Disabling CRL checking is not a best practice and would be a bad thing to do.
I would give that a second thought, and research what it would take to so that CRL checking can be enabled. Essentially, clients need to be able to access the CRL Distribution Points whether they’re on the intranet and/or Internet. Troy L. Martin | Principal Consultant 1E | Empowering Efficient IT US Mobile: +1 (678) 898-6147 UK Phone : +44 208 326 9141 [email protected]<mailto:[email protected]> | www.1e.com<http://www.1e.com/> Facebook<http://www.facebook.com/1eglobal> | Twitter<https://twitter.com/1e_global/> | YouTube<http://www.youtube.com/1enews> | Blogs<http://blogs.1e.com/> | RSS<http://blogs.1e.com/index.php/feed/> Please consider the environment before printing this e-mail From: [email protected] [mailto:[email protected]] On Behalf Of Jeff Burke Sent: Monday, June 2, 2014 2:24 PM To: [email protected] Subject: [mssms] Re: IBCM not working after CM12 R2 upgrade Forgot to post the resolution - CRL checking was enabled for PKI after upgrade. Once disabled, internet clients were able to communicate with the internet facing MP. On Mon, Jun 2, 2014 at 2:17 PM, Jeff Burke <[email protected]<mailto:[email protected]>> wrote: Please disregard. Problem has been resolved. Thanks, On Mon, Jun 2, 2014 at 11:08 AM, Jeff Burke <[email protected]<mailto:[email protected]>> wrote: Hello, I'm fairly new to SCCM. Currently running CM12 R2, one primary and one internet facing MP, DP, SUP (both on Server 2008 R2). Before upgrading to R2 from SP1, IBCM was functioning using PKI. After upgrade, internet clients are not communicating. On the clients, CcmMessaging.log states "Post to https://ibcmsiteserver.domain.com/ccm_system/request failed with 0x87d00231" LocationServices.log shows "LSUpdateInternetManagementPoints: Failed to retrieve internet MPs from MP ibcmsiteserver.domain.com<http://ibcmsiteserver.domain.com> with error 0x87d00231, retaining previous list" Anyone run into this after the R2 upgrade? And how did you resolve it? Thanks, Jeff ________________________________ DISCLAIMER: This is a PRIVATE AND CONFIDENTIAL message for the ordinary user of this email address. If you are not the intended recipient, please delete without copying and kindly advise us by e-mail of the mistake in delivery. NOTE: Regardless of content, this e-mail shall not operate to bind 1E to any order or other contract unless pursuant to explicit written agreement or government initiative expressly permitting the use of e-mail for such purpose.
