HTTP status 403: The client does not have sufficient access rights to the requested server object.\r\n","ErrorContextDescription":"The error occurred while the remote file was being processed

[jayconnor-lab]

Machine fails to upload to HTTPS MP, 57MB zip, Config Manager 2006, no status message.
IIS reports 403.7. Normal log collection, hardware inv works.

Run Script output:
Uploaded Client Logs to https://MP01.AD.domain.com/ccm_Incoming/TestPC-070620211558S.zip and sent Status Message ["The operation completed successfully.","","The operation completed successfully.","","The operation completed successfully.","","The operation completed successfully.","","The operation completed successfully.","","The operation completed successfully.","","The operation completed successfully.","","The operation completed successfully.","","The operation completed successfully.","","The operation completed successfully.","","The operation completed successfully.","","The operation completed successfully.","","","SetupDiag v1.6.0.0","Copyright (c) Microsoft Corporation. All rights reserved.","","Searching for setup logs...","Found C:\Windows\Panther\setupact.log with update date 7/1/2021 4:50:02 PM to be the correct setup log.","","Gathering baseline information from setup logs...","","SetupDiag: processing rule: CompatScanOnly.","...No match.","","","SetupDiag: processing rule: PlugInComplianceBlock.","...No match.","","","SetupDiag: processing rule: BitLockerHardblock.","...No match.","","","SetupDiag: processing rule: VHDHardblock.","...No match.","","","SetupDiag: processing rule: PortableWorkspaceHardblock.","...No match.","","","SetupDiag: processing rule: AuditModeHardblock.","...No match.","","","SetupDiag: processing rule: SafeModeHardblock.","...No match.","","","SetupDiag: processing rule: InsufficientSystemPartitionDiskSpaceHardblock.","...No match.","","","SetupDiag: processing rule: CompatBlockedApplicationAutoUninstall.","...No match.","","","SetupDiag: processing rule: CompatBlockedApplicationDismissable.","...No match.","","","SetupDiag: processing rule: CompatBlockedApplicationManualUninstall.","...No match.","","","SetupDiag: processing rule: HardblockDeviceOrDriver.","...No match.","","","SetupDiag: processing rule: HardblockMismatchedLanguage.","..No match.","","","SetupDiag: processing rule: HardblockFlightSigning.","..No match.","","","SetupDiag: processing rule: DiskSpaceBlockInDownLevel.","..No match.","","","SetupDiag: processing rule: DiskSpaceFailure.","..No match.","","","SetupDiag: processing rule: PreReleaseWimMountDriverFound.","..No match.","","","SetupDiag: processing rule: DeviceInstallHang.","...No match.","","","SetupDiag: processing rule: BootFailureDetected.",".No match.","","","SetupDiag: processing rule: WinSetupBootFilterFailure.",".No match.","","","SetupDiag: processing rule: FindDebugInfoFromRollbackLog.",".No match.","","","SetupDiag: processing rule: AdvancedInstallerFailed.","..No match.","","","SetupDiag: processing rule: AdvancedInstallerGenericFailure.","..No match.","","","SetupDiag: processing rule: FindMigApplyUnitFailure.","..No match.","","","SetupDiag: processing rule: FindMigGatherUnitFailure.","...No match.","","","SetupDiag: processing rule: FindMigGatherApplyFailure.","..No match.","","","SetupDiag: processing rule: OptionalComponentFailedToGetOCsFromPackage.","..No match.","","","SetupDiag: processing rule: OptionalComponentOpenPackageFailed.","..No match.","","","SetupDiag: processing rule: OptionalComponentInitCBSSessionFailed.","..No match.","","","SetupDiag: processing rule: CriticalSafeOSDUFailure.","..No match.","","","SetupDiag: processing rule: UserProfileCreationFailureDuringOnlineApply.","..No match.","","","SetupDiag: processing rule: UserProfileCreationFailureDuringFinalize.","..No match.","","","SetupDiag: processing rule: WimMountFailure.","..No match.","","","SetupDiag: processing rule: WimMountDriverIssue.","..No match.","","","SetupDiag: processing rule: WimApplyExtractFailure.","..No match.","","","SetupDiag: processing rule: UpdateAgentExpanderFailure.",".No match.","","","SetupDiag: processing rule: FindFatalPluginFailure.","...No match.","","","SetupDiag: processing rule: MigrationAbortedDueToPluginFailure.","...No match.","","","SetupDiag: processing rule: DISMAddPackageFailed.","..No match.","","","SetupDiag: processing rule: DISMImageSessionFailure.","..No match.","","","SetupDiag: processing rule: DISMproviderFailure.","..No match.","","","SetupDiag: processing rule: SysPrepLaunchModuleFailure.","..No match.","","","SetupDiag: processing rule: UserProvidedDriverInjectionFailure.","..No match.","","","SetupDiag: processing rule: FindSuccessfulUpgrade.","..","SetupDiag reports successful upgrade found.","This appears to be a successful update as the last operation was: OOBEBoot and the result was: success","","SetupDiag found 1 matching issue.","","SetupDiag results were logged to: c:\windows\ccm\temp\\logs\setupdiag\setupdiagresults.log",{"JobId":"a761b21e-a215-4daf-ba02-bdb0b12751d6","DisplayName":null,"Description":null,"HttpMethod":null,"Dynamic":null,"TransferType":null,"JobState":null,"TransferPolicy":null,"ACLFlags":null,"SecurityFlags":null,"NotifyFlags":null,"OwnerAccount":null,"Priority":null,"RetryInterval":null,"RetryTimeout":null,"MaxDownloadTime":null,"TransientErrorCount":null,"ProxyUsage":null,"ErrorContext":null,"ErrorCondition":null,"InternalErrorCode":null,"ErrorDescription":null,"ErrorContextDescription":null,"BytesTotal":null,"BytesTransferred":null,"FilesTotal":null,"FilesTransferred":null,"CreationTime":null,"ModificationTime":null,"TransferCompletionTime":null,"FileList":null,"ProxyList":null,"ProxyBypassList":null,"NotifyCmdLine":null,"CustomHeaders":null,"CertificateStoreLocation":null,"CertificateStoreName":null,"CertificateHash":null,"CertificateSubjectName":null},{"JobId":"8e10abdb-d36b-4e0b-8fe8-266769a436b1","DisplayName":"TestPC-070620211558S.zip","Description":"This is a file transfer that uses the Background Intelligent Transfer Service (BITS).","HttpMethod":"BITS_POST","Dynamic":false,"TransferType":1,"JobState":4,"TransferPolicy":-2147483393,"ACLFlags":0,"SecurityFlags":0,"NotifyFlags":3,"OwnerAccount":{"Value":"NT AUTHORITY\SYSTEM"},"Priority":0,"RetryInterval":600,"RetryTimeout":1209600,"MaxDownloadTime":7776000,"TransientErrorCount":1,"ProxyUsage":0,"ErrorContext":5,"ErrorCondition":null,"InternalErrorCode":-2145844845,"ErrorDescription":"HTTP status 403: The client does not have sufficient access rights to the requested server object.\r\n","ErrorContextDescription":"The error occurred while the remote file was being processed.\r\n","BytesTotal":59003805,"BytesTransferred":0,"FilesTotal":1,"FilesTransferred":0,"CreationTime":"/Date(1625551310337)/","ModificationTime":"/Date(1625551310389)/","TransferCompletionTime":"/Date(-62135596800000)/","FileList":["Microsoft.BackgroundIntelligentTransfer.Management.BitsFile"],"ProxyList":null,"ProxyBypassList":null,"NotifyCmdLine":["",""],"CustomHeaders":null,"CertificateStoreLocation":0,"CertificateStoreName":"","CertificateHash":null,"CertificateSubjectName":""}]

