Today I logged in to my ConfigMgr server and I found that the CMG was stuck in starting state. In the ConfigMgr console I saw the error “Unable to connect to the cloud service”
I tried to stop the cmg, synchronise the config and start the CMG, but still it got stuck in starting state. I then rebooted the ConfigMgr server and repeated the steps and the same thing happened.
In the ConfigMgr console at Administration\Overview\Cloud Services\Cloud Management Gateway I was seeing the below.
I first noticed the issue when someone in my team advised me that no clients had downloaded the previous nights software updates. I then performed the below steps to troubleshoot and resolve the issue.
Troubleshooting ConfigMgr CMG Stuck in Starting State
To troubleshoot this issue I started by checking ConfigMgr on the client trying to download the package, then I checked the ConfigMgr server.
Listed below is what I checked
Logs On The Client
On the client (Where they are trying to download the package) open software center and click on the package / application that is having the issue. Below you can see that it hangs on Downloading 0% complete.
Now you need to check the ConfigMgr logs on the client to see if you can find any errors that would be causing the download to fail.
For this specific issue “ConfigMgr CMG Stuck in Starting State” I did not see any errors or issues that would cause the download to get stuck.
CMG Status In ConfigMgr Console
Next we need to check the status of the CMG server in the ConfigMgr console and run a connection analyzer test. To do this follow these steps
- Open the ConfigMgr console
- Go to Administration\Overview\Cloud Services\Cloud Management Gateway
- Check the status and status description, Below you can see the issue as the status is stuck on starting and the description is “Unable to connect to the cloud service”
- Now we need to run the connection analyzer to find the root cause. To do this right click on the CMG and select connection analyzer
- Click sign in or select client certificate, then click start
- The connection analyzer will now start
- We now have more information on what the root cause is
You will now see the error “State of the CMG service is ‘4’. For more information, see CloudMgr.log on Service Connection Point on CMG deployment progress.” we will now need to check the ConfigMgr logs.
Checking ConfigMgr Logs
We now need to take a look at the CloudMgr.log to find out exactly what is causing the issue.
On the ConfigMgr open the log file CloudMgr.log which is usually in the following location.
- C:\Program Files\Microsoft Configuration Manager\Logs\CloudMgr.log
In this file I found the below errors
- Resource Manager – Initializing… Acquiring access token to resource manager and accessing the subscription
- WARNING: Exception during cloud service monitoring task for service CMG
- WARNING: Exception Microsoft.ConfigurationManager.AzureManagement.FailedToCommunicateToServiceException:Failed to get access token to resource endpoint
- WARNING: Stack trace: at Microsoft.ConfigurationManager.AzureManagement.ResourceManager.Initialize()~~ at Microsoft.ConfigurationManager.CloudServicesManager.ServiceMonitorTask.MonitorCloudDistributionPoint()~~ at Microsoft.ConfigurationManager.CloudServicesManager.ServiceMonitorTask.Start(Object taskState)
- WARNING: Inner exception System.AggregateException:One or more errors occurred.
- WARNING: Inner exception stack trace: at System.Threading.Tasks.Task`1.GetResultCore(Boolean waitCompletionNotification)~~ at Microsoft.ConfigurationManager.AzureManagement.ResourceManager.Initialize()
The 1st and 3rd errors in bold above are the important lines to note. The CMG server has failed to get an access token and because of this the CMG server hangs in a starting status.
How To Fix ConfigMgr CMG Stuck in Starting State
The CMG is unable to get a access token because the Azure AD app secrets used by the CMG have expired. If you log in to the CloudMgr console and go to Administration\Overview\Cloud Services\Azure Active Directory Tenants you need to check the date that the secret key expires.
You should also see the error below at the top of the console.
- One or more Azure AD app secrets used by cloud services have expired.
To renew the secret key all you need to do is right click on the application and select renew secret key
You will then get prompted to sign in with your credentials, You should then see the message secret key successfully renewed
Now in the Configmgr console head back to Administration\Overview\Cloud Services\Cloud Management Gateway and start the CMG.
If the start button is greyed out then you will need to wait a few minutes for it to automatically start.
Hello, I am the owner of this site. I have 25+ years experience of IT. Check us out on the below social platforms.