In my lab environment the Microsoft Endpoint Configuration Manager (MECM) formerly System Center Configuration Manager (SCCM) was showing a critical error in the Site Status for the Management Point as shown below.

The error logs from the MECM Console was showing the following message.

MP Control Manager detected MP is not responding to HTTP requests. The http error is 2147500037.

When checking the logs from the management point role (mpcontrol.log) in the log folder under C:\Program Files\Microsoft Configuration Manager\Logs\mpcontrol.log, the following error is logged.

Call to Http SenderRequestSync failed for port 443 with status code 403, text: Forbidden

When you search for this error in the web you will find several possible reasons and ways to fix this. As it seems to be a certificate issue, I was first checking the certificate requirements for Configuration Manager on the following page.

PKI certificate requirements for Configuration Manager

Regarding this article you need a Client Certificate which is from the Microsoft Certificate template type: Workstation Authentication installed on the Personal certification store from the site system server.

Site system monitoring

This certificate is required on the listed site system servers, even if the Configuration Manager client isn’t installed. This configuration allows the site to monitor and report on the health of these site system roles.

The certificate for these site systems must be in the Personal store of the Computer certificate store.

So by enrolling a Client Authentication certificate from that template type, I was resolving my issue without any restart and after a few minutes the status was set to OK as shown below.

A further check in the logs was showing me, that the newly created Client Authentication certificate this time was selected regarding the thumbprint and the HTTPSendRequestSync for port 443 was succeeded.

Management point

A site system role that provides policy and service location information to clients. It also receives configuration data from clients.

By default, this role installs on the site server when you install a new primary or secondary site. Primary sites support multiple instances of this role. Secondary sites support a single management point. Also referred to as a proxy management point, this role at a secondary site provides a local point of contact for clients to obtain computer and user policies.

Set up management points to support either HTTP or HTTPs. They can also support mobile devices that you manage with Configuration Manager on-premises mobile device management (MDM). To help reduce the processing load placed on the site database server by management points as they service requests from clients, use Database replicas for management points.



PKI certificate requirements for Configuration Manager