I am sure this blog will help lot of you with same setup as mine.
SCCM R3 running on Windows 2008 R2 in NATIVE mode. SQL database is placed at remote SQL 2008 Cluster.
Installation went fine. My computers were discovered successfully and listed in collections. BUT, SCCM Agent is failing to install, either Automatic or Manual.
If you read the CCMSetup.log (located at C:\Windows\CCMSetup in Windows 2008/Windows 7, C:\Windows\System32\CCMSetup in Windows 2003/XP), you will find this error message in the end.
“Call to HttpSendRequestSync failed for port 443 with an error code.”
I checked the following items and all looking good.
Correct Web Server Cert in SCCM server
Client auto enrollment GPO and client machines are getting certs
ConfMgr Management Point is in Red and stopped with errors in Site Status node
All my Internet search were wasted time and frustration. Even though Windows 2008 R2 OS is support for SCCM R3, I am suspecting something still wrong with locked down security in the OS.
I found the FIX myself accidentally. This might work for you too. The fix is,
- Log on to the SCCM server via Remote desktop
- Open Internet Information Services (IIS) Manager Console
- Expand Server Name –> Sites –> Default Web Site
- click on CCM_Client site. On right side pane, double click SSL Settings. Select Accept on Client Certificates: section.
5. Click Apply on Action Pane.
6. Repeat these steps 4 through 5 again for CCM_Incoming, CCM_Outgoing, CCM_System and SMS_MP sites.
7. That’s It. You may want to run IISReset, just in case. Now automatic client install (or Manual) should be working.
Now I hear you asking “Is this setting makes less secure in Native mode? After all Native Mode is all about secure setup”. I know..believe me I know.
If you restart the server, the above settings will revert back to “Require” automatically. My objective was to kick off the client automatic install.