Answers ( 9 )

    0
    2021-04-06T16:47:31+05:30

    I get this on the 2 client devices I am testing. Have not deployed to production yet

      0
      2021-04-06T16:56:55+05:30

      Can you check the IIS logs from the Management Point server?

      Also need to check the self-signed certificate named SMS Role SSL Certificate. This certificate is issued by the root SMS Issuing certificate. Can you see all these certs on client-side? Also, MP adds this certificate to the IIS default web site bound to port 443? Can you confirm this?

      Review mpcontrol.log to get more details?

    0
    2021-04-06T15:56:10+05:30

    What about BitLocker configuration? Are you getting some trouble with BitLocker configuration in Microsoft Endpoint Manager ConfigMgr?

      0
      2021-04-06T16:16:23+05:30

      Hi, yes.

      We have an on-premise environment and have turned on the bitlocker feature and create Bitlocker Management policy, however getting the following error in the BilockerManagementHandler.log on the client device: [CCMHTTP] AsyncCallback(): WINHTTP_CALLBACK_STATUS_SECURE_FAILURE Encountered

        0
        2021-04-06T16:36:49+05:30

        I think the BitLocker recovery service requires HTTPS from the SCCM client to the MP. You can also use the enhanced HTTP option as well.

        Are you using Microsoft PKI for HTTPS communication or is this eHTTP in use? I think this error is to do with certificate revocation list (CRL) server reachability or something related to CA…

        You might get some more details on event logs (client + CA server) and IIS logs

          0
          2021-04-06T16:43:07+05:30

          Not using PKI but eHTTP and I only get the error on the client device.
          Checking for Recovery Service at https://servername.co.za:443/SMS_MP_MBAM/CoreService.svc
          [CCMHTTP] AsyncCallback(): —————————————————————–
          [CCMHTTP] AsyncCallback(): WINHTTP_CALLBACK_STATUS_SECURE_FAILURE Encountered
          [CCMHTTP] : dwStatusInformationLength is 4
          [CCMHTTP] : *lpvStatusInformation is 0x8
          [CCMHTTP] : WINHTTP_CALLBACK_STATUS_FLAG_INVALID_CA is set

            0
            2021-04-06T16:46:19+05:30

            Are you getting this error for all the clients or only for one client?

            Have you seen any errors in the IIS logs of MP.. this might give more details?

Leave an answer

Sorry, you do not have a permission to answer to this question .