SCCM – IIS Error code 403 13 2148081683

Problem:

If you see the following error in your IIS Logs (C:\inetpub\logs\LogFiles\W3SVC1), it’s possible that the CRL of your Certificate Authority isn’t reachable or valid anymore:

<IP Address> GET /SMS_MP/.sms_aut MPLIST 443 – <IP Address> SMS_MP_CONTROL_MANAGER – 403 13 2148081683 5701 18

Solution:

Export a certificate from your personal certificate store, for example, an SCCM Client Certificate to your C: drive. Open a command prompt with elevated rights and type:

certutil -url “C:\Certificate.cer”

Check if the CRL can be verified. Open the CRL manually and check that the BASE and DELTA CRL’s aren’t expired. In this case, the AD CS service wasn’t started and the Delta CRL’s were not up-to-date. The service may have been crashed because the startup type was set to “Automatic”.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s