PXE Boot Fails In System Center 2012 Configuration Manager If The MP Is In HTTPS Mode But The DP Is In HTTP Mode

PXE Boot Fails In System Center 2012 Configuration Manager If The MP Is In HTTPS Mode But The DP Is In HTTP Mode

  • Comments 2
  • Likes

Symptoms

In System Center 2012 Configuration Manager, if the Management Point is in HTTPS mode but the Distribution Point hosting the PXE server is in HTTP mode, the PXE boot may fail. Examining the SMSPXE.log may reveal the following errors:

ProcessMessage: Context:0015B270  dTime:0 SMSPXE
!sTempString.empty(), HRESULT=80070057 (e:\nts_sccm_release\sms\framework\core\ccmcore\string.cpp,1023) SMSPXE
MAC=<MAC_Address> SMBIOS GUID=<SMBIOS_GUID> > DHCP Discover received. SMSPXE
Set enterpirse certificate in transport SMSPXE
Set media certificate in transport SMSPXE
Set authenticator in transport SMSPXE
CLibSMSMessageWinHttpTransport::Send: URL: <ConfigMgr_MP_Server>:443  GET /SMS_MP_AltAuth/.sms_aut?MPKEYINFORMATION SMSPXE
In SSL, but with no client cert SMSPXE
Request was succesful. SMSPXE
Set authenticator in transport SMSPXE
Setting message signatures. SMSPXE
Setting the authenticator. SMSPXE
CLibSMSMessageWinHttpTransport::Send: URL: <ConfigMgr_MP_Server>:443  CCM_POST /ccm_system_AltAuth/request SMSPXE
In SSL, but with no client cert SMSPXE
Request was succesful. SMSPXE
pNext != NULL, HRESULT=80004005 (e:\nts_sccm_release\sms\framework\osdmessaging\libsmsmessaging.cpp,1967) SMSPXE
reply has no message header marker SMSPXE
DoRequest (sReply, true), HRESULT=80004005 (e:\nts_sccm_release\sms\framework\osdmessaging\libsmsmessaging.cpp,6202) SMSPXE
SMSClientLookup.RequestLookup(smbiosGUID, macAddress, dwItemKey, bUnknown), HRESULT=80004005 (e:\nts_sccm_release\sms\server\pxe\smspxe\database.cpp,221) SMSPXE
PXE::DB_LookupDevice failed; 0x80004005 SMSPXE
Set enterpirse certificate in transport SMSPXE
Set media certificate in transport SMSPXE
Set authenticator in transport SMSPXE
CLibSMSMessageWinHttpTransport::Send: URL: <ConfigMgr_MP_Server>:443  GET /SMS_MP_AltAuth/.sms_aut?MPKEYINFORMATION SMSPXE
In SSL, but with no client cert SMSPXE
Request was succesful. SMSPXE
Set authenticator in transport SMSPXE
Sending StatusMessage SMSPXE
Setting message signatures. SMSPXE
Setting the authenticator. SMSPXE
CLibSMSMessageWinHttpTransport::Send: URL: <ConfigMgr_MP_Server>:443  CCM_POST /ccm_system_AltAuth/request SMSPXE
In SSL, but with no client cert SMSPXE
Request was succesful. SMSPXE
pNext != NULL, HRESULT=80004005 (e:\nts_sccm_release\sms\framework\osdmessaging\libsmsmessaging.cpp,1967) SMSPXE
reply has no message header marker SMSPXE
DoRequest (sReply, false), HRESULT=80004005 (e:\nts_sccm_release\sms\framework\osdmessaging\libsmsmessaging.cpp,4045) SMSPXE
Failed to send status message (80004005) SMSPXE
smStatusMessage.Send(), HRESULT=80004005 (e:\nts_sccm_release\sms\server\pxe\smspxe\database.cpp,444) SMSPXE
Failed to send the status message SMSPXE
PXE::DB_ReportStatus failed; 0x80004005 SMSPXE
GetOrCreateDeviceFromPacket(pRequest, deviceInfo, 1, 1), HRESULT=80004005 (e:\nts_sccm_release\sms\server\pxe\smspxe\pxehandler.cpp,1475) SMSPXE
PXE Provider failed to process message.
Unspecified error (Error: 80004005; Source: Windows) SMSPXE
Rejecting PXE request SMSPXE

 

Cause

This problem is caused if a self-signed certificate is specified in the properties of the Distribution Point.

During a PXE boot, clients will use the certificate specified in the "Distribution Point Properties" window to talk to both the MP and to the DP. If the MP is in HTTPS mode, the client needs a PKI certificate to talk to the MP. However if a self-signed certificate has been specified in the "Distribution Point Properties" window, it will use a self-signed certificate instead of a PKI certificate to try and talk to the MP, causing it to fail.

A PKI certificate can be used for the Distribution Point in HTTP mode.

 

Resolution

To resolve the problem, in the properties of the Distribution Point, specify to use a PKI certificate instead of a self-signed certificate. For more information about creating a PKI certificate for use in the Distribution Point, see the section "Boot images for deploying operating systems" under "PKI Certificates for Clients" at the below link:

PKI Certificate Requirements for Configuration Manager
http://technet.microsoft.com/en-us/library/gg699362.aspx


Frank Rojas
Senior Support Escalation Engineer

Comments
  • Thanks, great information!

Your comment has been posted.   Close
Thank you, your comment requires moderation so it may take a while to appear.   Close
Leave a Comment