I’ve already covered the certificate creation, and use for the intranet web servers. This post is about setting up the Management Point on an existing server and configuring the Site System for internet access.
I have already requested the internet FQDN to be registered on a public DNS, and had port 443 opened on the firewall.
I requested the certificate and configured the SANs for both DNS internet and intranet FQDNs, like so:
I bound this to the IIS default website as HTTPS port 443. Easy!
Next up, I installed the Management Point (MP) role. Whilst i was on, I set the internet FQDN and configured it for both internet and intranet traffic; it is absolutely imperative that the specified internet FQN matches:
- Publicly registered DNS name
- The SAN specified on the certificate
Now I configured the MP for HTTPS and let it install. The server already acts as a Distribution Point (DP), so I didn’t need to adjust anything else in IIS in terms of features or roles.
However the SMS_MP_CONTROL MANAGER component started reporting errors. I drilled into the logs and found the following error “MP Control Manager detected management point is not responding to HTTP requests”.
I did some googling, but I couldn’t anything specific. It’s seemingly one of those generic codes… For some reason, I hit on the idea of adding the certificate I created for Config Manager clients, as the error in the logs did reference authentication. I gave the SMS_Executive a kick, and voilá:
…and now the MP is happy and running with SSL enabled. It’s communicating on port 443 with code 200.