I'm in the process of configuring HTTPS and we're using a TMG to do the SSL bridging. In my IIS logs, I'm seeing 403.16's and 403.7's. (Note: MP is WS2012)
<IP of MP> GET /SMS_MP/.sms_aut mplist2&DHG 443 - <IP of PC> Mozilla/4.0+(compatible;+MSIE+7.0;+Windows+NT+6.1;+WOW64;+Trident/6.0;+SLCC2;+.NET+CLR+2.0.50727;+.NET+CLR+3.5.30729;+.NET+CLR+3.0.30729;+Media+Center+PC+6.0;+.NET4.0C;+.NET4.0E;+InfoPath.3) - 403 16 2148204809 431 <IP of MP> CCM_POST /ccm_system/request - 443 - <IP of TMG> ccmhttp - 403 7 5 1 I came across a KB article<http://support.microsoft.com/kb/2802568> that appears to describe my issue exactly but when I run the powershell cmd in the Lync KB article<http://support.microsoft.com/kb/2795828> it links to at the bottom, it doesn't return any non-self-signed certificates in my Trusted Root CA store. So after some more searching, I also found a blog post<http://blogs.technet.com/b/configurationmgr/archive/2013/08/13/support-tip-a-configmgr-2012-management-point-enabled-for-ssl-fails-with-403-forbidden.aspx> that suggested I add two DWORDS to the registry on my IIS server (MP). I added the two regkeys but I'm still getting 403 - Forbidden. I'm wondering if maybe the TMG isn't configured correctly but I can't find any good documentation on the correct way to set that up. The only thing close is this TechNet article (which references ISA, not TMG)<http://technet.microsoft.com/en-us/library/cc707697%28TechNet.10%29.aspx#C> that suggests the TMG needs the CM12 client cert and web server cert. Is this true? Thanks, James Beardsley | Firm Technology Group Dixon Hughes Goodman LLP [Description: Description: Description: cid:[email protected]] ________________________________ IRS Compliance: Any tax advice contained in this communication (including any attachments) is not intended or written to be used, and cannot be used, for the purpose of (i) avoiding penalties imposed under the Internal Revenue Code or applicable state or local tax law or (ii) promoting, marketing, or recommending to another party any transaction or matter addressed herein. ________________________________ Confidentiality Notice: This e-mail is intended only for the addressee named above. It contains information that is privileged, confidential or otherwise protected from use and disclosure. If you are not the intended recipient, you are hereby notified that any review, disclosure, copying, or dissemination of this transmission, or taking of any action in reliance on its contents, or other use is strictly prohibited. If you have received this transmission in error, please reply to the sender listed above immediately and permanently delete this message from your inbox. Thank you for your cooperation.
<<inline: image001.jpg>>
