Issue setting up the cmg connection point role

Marcel Biebricher  Some things to check - IIS Server for MP must have Server Certificate. Then IIS Web Site Bindings for 443 should allow selecting that server certificate.  ensure IIS Default Web Site where MP is located has SSL Settings that REQUIRE Certificates, and the ACCEPT radio button is selected. if you have an internal Root/Sub PKI environment, make sure both your root trusted certs as well as your sub trusted certs are imported for the server as well as the ConfigMgr Site Hierarchy Settings. Your MP Should be set to HTTP or HTTPS so that it can negotiate the best possible secure route for server to server communications. After synchronizing the CMG service again from the console, run Connection Analyzer only after the console shows "updated" in the status. Hope this helps.