Jean-Sébastien DUCHENE Blog's

Actualité, Tips, Articles sur l'ensemble des Technologies Microsoft (Microsoft Intune, ConfigMgr, Microsoft Defender, Microsoft Purview, Microsoft Azure, Windows...)

Vous pouvez peut-être rencontrez ce problème si vous décidez d’installer le client System Center Configuration Manager via Microsoft Intune en utilisant la Cloud Management Gateway (CMG). Vous observez les messages suivants dans les fichiers de journalisations :

Fail to get AADToken with system account, enumerate all logged users
Impersonating to user 'S-1-12-1-4252556605-1289310833-1819726501-980362358' for getting AAD token...
Getting AAD (user) token with: ClientId = c0063a1e-0982-4909-9129-081363b86584, ResourceUrl = http://sccmwebapp.domaineonmicrosoft.com, AccountId = 5D2A840C-77A2-4C6F-B15E-7766D5974C50
Retrieved AAD token for AAD user 'fd78dd3d-5271-4cd9-a5d2-766c76246f3a'
Getting CCM Token from https:// DOMAINE.CLOUDAPP.NET/CCM_Proxy_ServerAuth/72759400537927937/CCM_STS
Getting AAD (device) token with: ClientId = c0063a1e-0982-4909-9129-081363b86584, ResourceUrl = http://sccmwebapp.domaineonmicrosoft.com, AccountId = 5D2A840C-77A2-4C6F-B15E-7766D5974C50
WAM token request failed. Status 5, Details 'AAD WAM extension error'
Failed to get AAD token.. No more connections can be made to this remote computer at this time because there are already as many connections as the computer can accept. (Error: 80070047; Source: Windows)
Fail to get AADToken with system account, enumerate all logged users
Impersonating to user 'S-1-12-1-4252556605-1289310833-1819726501-980362358' for getting AAD token...
Getting AAD (user) token with: ClientId = c0063a1e-0982-4909-9129-081363b86584, ResourceUrl = http://sccmwebapp.Customerdomainonmicrosoft.com, AccountId = 5D2A840C-77A2-4C6F-B15E-7766D5974C50
Retrieved AAD token for AAD user 'fd78dd3d-5271-4cd9-a5d2-766c76246f3a'
Getting CCM Token from https:// DOMAINE.CLOUDAPP.NET/CCM_Proxy_ServerAuth/72759400537927937/CCM_STS
MapNLMCostDataToCCMCost() returning Cost 0x1
GET 'https://DOMAINE.CLOUDAPP.NET/CCM_Proxy_ServerAuth/72759400537927937/CCM_STS'
GetSSLCertificateContext failed with error 0x87d00281
client certificate is not provided.
Failed to successfully complete WinHttp request. (StatusCode at WinHttpQueryHeaders: 500), StatusText: 'CMGConnector_InternalServerError'RetrieveTokenFromStsServer failed with error 0x87d00215 MapNLMCostDataToCCMCost() returning Cost 0x1
Client is not allowed to use PKI issued certificate or AAD token thus it can not talk to HTTPS server.
GetHttpRequestObjects failed for verb: 'CCM_POST', url: 'https://DOMAINE.CLOUDAPP.NET/CCM_Proxy_MutualAuth/72759400537927937/ccm_system/request'
GetDPLocations failed with error 0x80004005
Failed to get DP locations as the expected version from MP 'https://DOMAINE.CLOUDAPP.NET/CCM_Proxy_MutualAuth/72759400537927937. Error 0x80004005
Failed to get client version for sending state messages. Error 0x8004100e
Params to send '5.0.8634.1813 Deployment Error: 0x0, Client is not allowed to use PKI issued certificate or AAD token thus it can not talk to HTTPS server.

Ce problème survient avec System Center Configuration Manager 1802 ou plus. A partir de cette version, Microsoft requiert un Management Point configuré pour fonctionner avec du HTTPS afin de sécuriser la communication du token AAD. Vous devez donc ajouter un Management Point HTTPS dans votre environnement.

Facebook Like