SCCM CMG internet clients download failed for content error 0x80070057

Copper Contributor


when clients using CMG to download a package over internet,  Package fails to download ,and i got the following error in the CAS.log

Clients download failed for content error 0x80070057.

Any hint?

Thank you.

10 Replies

@alid01 0x80070057 means "The parameter is incorrect". This is a fairly generic error code. Any other messages in CAS.log that might be relevant? Are the clients actually trying to connect to the CMG to download content? Is the "Allow access to cloud distribution point" setting enabled for these clients?

Hello Michiel

The Allow access to cloud distribution point is already enabled,

what im seeing in cas.log that in Location update from CTM, there are 3 matching DPs

0 & 1 (localisation:internetfacing) and 2 ( CMG) Azure.

its trying to download from the first 2 DPs i guess and thats why its failing,

how to make only the CMG azure DP show when client is on internet conection.

there are 2 boundary groups , the default one which is not used and a custome one(used) and CMG is assigned to the used one.

to note that the internal DPs are assigned as well to the default boundary group.


thank you. 

@alid01 It sounds like your intranet clients are supposed to be using the two on-premise distribution points through the default boundary group. To enable this, you probably set the Fallback time for distribution points in the Default Behavior tab for the Default-Site-Boundary-Group to 0 (zero) minutes. This would explain why the distribution points in the default boundary group are offered to internet clients as well.


If that's the case, you could remove the two on-premise distribution points from the default boundary group, and instead add them to a custom boundary group containing all of your intranet boundaries. As an alternative, you could create a specific relationship from your internet boundary group to the Default-Site-Boundary-Group and enable the "Never fallback" option for distribution points in that relationship. Be careful though: this is based on assumptions, and your actual configuration might be different. For more information, see Configure boundary groups for Configuration Manager: Fallback .

hello @Michiel Overweel ,

actually i have a custom boundary group and the local DPs are assigned to it,

the CMG DP is only assigned to the default  boundary group.( local DPs are not assigned to it)

the clients on internet are still showing the local DPs.

when the client is on internet it shows that in the locationservices log that there is no boundary group for this client and retrieving 3 DPs,

what could be the issue?

thank you. 



Hello Michiel,

Ive noticed that for deployed applications having only the CMG DP in its content location , download is working normally and only the CMG DP is showing, however for deployed Apps having on prem and CMG DPs in its content location, im having this issue.

Do you think that deploying apps to intenet i have to specify only the CMG DP through the deployment process?

thank you.

@alid01 There's no need to distribute content to the CMG only. After all, your on-premise clients need to be able to download and install applications as well, right? If your two on-premise DP's are offered to internet-based clients with "Locality: INTERNETFACING", that would mean that they are enabled for internet access. Check the "Communication" tab for the affected DP's and make sure that "Allow intranet-only connections" is selected.

hello @Michiel Overweel ,

My on-premise DP's are offered to internet-based clients with "Locality: INTERNETFACING", 

when going to DP communication TAB, its showing "Allow intranet-only connections" and its the only option for HTTPS there.

on the other hand, when seeing the distribution point parameters, it shows " internet based = yes"

what could be the issue?

thank you.


best response confirmed by alid01 (Copper Contributor)

@alid01 I think that the Internet FQDN for the affected Distribution points was removed in the Site system Properties without changing the Communication settings in the Distribution Point Properties first. I just tried this and I get the same results as you do: even though the Communication settings are set to Allow intranet-only connections, the Internet-Based column in the Distribution Points node still shows Yes.


What you can do to try and fix this problem is this:


  • In the ConfigMgr Console, navigate to \ Administration \ Overview \ Site Configuration \ Servers and Site System Roles;
  • Open the Site system role properties for the affected Distribution Point server;
  • Enable the Specify an FQDN for this site system for use on the Internet check box and enter an Internet FQDN in the text box (it doesn't have to work, so any fake FQDN will do);
  • Close the Site system Properties window by clicking OK and open the Distribution point role properties for the same server;
  • Check the Communication tab. You will probably see that it now shows either Allow Internet-only connections or Allow intranet and Internet connections. If that's the case, change the communication setting to Allow intranet-only connections;
  • Close the Distribution point properties window by clicking OK and open the Site system role properties again;
  • Remove the Internet FQDN, disable the Specify an FQDN for this site system for use on the Internet check box and close the Site system Properties window by clicking OK.

After following these steps, the Internet-Based column for the affected Distribution point in my test environment shows No again. Let us know how it went!

@Michiel Overweel , you're the King.

This fixed the issue, thank you for your support . I really appreciate it.


This gave me the idea of how to fix my issue where clients were not showing correct DP while on internet. So I basically followed your lead and modiy the steps to fix my issue. Thanks