ConfigMgr HTTP-only Client Communication is Going Out of Support | SCCM | Configuration Manager

Microsoft announced their plans to end the support for ConfigMgr HTTP-only client communication. Many users noticed this when they try to install Technical Preview version 2103 of Configuration Manager. This alert came up as a prerequisite check warning in the TP version.

You can build the SCCM technical preview version lab to have a better understanding of new features. If you are a technology enthusiast and love to test new ConfigMgr features, then YES, go for the Technical Preview LAB.

I have a list of unsupported or ConfigMgr Deprecated Features list. I recently update with many features that are going out of support soon. And highlight from that list is HTTP client communication.

RIP ConfigMgr HTTP-only Client Communication

Yes, ConfigMgr HTTP-only Client Communication is Going Out of Support. But this is not going to happen pretty soon. The out of support date mentioned in Microsoft docs is the first release after Oct 31, 2022.

Patch My PC

You might have already noticed the following warning in prerequisite checks of ConfigMgr 2103 TP installation status wizard.

[Completed with warning]: HTTPS or Enhanced HTTP are not enabled for client communication. HTTP-only communication is deprecated and support will be removed in a future version of Configuration Manager. Enable a more secure communication method for the site either by enabling HTTPS or Enhanced HTTP. For more information, see https://go.microsoft.com/fwlink/?linkid=2155007.

ConfigMgr HTTP-only Client Communication is Going Out of Support | SCCM
ConfigMgr HTTP-only Client Communication is Going Out of Support | SCCM

Need to Switch to HTTPS or eHTTPS

I recommend using enhanced-HTTP (a.k.a eHTTP) option to make client communication more secure. I’m sure there are many surprise features coming soon into SCCM with secured communication.

1E Nomad

Let’s see how to enable the ehttp option using the following configuration:

  • Navigate to Site Properties > Client Computer Communication tab.
  • Check the box “Use Configuration Manager-generated certificates for HTTP site systems”.
ConfigMgr HTTP-only Client Communication is Going Out of Support | SCCM
ConfigMgr HTTP-only Client Communication is Going Out of Support | SCCM

Other SCCM Features Going out of support

The following are some of the other SCCM features going out of support soon.

  • Microsoft Edge legacy browser profiles
  • Desktop Analytics tile and page for Security Updates
  • The collection evaluation viewer, which is integrated in version 2010.
  • Log Analytics connector for Azure Monitor.
  • The geographical view in the Site Hierarchy node of the Monitoring workspace in the SCCM console.
  • Won’t be able to create a traditional Cloud DP in the future.
  • Classic service deployment to Azure for CMG and cloud DP.

NOTE! – I have a list of unsupported or ConfigMgr Deprecated Features list.

Resources

7 thoughts on “ConfigMgr HTTP-only Client Communication is Going Out of Support | SCCM | Configuration Manager”

  1. Hi Anoop, thanks for this article!
    I wonder what this will mean for a site system role like the Fallback Status Point as this is based on pure HTTP communication?

    Reply
    • Hello – I have not specifically heard anything about the Fallback status point. Any specific reason for this question? Are you concerned about the clients that are orphans (unassigned/not assigned) who can’t communicate with secured channels?

      Reply
      • In essence yes, because that is a prerequisite for a Fallback Status Point. It operates purely in HTTP to be able to pick up clients that are not communicating correctly for whatever reason in the environment.

  2. Hi Anoop,

    Is there any actual impact to clients by switching on enhanced HTTP? Cant find any information to say it does. Just want to be sure before its done.

    Reply
    • I think it won’t impact anything because we are not going only HTTPS mode. So ConfigMgr can always fallback to normal communication.

      However, I would recommend testing this in pre-production environment before going into production mass deployment.

      Reply
  3. Hi Anoop, on a different subject. Will activating Enhanced HTTP on a primary site level, still allow client communication of both EHTTP and PKI level? (with PKI communication being preferred over EHTTP) I am mainly asking this question in the context of our server infra that is currently managed using HTTP based site server roles (MP/DP/SUP) as due to their nature, it is often not straight forward to connect these clients using a PKI based certificate. But then on the other hand we wouldn’t want to go and have to setup a dedicate child primary site in our CAS based hierarchy, just to support these servers on EHTTP if we can’t mix both solutions within the same primary site setup.

    Reply
  4. After upgrading to SCCM 2103 and enabling the HTTPS or HTTP with the box checked Use Config Manager-generated certificates for HTTP site systems, my clients are all showing offline. I tried switching back to the previous way it was, but that didn’t fix it. Is there something I need to change in IIS?

    Reply

Leave a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.