SCCM – IIS Error code 403 13 2148081683

Problem:

If you see the following error in your IIS Logs (C:\inetpub\logs\LogFiles\W3SVC1), it’s possible that the CRL of your Certificate Authority isn’t reachable or valid anymore:

<IP Address> GET /SMS_MP/.sms_aut MPLIST 443 – <IP Address> SMS_MP_CONTROL_MANAGER – 403 13 2148081683 5701 18

Solution:

Export a certificate from your personal certificate store, for example, an SCCM Client Certificate to your C: drive. Open a command prompt with elevated rights and type:

certutil -url “C:\Certificate.cer”

Check if the CRL can be verified. Open the CRL manually and check that the BASE and DELTA CRL’s aren’t expired. In this case, the AD CS service wasn’t started and the Delta CRL’s were not up-to-date. The service may have been crashed because the startup type was set to “Automatic”.

Remote Desktop Services – Certificate state ‘success’ but level is ‘not configured’

I had a small issue with my Remote Desktop Services Lab environment. I wanted to add a by my PKI infrastructure signed certificate to the Remote Desktop Roles. I created a certificate template like in this post. When I was importing the certificates into the wizard, the certificate looks fine because the state after selecting the certificate says “Success”.

CertificateError

Continue reading