Connection Error after upgrading to version 2203

Copper Contributor

On Monday, I upgraded Endpoint Manager to version 2203. Everything appears to be working fine on the server itself. We only have one Endpoint Manager server with SQL collocated. After upgrading the Endpoint Manager console on remote systems, I am having some errors. When I go to the Console Extensions node or the Console Connections under Administration, I receive the following message

 

Configuration Manager can’t connect to the administration service

The Configuration Manager console can’t connect to the site database through the administration service on <ServerFQDN>

Verify the following
There’s no certificate on the SMS Provider site system server. Make sure it has a valid PKI or Configuration Manager-generated certificate for the site.

 

 

Additionally, It looks like until I’m able to make this connection I can’t update the WebView2 extension and without that extension the console crashed with I try to access the Windows Servicing and Microsoft Edge Management  nodes under Software library.

 

If I manually import the self sign certificate from Endpoint Manager  (we are not using PKI) into the Trusted People container in the Certificates MMC on the remote systems then the console works correctly.  I’d prefer not to band aid this problem but instead fix it.

 

I’ve tried the following that I found on blog posts to resolve this issue but all with no success

 

  • Made sure that “Use Configuration Manager-generated certificates for HTTP site system” is enabled
  • Made sure no certificates are block in Configuration Manager
  • I’ve checked the SSL Certificate on the Default Website and it is the self signed certificate from Endpoint Manager.
  • Turned off Windows Firewall
  • Reviewed the SmsAdminUI.log file.

 

The SmsAdminUI.log file show the following entries:

The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel.

System.Net.WebException: The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel.

Failed to get a response for OData GET request: https://<ServerFQDN>/AdminService/v1.0/ConsoleExtensionMetadata?$filter=IsRequired eq true and IsTombstoned eq false and IsApproved eq true

Could not connect to the AdminService to check for requirements.

System.Net.WebException: The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel.

Failed to get a response for OData GET request: https://< ServerFQDN>/AdminService/v1.0/ConsoleExtensionMetadata?$filter=IsApproved eq false

Error getting custom console extensions IDs, versions and names using Admin Service: SSLFailure

System.Net.WebException: The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel.

Failed to get a response for OData POST request: https:// <FQDN>//AdminService/v1.0/ConsoleUsageData/AdminService.UpdateConsoleHeartbeat

Microsoft.ConfigurationManagement.ManagementProvider.ODataConnectionException: SSLFailure

 

 

At this point, I don’t know where to go next. Any help would be greatly appreciated.

10 Replies

Hello @RyanD79 , I'm having the same issue. Did you find a solution yet?

Hi @RyanD79, did you ever figure this out? I have just installed 2203 and are having the same issues.

 

Cheers

Hello @RyanD79,

I am observing similar error in my environment and have validated all pre-requisite, but not help.

Could you please let me know if you have got some fix for the same?

Thanks!

@shiv198908, can uninstall the console and reinstall. With webview2 if the latest one is not installed or there is permission issue you might have challenges.

@shiv198908 This was due to a certificate error in Configuration Manager version 2203. Microsoft eventually pushed out a hotfix via the configuration manager console specifically for this issue. Prior to the update being released, I copied the certificate from my configuration manager server to my local workstation and that temporarily resolved the issue for me.

 

I've upgraded to version 2207 since then with no issues but looking at a list of the hotfixes for ConfigMgr 2203, I'm pretty sure it was hotfix KB14480034. It looks like that update was rolled into KB14244456.

 

I don't think I ever received an email notifying me of your post. I hope you were able to resolve the issue by now.

As you may have figured out by now, this was due to a certificate error in Configuration Manager version 2203. Microsoft eventually pushed out a hotfix via the configuration manager console specifically for this issue. Prior to the update being released, I copied the certificate from my configuration manager server to my local workstation and that temporarily resolved the issue for me.


I've upgraded to version 2207 since then with no issues but looking at a list of the hotfixes for ConfigMgr 2203, I'm pretty sure it was hotfix KB14480034. It looks like that update was rolled into KB14244456.
I'm sorry, I'm just now seeing your post. I don't think I ever received an email notifying me of it. I hope you were able to resolve the issue by now.

As you may have figured out by now, this was due to a certificate error in Configuration Manager version 2203. Microsoft eventually pushed out a hotfix via the configuration manager console specifically for this issue. Prior to the update being released, I copied the certificate from my configuration manager server to my local workstation and that temporarily resolved the issue for me.


I've upgraded to version 2207 since then with no issues but looking at a list of the hotfixes for ConfigMgr 2203, I'm pretty sure it was hotfix KB14480034. It looks like that update was rolled into KB14244456.
I'm sorry, I'm just now seeing your post. I don't think I ever received an email notifying me of it. I hope you were able to resolve the issue by now.

As you may have figured out by now, this was due to a certificate error in Configuration Manager version 2203. Microsoft eventually pushed out a hotfix via the configuration manager console specifically for this issue. Prior to the update being released, I copied the certificate from my configuration manager server to my local workstation and that temporarily resolved the issue for me.


I've upgraded to version 2207 since then with no issues but looking at a list of the hotfixes for ConfigMgr 2203, I'm pretty sure it was hotfix KB14480034. It looks like that update was rolled into KB14244456.
Here is a link that may help you guys with this issue if it remains unresolved...

"For any machine with the Configuration Manager console, if it's using a proxy server, the console fails to connect to the administration service. For example, when trying to access the Security nodes, you may see errors that the administration service isn't enabled or available. The SmsAdminUI.log file shows errors such as, Failed to get a response for OData query.
To work around this issue, either remove the proxy configuration from the machine, or make the following configuration change:
Manually edit the following XML file: C:\Program Files (x86)\Microsoft Endpoint Manager\AdminConsole\bin\Microsoft.ConfigurationManagement.exe.config

Configure the <defaultproxy> behavior with one of the following options:

Set enabled="false"
Add the FQDN of the SMS Provider to the <bypasslist>.
For more information, see <defaultProxy> Element (Network Settings)."

https://learn.microsoft.com/en-us/mem/configmgr/develop/adminservice/overview

https://learn.microsoft.com/en-us/mem/configmgr/core/plan-design/network/proxy-server-support