CMG – Post to http://.COM/CCM_Proxy_MutualAuth//ccm_system/request failed with 0x87d00231.

Following up on a similar post I did here about requiring Azure AD User Discovery and Active Directory user discovery so Windows 10 machines can communicate over the CMG using Hybrid Azure Active Directory  – https://nhogarth.net/2018/10/26/sccm-1806-cmg-hybrid-azure-ad-failed-to-get-ccm-access-token/

You may run into an issue where a specific Windows 10 client cannot communicate with the CMG. In ccmmessaging.log you will see “Post to http://<CMG&gt;.COM/CCM_Proxy_MutualAuth/<ID>/ccm_system/request failed with 0x87d00231.”

You can run through the CMG Connection Analyzer to confirm that everything is working fine.

cmg01

Then you realise it is something on the Windows 10 device end.

If you run “dsregcmd /status” and see that AzureAdJoined is set to No, then you know that the device is not Hybrid Azure AD joined, thus it cannot communicate with the SCCM CMG.

cmg02

This particular machine was put in an OU that was not synced to Azure AD using Azure AD Connect. After moving it in the correct OU and doing another Azure AD Connect Sync (Start-ADSyncSyncCycle -PolicyType Delta) the device can then communicate over the CMG fine.

cmg03

2 thoughts on “CMG – Post to http://.COM/CCM_Proxy_MutualAuth//ccm_system/request failed with 0x87d00231.

  1. Trekveer Harry

    Did you not use ADFS? Cause with ADFS in-place you don’t have to sync the OU containing the devices to sync to AAD.

    Like

    Reply

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s