Latest Posts

ConfigMgr 2012 MP Troubleshooting – HTTP test request failed, status code is 403. ‘Forbidden’


I have recently faced following issue “HTTP test request failed, status code is 403. ‘Forbidden’ ” on Management Point. To fix this issue, i have followed the below steps and hope you can also use it.

Issue : 

We have HTTPS enabled on Management Point and it is not able authenticate.Due to this it is reporting this error.

MP Control.Log  was reporting the below error :

Log file Location :  D:\SMS\Logs

 “Call to HttpSendRequestSync failed for port 443 with status code 403, text: Forbidden

    “HTTP test request failed, status code is 403. ‘Forbidden”

1

Resolution:

We need to look at the IIS log file to get more details about this error which is located under C:\ or D :\inetpub\logs\Logfiles\W3SVC1\. As you see in the below higlighted line, error code 403 13 which indicates that an issue with Client Certificate Revocation (CRL) Check on IIS.

2To fix this issue, We need to disable Revocation check. Client Certificate Revocation is enabled by default. we need to delete existing binding and readd it again.

  1.  Run the below command line and make note of the details.

                netsh http show sslcert

3

2.    To Delete existing SSL binding

         netsh http delete sslcert ipport=0.0.0.0:443

3.     To Readd SSL binding and disable CRL check

>netsh 

>http add sslcert ipport=0.0.0.0:443 certhash= c7cbc935d40d5861a74d4dbcd06a2d96ead097fe  appid=                  {4dc3e181-e14b-4a21-b022-59fc669b0914}  certstorename=My  verifyclientcertrevocation=disable

4

4.     Once Certificate revocation disabled, we can verify by running below command line.

          netsh http show sslcert

7

 

5.    In the registry. DefaultSslCertCheckMode value set to 1 from 0

6

 

 

6.  MPcontrol.log will show the below message.

   Call to HttpSendRequestSync succeeded for port 443 with status code 200, text: OK

 

 

 

 

 

 

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s