Management nodes under Software library. If I manually import the self sign certificate from Endpoint Manager (we are not using PKI) into the Trusted People container in the Certificates MMC on the remote systems then the console works correctly. I’d prefer not to band aid this problem but instead fix it. I’ve tried the following that I found on blog posts to resolve this issue but all with no success Made sure that “Use Configuration Manager-generated certificates for HTTP site system” is enabled Made sure no certificates are block in Configuration Manager I’ve checked the SSL Certificate on the Default Website and it is the self signed certificate from Endpoint Manager. Turned off Windows Firewall Reviewed the SmsAdminUI.log file. The SmsAdminUI.log file show the following entries: The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel. System.Net.WebException: The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel. Failed to get a response for OData GET request: https://<ServerFQDN>/AdminService/v1.0/ConsoleExtensionMetadata?$filter=IsRequired eq true and IsTombstoned eq false and IsApproved eq true Could not connect to the AdminService to check for requirements. System.Net.WebException: The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel. Failed to get a response for OData GET request: https://< ServerFQDN>/AdminService/v1.0/ConsoleExtensionMetadata?$filter=IsApproved eq false Error getting custom console extensions IDs, versions and names using Admin Service: SSLFailure System.Net.WebException: The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel. Failed to get a response for OData POST request: https:// <FQDN>//AdminService/v1.0/ConsoleUsageData/AdminService.UpdateConsoleHeartbeat Microsoft.ConfigurationManagement.ManagementProvider.ODataConnectionException: SSLFailure At this point, I don’t know where to go next. Any help would be greatly appreciated.
Tenant attach - 401 error
Hi, I have recently added Tenant attach to my SCCM server. One PC has successfully added into Intune, but all remote options are disabled saying "Device is blocked or unapproved in MECM". On checking both CMGatewayNotificationWorker and CMGatewaySyncUploadWorker logs, I get a 401 error: <![LOG[Worker CMGatewaySyncUploadWorker failure]LOG]!><time="16:06:46.8307671" date="3-22-2021" component="SMS_SERVICE_CONNECTOR_CMGatewaySyncUploadWorker" context="" type="3" thread="153" file=""> <![LOG[Exception details:]LOG]!><time="16:06:46.8307671" date="3-22-2021" component="SMS_SERVICE_CONNECTOR_CMGatewaySyncUploadWorker" context="" type="3" thread="153" file=""> <![LOG[[Critical][CMGatewaySyncUploadWorker][0][System.Net.WebException][0x80131509] The remote server returned an error: (401) Unauthorized. at Microsoft.ConfigurationManager.ServiceConnector.ExtensionMethods.<GetResponseAsync>d_ 13.MoveNext() --- End of stack trace from previous location where exception was thrown --- at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) at Microsoft.ConfigurationManager.ServiceConnector.ExtensionMethods.<GetResponseAsync>d 11.MoveNext() --- End of stack trace from previous location where exception was thrown --- at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) at Microsoft.ConfigurationManager.ServiceConnector.ExtensionMethods.<GetResponseAsync>d 10.MoveNext() --- End of stack trace from previous location where exception was thrown --- at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() at Microsoft.ConfigurationManager.ServiceConnector.DeltaUploadWorkerBase`1.<ProcessRequestQueueAsync>d 31.MoveNext() --- End of stack trace from previous location where exception was thrown --- at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() at Microsoft.ConfigurationManager.ServiceConnector.DeltaUploadWorkerBase`1.<ProcessRequestQueueAsync>d 31.MoveNext() --- End of stack trace from previous location where exception was thrown --- at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) at Microsoft.ConfigurationManager.ServiceConnector.DeltaUploadWorkerBase`1.<DoWorkAsync>d 23.MoveNext() --- End of stack trace from previous location where exception was thrown --- at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) at Microsoft.ConfigurationManager.ServiceConnector.AadServiceConnectorWorker.<DoWorkAsync>d 16.MoveNext() --- End of stack trace from previous location where exception was thrown --- at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) at Microsoft.ConfigurationManager.ServiceConnector.ServiceConnectorWorkerBase.<ExecuteAsync>d_75.MoveNext() --- End of stack trace from previous location where exception was thrown --- at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() This has been setup for around 5 hours, with the error persisting through out. I have checked the pre-requisites and these are met (that I believe). Any other things to have a look at? Some Policies are not syncing in Intune, so this may be linked. Any help is appreciated Thanks Conor
SCCM showing outdated version of endpoint protection clients
We have SCCM version 1610 and was having an issue with some of the clients. SCCM showing the outdated SCEP version and engine version whereas the client itself is updated as per the attached screenshot. The issue is resolved and reported back correctly after reinstalled of SCEP clients. But it is somehow it is showing outdated again after a few months. Any idea?