During SCCM 2103 prerequisite check you encounter Enable site system roles for HTTPS or Enhanced HTTP warning. In this post I will cover how to fix this warning.
When you install or update to SCCM 2103, there are several new warning prerequisite checks added. One among them is Enable site system roles for HTTPS or Enhanced HTTP. The other one is if you have a secondary site that uses SQL Server Express edition, this check warns if the version is earlier than SQL Server 2016 with service pack 2 (13.0.5026.0).
Most of us are going to encounter the same warning during SCCM 2103 prerequisite check. Although this is a warning and will not halt your SCCM 2103 upgrade but it is important that you fix this warning. First let us understand why this warning comes up and how to fix the warning.
If you haven’t performed SCCM 2103 upgrade, here is the upgrade guide – https://www.prajwaldesai.com/sccm-2103-upgrade-guide/.
Enable site system roles for HTTPS or Enhanced HTTP
So why do we get Enable site system roles for HTTPS or Enhanced HTTP warning during SCCM 2103 prerequisite check ?. The answer is if your site is configured to allow HTTP communication without enhanced HTTP, you’ll see this warning. To improve the security of client communications, in SCCM 2103 will require HTTPS communication or enhanced HTTP. You must plan to configure the site for HTTPS only or to use Configuration Manager-generated certificates for HTTP site systems.
Here is a screenshot of what you would see during the SCCM 2103 prerequisite check. The prerequisite check passed with warnings.
If you review the ConfigMgrPrereq.log file located on root drive of site server, the entire warning is visible.
[Completed with warning] Description: HTTPS or Enhanced HTTP are not enabled for client communication. HTTP-only communication is deprecated and support will be removed in a future version of Configuration Manager. Enable a more secure communication method for the site either by enabling HTTPS or Enhanced HTTP.
Fix SCCM 2103 Prerequisite Check Warning – Enable site system roles for HTTPS or Enhanced HTTP
So how do I fix Enable site system roles for HTTPS or Enhanced HTTP warning ?. The answer is already answered in the SCCM 2103 prerequisite check warning.
- HTTPS or Enhanced HTTP are not enabled for client communication – When I viewed the Communication Security tab of my site properties, the communication method was set to HTTPS or HTTP. Microsoft either wants you to select HTTPS only or Enhanced HTTP.
- HTTP-only communication is deprecated and support will be removed in a future version of Configuration Manager – This is a change introduced in SCCM 2103 and going forward this will apply to all the Configuration Manager current branch releases.
- Enable a more secure communication method for the site either by enabling HTTPS or Enhanced HTTP – To fix this warning, select HTTPS only or enhanced HTTP. If you have PKI certificates for SCCM, select HTTPS only. Other wise select Use Configuration Manager generated certificates for HTTP site systems.
I am going to select HTTPS only option here as I have the PKI certificates implemented in my setup. When I do that Use PKI client certificate when available option is greyed out.
Note – You still got an option to switch to enhanced HTTP mode whenever you require to do so.
After you make the above changes, run the SCCM 2103 prerequisite check again and the warning Enable site system roles for HTTPS or Enhanced HTTP should not appear. If you have got SCCM secondary sites, you don’t need to make any changes on them. It’s just the top level site that you need to make the changes.
