Here's another ConfigMgr 2007 OSD tip from Frank Rojas out in Charlotte, North Carolina. If you have a Task Sequence that fails almost immediately after it boots into WinPE with an 0x80004005 error then you'll want to check this one out:
Issue: When attempting to deploy a Task Sequence via SCCM 2007 OSD, the Task Sequence fails almost immediately after it boots into WinPE with the following error message:
An error occurred while retrieving policy for this computer (0x80004005). For more information, please contact your system administrator or helpdesk operator.
Examining the SMSTS.log shows the following error message:
No cert available for policy decoding Failed to download policy (Policy_ID> (Code 0x80004005).
Cause: This error message can be caused by missing, expired, or blocked Certificates for either the Boot Media or the PXE Service Point.
Resolution: To determine if the Certificate is missing, expired, or blocked follow the steps below:
To resolve the issue for missing or expired certificates on Boot Media, a new certificate needs to be created:
To resolve the issue for missing or expired certificates on a PXE Service Point, a new Certificate needs to be created:
To resolve the issue if the certificate is blocked, follow these steps:
If you are not certain which certificate is the applicable one, you may have to unblock the certificates one at a time, retry the deployment again, and then see if the error goes away. Once you have determined the applicable certificate, you may want to go back and re-block the certificates that were not applicable and were unblocked during the testing.
J.C. Hornbeck | Manageability Knowledge Engineer
Good article but it would be helpful if you could let people know how to import a certificate as well.
For instance if we previously had a self signed but want to move to one that is signed by our orginaizations CA.
Also how do we completly delete the old certificates from the PXE Certificates area (or boot). If there are some in there that we no longer want.
It would be handy to know how to remove the old expired certs as well. I have so many of them listed it is easy to get confused