[jayconnor-lab]

Issue is with cert not having subject name. Working on it

[jayconnor-lab]

Ok this is working with certId and no subject name

#edit script block issues...

`
$Cert = Get-ChildItem Cert:\LocalMachine\My | Where-Object { $.NotAfter -gt (Get-Date) -and $.EnhancedKeyUsageList.ObjectId -eq "1.3.6.1.5.5.7.3.2" }
If ($Cert.Count -gt 1) { $Cert = $Cert[0] }
$CertID = $cert.GetCertHashString()

$OSversion = (Get-WmiObject -Namespace Root\Cimv2 -Class Win32_OperatingSystem).Version
If ($OSversion -like "6.1*") {
    $HasCert = [bool](Get-ChildItem Cert:\LocalMachine\My | Where-Object Subject -Like "*$CertSubjectName")  #Can't use newer CMDLet method on Windows 7
}
Else {
    $HasCert = [bool](Get-ChildItem Cert:\LocalMachine\My -DnsName $CertSubjectName | Where-Object EnhancedKeyUsageList -Like '*Client Authentication*' | Test-Certificate -AllowUntrustedRoot) #Verify Machine has a certificate that we can attach to the bits job
}


# if (Get-ChildItem Cert:\LocalMachine\My -DnsName $CertSubjectName |where EnhancedKeyUsageList -Like '*Client Authentication*'|Test-Certificate -AllowUntrustedRoot) #Verify Machine has a certificate that we can attach to the bits job
If ($HasCert = $True) {
    #Verify Machine has a certificate that we can attach to the BITS job
    If ($SendStatusMessage -eq 'Yes') {
        #Code for Status Message trigger if desired to get Microsoft.ConfigurationManagement.Messaging.dll
        If (!(Test-Path -Path "$CCMTempDir\Microsoft.ConfigurationManagement.Messaging.dll")) {
            $DownloadJob = "DllDownload"
            $DownloadMessagingDLLBitsJob = Start-BitsTransfer -DisplayName $DownloadJob -Suspended -TransferType Download -Source $Destination\MessagingDLL\Microsoft.ConfigurationManagement.Messaging.dll -Destination  "$CCMTempDir\Microsoft.ConfigurationManagement.Messaging.dll"

            BitsAdmin /setclientCertificatebyID $DownloadJob 2 My $CertID | Out-Null #Using BitsAdmin to attach cert because can't do it with PowerShell Cmdlet
            Resume-BitsTransfer -BitsJob $DownloadMessagingDLLBitsJob
        }
        #End code for Status Message trigger
    }

    $BitsJobName = "$env:ComputerName-$numericdate.zip"
    $BitsJob = Start-BitsTransfer -DisplayName $BitsJobName -Source $LogsZip -Destination "$destination\$UplodadFileName" -TransferType Upload -Suspended
    BitsAdmin /setclientCertificatebyID $BitsJobName 2 MY $CertID | Out-Null #Using BitsAdmin to attach cert because can't do it with PowerShell Cmdlet
    Resume-BitsTransfer -BitsJob $BitsJob
    $UploadedClientLogs = $true
    write-host "Uploaded Client Logs to $destination/$UplodadFileName"
}
Else {
    Write-Host "Unable to find Certificate to attach to BITS job Aborting"
}

}

`