I know you stated that you read the doc but are you trying to get the cert using BrokerConfig.exe -r or are you opening up BrokerConfig and putting in credentials? Also, just curious but have you tried disabling the firewall on Gateway appliance and tried it?
Both, If i use brokerconfig -r the broker.csr and broker.key file are created but the certificate is never issued and the files are deleted.
I have set up a failed request trace and the return code is a 401.2 Unauthorized logon failed due to server configuration.
Can you try to disable the firewall on the Gateway? Worth a shot. I seem to remember having this issue on a machine in the past, just have to try and remember what I ended up doing lol.
Also, when was the last time you rebooted the Gateway?
Yep I did try that, no luck.
The firewall is off on the server, no anti virus, UAC is disabled.
I can browse to the HTTP://coreserver/landesk/managementsuite/core/core.serure
from any workstation and it will prompt for a user name and password and I can log in ok.
The gateway was rebooted a week ago, I just reboted it again.
If I use brokerconfig without a user name and password in dynamic or direct to the core it will return a code 200
If i sent throught the gateway it returns a "Error in read error:000000000:lib(0):func(0):reason(0) errno (0) sslerror 5 peek 0 rv 0
and error 3 IO error readinf response line
If i use a user name and password in dynamic or direct to the core the return code is 401
If isent it through the gateway the test will return a 200, but if i request a certificate it will timeout and fail.
In the BrokerConfig.exe under the "Gateway Information" tab, are you seeing the correct Gateway IP
Without actually seeing the settings on the core as well as the Gateway, it's a bit hard to troubleshoot. I would go back and make sure that you have your certs posted to the Gateway as well as all the settings on the core are correct. Also, are you sure all necessary ports are open? Did you just set this Gateway up or have you been using it for some time?
Have been able to do this in the past or is this your first attempt?
On the CORE (not the gateway), is the Gateway service running if you look at the services.msc?
On the Core, open the console (but be dome on the core) go to Configure > Management Gateway
Post the certificate to the gateway if not aleady done, make sure all looks good here.
Is this being done while the client is on the local network or not?
The gateway was deployed in the DMZ back in October.
I have issued over 60 certificates with brokerconfig on notebooks that will be deployed in the field.
The core server was built with a 180 day evaluation of 2008R2 SP1 server, IIS 7.5, LDMS 9.0 SP2 and SQL express 2008R2.
Everything was woking fine, patching and remote control through the gateway.
Then one day something broke and it would not issue certificates, same issue!
I have rebuilt the server several times with differant service packs, no service packs, no patches all with the same results.
I contacted Landesk Licensing and the gateway and core server are activated and everything looks fine.
I think this is more of a IIS or .NET problem with a missing path or pointer, but I cannot fine the problem.
All of the ports are open , All of the firewalls are off on the server and workstations.
The gateway service is started and the certificate has been posted to the gateway.
The server and the workstations are all right next to each other on the same switch.