Fix SCCM Sites that don’t have Proper HTTPS Configuration Issue ConfigMgr

0
ConfigMgr Sites that don't have Proper HTTPS Configuration Issue

Let’s find out how to fix ConfigMgr Sites that don’t have a Proper HTTPS Configuration issue. I have noticed this error when I was going through management insights. I have seen this issue with SCCM 2004 version.

ConfigMgr Management Insights will help you to gain valuable insights into the current state of the SCCM environment. The Management insights are based on the analysis of data in the site database. 

Issue

  • Launch to Configuration Manager (a.k.a SCCM) console.
  • Navigate to \Administration\Overview\Management Insights
  • You can see the critical error for management insights rule called “Sites that don’t have proper HTTPS configuration.”
HTTPS Configuration Issue - ConfigMgr Sites that don't have Proper HTTPS Configuration Issue
\Administration\Overview\Management Insights – ConfigMgr Sites that don’t have Proper HTTPS Configuration Issue
Insight NameGroupPriorityLast ChangeStatus
Sites that don’t have proper HTTPS configurationCloud ServicesCritical6/3/2020 4:16:00 PMAction Needed
Critical Error
Altaro Office 365 Backup
Advertisement Altaro Office 365 Backup

Analysis

ConfigMgr Sites that don’t have proper HTTPS configuration rule lists sites in your hierarchy that are not properly configured for HTTPS.

This critical error can cause two issues:

NOTE! – Missing or invalid HTTPS configuration prevents the following sites from uploading assigned devices to Azure AD. This configuration may cause Azure AD sync to not upload al devices.

ConfigMgr Sites that don't have Proper HTTPS Configuration Issue SCCM
ConfigMgr Sites that don’t have Proper HTTPS Configuration Issue – SCCM

Fix ConfigMgr HTTPS Configuration Issue

Most of the SCCM customers I work does use PKI for SCCM client communication.

However, Microsoft recommends using HTTPS communication for all ConfigMgr (a.k.a SCCM) communication paths. Hence Microsoft introduced something “Ehnaced HTTP” with SCCM 1806 version.

EHTTP helps to:

  • Secured client communication without the need for PKI server authentication certs.
  • The client can access the content securely from DP without the need for a network access account, client PKI certificate, and Windows authentication.

FIX HTTPS Configuration Issue with EHTTP

  • Navigate to \Administration\Overview\Site Configuration\Sites
  • Right-click on the primary site and click on properties.
  • Click on the Communication Security tab.
  • Checkmark on the option “Use Configuration Manager generated certificates for HTTP site systems.”
Use Configuration Manager generated certificates for HTTP site systems - ConfigMgr Sites that don't have Proper HTTPS Configuration Issue
Use Configuration Manager generated certificates for HTTP site systemsConfigMgr Sites that don’t have Proper HTTPS Configuration Issue SCCM

Results

  • EHTTP certificate details from \Administration\Overview\Security\Certificates
ConfigMgr Sites that don't have Proper HTTPS Configuration Issue SCCM
ConfigMgr Sites that don’t have Proper HTTPS Configuration Issue SCCM – EHTTP
Sites that don't have Proper HTTPS Configuration
Sites that don’t have Proper HTTPS Configuration
  • Completed the Management Insights task successfully. So the issue is resolved.
Completed the Management Insights task successfully
Completed the Management Insights task successfully

Resources

LEAVE A REPLY

Please enter your comment!
Please enter your name here

This site uses Akismet to reduce spam. Learn how your comment data is processed.