KB: A PXE enabled Distribution Point that uses a self-signed certificate will generate many files in System Center 2012 Configuration Manager

KB: A PXE enabled Distribution Point that uses a self-signed certificate will generate many files in System Center 2012 Configuration Manager

  • Comments 1
  • Likes

imageHere’s a new Knowledge Base article we published. This one describes an issue where a PXE enabled Distribution Point will generate a large number of files under C:\ProgramData\Microsoft\Crypto\RSA\S-1-5-18 for each PXE request that it services on the network.

=====

Symptoms

A PXE enabled Distribution Point will generate a number of files under C:\ProgramData\Microsoft\Crypto\RSA\S-1-5-18 for each PXE request that it services on the network. This occurs whether the device sending the PXE request has a Task Sequence deployed to it or not. The generation of files will continue and may consume available hard disk space.

Cause

This occurs whenever a self-signed certificate is used for the Distribution Point (DP).

Resolution

To work around this problem, request a CA issued certificate for the PXE enabled DP and specify the PFX file under the properties of the DP. Step-by-step instructions on how to do create the PFX file are available in the Deploying the Client Certificate for Distribution Points section of http://technet.microsoft.com/en-ca/library/230dfec0-bddb-4429-a5db-30020e881f1e#BKMK_clientdistributionpoint2008_cm2012.

More Information

Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the "Applies to" section.

=====

For the most current version of this article please see the following:

2713467 - A PXE enabled Distribution Point that uses a self-signed certificate will generate many files in System Center 2012 Configuration Manager

J.C. Hornbeck | System Center & Security Knowledge Engineer

Get the latest System Center news on Facebook and Twitter:

clip_image001 clip_image002

App-V Team blog: http://blogs.technet.com/appv/
ConfigMgr Support Team blog: http://blogs.technet.com/configurationmgr/
DPM Team blog: http://blogs.technet.com/dpm/
MED-V Team blog: http://blogs.technet.com/medv/
Orchestrator Support Team blog: http://blogs.technet.com/b/orchestrator/
Operations Manager Team blog: http://blogs.technet.com/momteam/
SCVMM Team blog: http://blogs.technet.com/scvmm
Server App-V Team blog: http://blogs.technet.com/b/serverappv
Service Manager Team blog: http://blogs.technet.com/b/servicemanager
System Center Essentials Team blog: http://blogs.technet.com/b/systemcenteressentials
WSUS Support Team blog: http://blogs.technet.com/sus/

The Forefront Server Protection blog: http://blogs.technet.com/b/fss/
The Forefront Endpoint Security blog : http://blogs.technet.com/b/clientsecurity/
The Forefront Identity Manager blog : http://blogs.msdn.com/b/ms-identity-support/
The Forefront TMG blog: http://blogs.technet.com/b/isablog/
The Forefront UAG blog: http://blogs.technet.com/b/edgeaccessblog/

Your comment has been posted.   Close
Thank you, your comment requires moderation so it may take a while to appear.   Close
Leave a Comment
  • Can we delete these files? what are they for?