SCCMSCCM Troubleshooting

Enable Site System Roles for HTTPS or Enhanced HTTP – SCCM 2103 Prerequisite Check Warning

During SCCM 2103 prerequisite check you encounter Enable site system roles for HTTPS or Enhanced HTTP warning. In this post I will cover how to fix this warning.

When you install or update to SCCM 2103, there are several new warning prerequisite checks added. One among them is Enable site system roles for HTTPS or Enhanced HTTP. The other one is if you have a secondary site that uses SQL Server Express edition, this check warns if the version is earlier than SQL Server 2016 with service pack 2 (13.0.5026.0).

Most of us are going to encounter the same warning during SCCM 2103 prerequisite check. Although this is a warning and will not halt your SCCM 2103 upgrade but it is important that you fix this warning. First let us understand why this warning comes up and how to fix the warning.

If you haven’t performed SCCM 2103 upgrade, here is the upgrade guide – https://www.prajwaldesai.com/sccm-2103-upgrade-guide/.

Enable site system roles for HTTPS or Enhanced HTTP

So why do we get Enable site system roles for HTTPS or Enhanced HTTP warning during SCCM 2103 prerequisite check ?. The answer is if your site is configured to allow HTTP communication without enhanced HTTP, you’ll see this warning. To improve the security of client communications, in SCCM 2103 will require HTTPS communication or enhanced HTTP. You must plan to configure the site for HTTPS only or to use Configuration Manager-generated certificates for HTTP site systems.

Here is a screenshot of what you would see during the SCCM 2103 prerequisite check. The prerequisite check passed with warnings.

SCCM 2103 Prerequisite check warning
SCCM 2103 Prerequisite check warning

If you review the ConfigMgrPrereq.log file located on root drive of site server, the entire warning is visible.

[Completed with warning] Description: HTTPS or Enhanced HTTP are not enabled for client communication. HTTP-only communication is deprecated and support will be removed in a future version of Configuration Manager. Enable a more secure communication method for the site either by enabling HTTPS or Enhanced HTTP.

SCCM 2103 Prerequisite check warning
SCCM 2103 Prerequisite check warning

Fix SCCM 2103 Prerequisite Check Warning – Enable site system roles for HTTPS or Enhanced HTTP

So how do I fix Enable site system roles for HTTPS or Enhanced HTTP warning ?. The answer is already answered in the SCCM 2103 prerequisite check warning.

  • HTTPS or Enhanced HTTP are not enabled for client communication – When I viewed the Communication Security tab of my site properties, the communication method was set to HTTPS or HTTP. Microsoft either wants you to select HTTPS only or Enhanced HTTP.
  • HTTP-only communication is deprecated and support will be removed in a future version of Configuration Manager – This is a change introduced in SCCM 2103 and going forward this will apply to all the Configuration Manager current branch releases.
  • Enable a more secure communication method for the site either by enabling HTTPS or Enhanced HTTP – To fix this warning, select HTTPS only or enhanced HTTP. If you have PKI certificates for SCCM, select HTTPS only. Other wise select Use Configuration Manager generated certificates for HTTP site systems.
Enable site system roles for HTTPS or Enhanced HTTP
Enable site system roles for HTTPS or Enhanced HTTP

I am going to select HTTPS only option here as I have the PKI certificates implemented in my setup. When I do that Use PKI client certificate when available option is greyed out.

Note – You still got an option to switch to enhanced HTTP mode whenever you require to do so.

Fix Enable site system roles for HTTPS or Enhanced HTTP Warning
Fix Enable site system roles for HTTPS or Enhanced HTTP Warning

After you make the above changes, run the SCCM 2103 prerequisite check again and the warning Enable site system roles for HTTPS or Enhanced HTTP should not appear. If you have got SCCM secondary sites, you don’t need to make any changes on them. It’s just the top level site that you need to make the changes.

Prajwal Desai

Hi, I am Prajwal Desai. For last few years I have been working on multiple technologies such as SCCM / Configuration Manager, Intune, Azure, Security etc. I created this site so that I can share valuable information with everyone.

Related Articles

4 Comments

  1. Okay, I have questions! Obviously a full PKI implementation is preferred but I don’t have the time to get that setup SO what happens with enhanced HTTP? Do I have to create) deploy certificates or is that automatically handled? What about existing clients? What about OSD to be machines? I don’t have a lab environment to test this stuff, I’m a longer admin doing everything in a medium-sized school..

    1. Sorry, lots of typos above, I’ll try again..
      “Okay, I have questions! Obviously a full PKI implementation is preferred but I don’t have the time to get that setup SO what happens with enhanced HTTP? Do I have to create/deploy certificates or is that automatically handled? What about existing clients? What about OSD to new machines? I don’t have a lab environment to test this stuff, I’m a lone admin doing everything in a medium-sized school..”

Leave a Reply

Your email address will not be published. Required fields are marked *

Back to top button