Forum Discussion
OSD and Co-Management - can't deploy any software through SCCM client after OSD
And I am able to see content of:
http://<ServerName.FQDN>/sms_mp/.sms_aut?mplist
http://<ServerName.FQDN>/sms_mp/.sms_aut?mpcert
http://<ServerName.FQDN>/sms_mp/.sms_aut?MPKEYINFORMATION
I strongly suggest you upgrade your hierarchy to 2103 at minimum as your version is no longer supported.
Mathieu
- DamianL1984Aug 04, 2022Copper Contributor
Hi Mathieu
I know - we are in the middle of planning an update however in our env it will takes some time.
However I made some progress in troubleshooting. It seems that this problem affects only these computers that work in Intranet and try to pull policy from on-premise MP. I look on datatransfering log and there are a lot of transient errors (0x80200024) when client tries to download policies/content. Problem doesn't occurs on devices connected to VPN - they have been switched to use internet-based (CMG) MP. I double checked boundaries and they look ok - they have not been changed for a long time. Our network team look into Palo Alto FW logs to check packets drops.
I am wondering if enabling of co-management could triggers this issue? We have done this a two weeks ago. However I am not sure when these transient errors started as I just returned from holidays.
Regards
Damian- maleroyfrAug 04, 2022Copper ContributorHello Damian !
If you enroll Windows devices to Microsoft Intune for co-management, make sure those devices can access the endpoints required by Intune. Please check https://docs.microsoft.com/en-us/mem/intune/fundamentals/intune-endpoints
For 0x80200024 and Palo Alto FW, please check http://blog.configmatt.com/2020/04/configuration-manager-policy-and.html
Regards,
Mathieu- DamianL1984Aug 05, 2022Copper Contributor
Hi Mathieu,
I found this thread related to PaloAlto and that gave me a good directions for further troubleshooting.
I found another thread in Palo Alto KB that suggests to enable HTTP Partial Response on FW. Our network team done that for one subnet and it seems that was a solution. I will test it deeper on Monday and let network team know to enable this for all affected subnets.
Thank you for help Mathieu! Have a great weekend.
Regards
Damian