Installing SCCM 2012 SP1 and Application Catalog feature in test environment went without a hitch. However when installed into production server the catalog site was throwing an error
Cannot connect to the application server
The webserver cannot communicate with the server. This might be a temporary problem. Try Again Later to see if the problem has been corrected.
My colleague had gone through all the common resolutions/checks for this issue as per these articles
…but to no avail.
Checking IIS configuration we found the Application Pool the CMApplicationCatalogSvc was running under:
Now we have the Application Pool name…
Checking the Application Pool settings in IIS we could see it was .NET 2.0 framework and 64-bit
So running aspnet_regiis.exe -ir would need to be from .NET 2.0 folder under FrameWork64 (64-bit)
After stopping / starting application pool and restarting website still no good.
As the error was a communication error I thought it would be wise to check the database connection. First I retrieved the database connection string by selecting ConnectionStrings in IIS under the CMApplicationCatalogSvc virtual folder.
On the server connecting to SQL I then opened up a PowerShell console and typed the following, where you would set .ConnectionString to whatever was configured in IIS. If you see two connection strings use the one that connects to CM_WEB database.
$sqlConnection = New-Object System.Data.SqlClient.SqlConnection
# replace with your own connection string
$sqlConnection.ConnectionString = "Data Source=SCCMSERVER;Initial Catalog=CM_WEB;Integrated Security=true;ConnectionTimeOut=50;Encrypt=True;TrustServerCertificate=False;Application Name=Application Offer Service"
If this works you will see no error message. However in our case it failed with error:
A connection was successfully established with the server, but then an error occurred during the login process. (provider: SSL Provider, error: 0 – The certificate chain was issued by an authority that is not trusted.)
(For most accurate replication of any error you may need to run this under the user that the application pool runs under. However in this case that was not necessary)
OK so the error was related to certificate trust for encryption (SSL). So I removed Encrypt=True from the connection string, and we had a successful connection:
Updating the connection string in IIS, and voila page refresh and boom – Application Catalog site is up and operational.
However it would be nice to maintain the encrypt=True
Opening SQL Configuration you can check the certificates for SQL, by expanding SQL Server Network Configuration and looking for Protocols for [SQL Instance] right clicking and selecting Properties
In this case there was a missing certificate – typically there would be a certificate called ConfigMgr SQL Server Identification Certificate
This can be done based on guidance in these articles:
Once the certificate was sorted, we re-run the PowerShell with Encrypt=true and had a successful connection…
On a final note on a test machine although application catalog site worked, requesting applications were failing…
Cannot install or request Software
You can browse the list of software in the Application Catalog and view your list of software requests. However, to install or request applications from the Application Catalog, the Configuration Manager client must be correctly configured on your computer and you must use a browser that is compatible with the Application Catalog.
Checking Configuration Manager client on the test PC found the wrong client had been installed, one that pointed to the test SCCM server, not the production one… Getting the client configured correctly fixed the final issue.