The customer noticed that after he installed the package service on his Site Server only provides UNC or HTTP codebases, even when he has selected "Publish HTTPS codebase" (under Settings>All Settings>Notification Server>Site Server Settings>Package Service>Package Service Settings).
From the agent logs we can see that virtual directories are being created, this means all required IIS features are installed.
IIS for some reason didn't bind to port 443 the assigned certificate even though IIS showed a certificate bound to it.
The HTTPS codebases depend also on bindings in the IIS. If those are not OK, the HTTPS is not configured and not show up in the UI.
The bindings do exist not only in IIS, they are also configured on Windows level (visible by “netsh http show sslcert” cmd command), and if some app is changing the windows binding, the IIS do not know anything about it and could show old values in the own UI. They have a complicated relationships. Also, if “Force” flag is not set in PS policy, it could happen that Agent (on the PS) will not (re)create/update the binding, if it decides that binding is not our own.
One thing to consider is that Package Service on the SMP is not really recommended since the SMP by nature is a package server already providing codebases to any client or package server that needs those packages
Windows Server 2012 R2
SMP 8.1 and later
Check first the following KBs just in case you are not missing important IIS feature settings:
164960 Package Server only publishes UNC codebases even when IIS is installed, if Required IIS Features are missing
160917 Required IIS features for the package server
In this particular case, we had to do the following:
Once that was done, go to the Agent UI>Package Server tab>Refresh All Packages and now HTTPS codebases are generated.
If the suggestion above works but after rebooting the package server the error "Package Server could not access own Web Site using HTTPS" comes back, please try the following:
On the SMP Console, under Settings>Notification Server>Site Server Settings, find the affected Package Server under "Site Servers" and click on "Override the global settings by custom settings" for the "Certificates Rollout" section (depending on the SMP version, it may be called "Web Configuration" section).
Make sure to:
After the package server gets the new configuration, restart the Altiris agent service. Check if the error is still present.
In another version, it may look like this: