Let’s find out how to fix ConfigMgr Sites that don’t have a Proper HTTPS Configuration issue. I have noticed this error when I was going through management insights. I have seen this issue with SCCM 2004 version.
ConfigMgr Management Insights will help you to gain valuable insights into the current state of the SCCM environment. The Management insights are based on the analysis of data in the site database.
Issue
- Launch to Configuration Manager (a.k.a SCCM) console.
- Navigate to \Administration\Overview\Management Insights
- You can see the critical error for management insights rule called “Sites that don’t have proper HTTPS configuration.”
| Insight Name | Group | Priority | Last Change | Status |
|---|---|---|---|---|
| Sites that don’t have proper HTTPS configuration | Cloud Services | Critical | 6/3/2020 4:16:00 PM | Action Needed |
Analysis
ConfigMgr Sites that don’t have proper HTTPS configuration rule lists sites in your hierarchy that are not properly configured for HTTPS.
This critical error can cause two issues:
- Prevents the site from synchronizing collection membership results to Azure Active Directory (Azure AD) groups.
- Tenant attach Azure AD sync to not upload all devices. Management of these clients may not function properly.
NOTE! – Missing or invalid HTTPS configuration prevents the following sites from uploading assigned devices to Azure AD. This configuration may cause Azure AD sync to not upload al devices.
Fix ConfigMgr HTTPS Configuration Issue
Most of the SCCM customers I work with doesn’t use PKI for SCCM client communication.
However, Microsoft recommends using HTTPS communication for all ConfigMgr (a.k.a SCCM) communication paths. Hence Microsoft introduced something “Enhanced HTTP” with SCCM 1806 version.
EHTTP helps to:
- Secured client communication without the need for PKI server authentication certs.
- The client can access the content securely from DP without the need for a network access account, client PKI certificate, and Windows authentication.
FIX HTTPS Configuration Issue with EHTTP
- Navigate to \Administration\Overview\Site Configuration\Sites
- Right-click on the primary site and click on properties.
- Click on the Communication Security tab.
- Checkmark on the option “Use Configuration Manager generated certificates for HTTP site systems.”
Results
- EHTTP certificate details from \Administration\Overview\Security\Certificates
- Completed the Management Insights task successfully. So the issue is resolved.
Resources
- Management insight rules for proper HTTPS configuration
- SCCM Enhanced HTTP
- SCCM Management Insights – Healthy SCCM Infra