Here is an interesting one I saw the other day. We had a Management Point setup to support Internet clients, and while everything seemed to be setup correctly we kept seeing the error “Call to HttpSendRequestSync failed for port 443 with status code 403, text: Forbidden” in the MPControl.log:
There is only one certificate in the store. SMS_MP_CONTROL_MANAGER 1/16/2009 12:04:59 AM 4488 (0x1188)
CryptVerifyCertificateSignatureEx returned error 0x80090006. SMS_MP_CONTROL_MANAGER 1/16/2009 12:04:59 AM 4488 (0x1188)
Certificate has "SSL Client Authentication" capability. SMS_MP_CONTROL_MANAGER 1/16/2009 12:04:59 AM 4488 (0x1188)
Call to HttpSendRequestSync failed for port 443 with status code 403, text: Forbidden SMS_MP_CONTROL_MANAGER 1/16/2009 12:04:59 AM 4488 (0x1188)
Successfully performed Management Point availability check against local computer. SMS_MP_CONTROL_MANAGER 1/16/2009 12:04:59 AM 4488 (0x1188)
Initialization unsuccessfully completed within the allowed interval. SMS_MP_CONTROL_MANAGER 1/16/2009 12:04:59 AM 4488 (0x1188)
So after we saw this the prime suspect was the certificate but they seemed to have been correctly configured per Certificate Requirements for Native Mode:
http://technet.microsoft.com/en-us/library/bb680733.aspx
Next we took a look at the IIS.log file and found this:
2009-01-16 15:45:13 W3SVC1 xx.xx.xx.xx CCM_POST /ccm_system/request - 443 – xx.xx.xx..xx ccmhttp 403 16 2148204809
2009-01-16 15:48:05 W3SVC1 xx.xx.xx.xx CCM_POST /ccm_system/request - 443 – xx.xx.xx.xx ccmhttp 403 13 2148081683
Read the rest:
![http://blogs.technet.com/aggbug.aspx?PostID=3200205]()