This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
Hi All,
I am facing the Issue "Task Sequence: xxxxxxx has failed with error code (0x80070002) in the task sequence step ''Configure Secure Boot". However my machine will pxe boot successfully and appeared the task sequence wizard.
we have enabled HTTPS in our Distribution Settings and further that is an additional DP in our environment. then I have checked the Network Access account settings and it was set to use computer account but I have added few user accounts which are already existing in our SCCM environment. however I am not sure whether these accounts should have access to our task sequence or not since I am not the person who created this TS. again, one thing I noticed, when I checked IIS settings of the additional DP where from pxe boot is still set to http bindings and webserver certificate is not under personal certificate either. however I am not sure this certificates is related to my problem since pxe boot is successful and error is showing up middle of the task sequence wizard.
appreciate the help to sort this out.
Thanks,
Dilan
Hi,
Thanks you very much for your sharing and feedback. We're glad that the question is solved now. It may help others who have similar issue. Here's a short summary for the problem.
Problem/Symptom:
"Task Sequence: xxxxxxx has failed with error code (0x80070002) and 0x800700a1.
Solution/Reason:
"Clear Required PXE Deployments" from Unknown Computers and try again
It's appreciated that you could click "Accept Answer" and upvote it, this will help other users to search for useful information more quickly. Thanks again for your time!
Best regards,
Simon
Hi,
Thanks for your time.
Best regards,
Simon
If the response is helpful, please click "Accept Answer" and upvote it.
Hi Simon,
Thank you very much for the replying. by the way I am getting a different error message now.
1) Here I have attached the SMSTS log file.
2) I have already import the DP certificate, I will set up the bindings in IIS for 443 with Web server certificate but no difference.
Hi,
Thanks for your reply.
The error code 0x800700a1 means "The specified path is invalid." Based on my experience, the certificate we should import is not a DP certificate, it's a the client certificate for distribution points. This certificate has two purposes:
For more detailed steps about how to import this certificate, please refer to:
Deploying The Client Certificate For Distribution Points
Best regards,
Simon
If the response is helpful, please click "Accept Answer" and upvote it.
Hi Simon,
Thank You,
Yes, I checked the properties of the certificate and it looks like you are correct but the thing is if I followed the step which has mentioned on above article, the PXE boot is not working at all. when I check it again PXE IP of the DP is not taking at all.
Do you have any comments on it.
Error was on SMSPXE.log
reply has no message header marker
PXE:: xx:xx:xx:xx: unsuccessful client info request 0x8004005
PXE:: MPs::Isknownmachinefailed;0x8007049
one thing, I made the change only in my additional DP since this is a troubleshooting step and to avoid any mishaps. do we need to change the certificate on primary site dp as well? or is it enough to changing the certificate in additional DP since that client contacting the additional DP.
Thanks,
Dilan
Hi,
Thanks for your reply.
I would like to confirm some information to narrow down this issue. In your above reply, the task sequence has finished the installed OS step and failed in the install software step, so it should download the boot image and OS image successfully and complete the PXE process without any error. Does this smspxe error occur in the same device?
Best regards,
Simon
Hi Simon,
Thank you very much for keep you helping.
I have created a exportable DP certificate with private key and imported into my additional DP and primary site DP. I have imported the two certificates with start date as a 11/09/2020. however when I went to certificates in SCCM there are two other certificates are available as a DP certificates(refer image01). when I blocked those two certificates from SCCM, I am not able to PXE boot at all(refer image02,image03). because of that I was unblocked them at the moment. Primary site DP and additional DP are in two different domains and other functions like patching, package deployment etc. are working fine.
Image01
Image02
Image03
Thanks,
Dilan
Hi Simon,
further I have followed below steps.
further I have imported my new DP OSD certificated to internet explore where i have additional DP and tested the MP list from the browser and that was working fine (refer image01). I have tried the same thing with old certificate which is mentioned as DP certificate in SCCM but it was failed with a access denied(refer image02).
Image01
Image02
Thanks,
Dilan
Hi,
Thanks for your detaied information.
Based on my understanding, the SCCM environment is in HTTPS only, and the situation we face are as below:
If I don't misunderstand, the two certificates with start date as a 11/09/2020 are used not only for site systems that have a distribution point installed but also for Boot images for deploying operating systems. The situation is as expected, we should not block these two certificates. When we have an environment with HTTPS only, the client must have a valid Boot images for deploying operating systems certificate for the client to communicate with the site and for the PXE OSD deployment to continue.
And the PXE-enabled DP also need a certificate for Site systems that have a distribution point installed to communicate with HTTPS-enabled management point. The requirements for this Boot images for deploying operating systems certificate are the same as the server certificate for site systems that have a distribution point installed. Because the requirements are the same, so we can use the same certificate file.
If I have misunderstood anything, please don't hesitate to let me know.
Best regards,
Simon
If the response is helpful, please click "Accept Answer" and upvote it.
hi Simon,
In my environment I can see there are 4 DP certificates, I am not sure what is the purpose of 2 certificates start from 10/03/2020 (webserver certificate). if I block these two, pxe boot is not working as well.
I have tried with elitedesk 800 g5 and it didn't get into task sequence wizard as well. it was restart after pxe screen. Please refer attached images and smspxe log.
Thanks,
Dilan
Hi,
Thanks for your reply.
This is a complex issue. I will do more research, if there is any update, I will let you know. Thanks for your understanding.
Best regards,
Simon
Hi Simon,
Thank you very much for all the help you have done. Issue has been resolved now.
What I did was, "Clear REquired PXE DEployments" from Unknown Computers and try again. However if you don't mind, the 4 DP certificates in place is normal, or we should have two DP certificates as we having two DPs in our environment.
Thanks,
Dilan
Hi,
Based on my experience, every DP should have two certificate, one for the DP itself and one for the client, so the 4 DP certificates in place is normal as you have two DPs. However, when if the certificate for DP itself is the same as the one for client, 2 certificate is OK, it depends on your environment.
Best regards,
Simon
Thanks Simon