Hello,
Did you switch your DP to communicate using HTTPS?
You can take a look of the following official documentation about PKI DP & OSD requirements:
Regards,
Youssef Saad | Blog: https://youssef-saad.blogspot.com/ | LinkedIn
This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
I have recently switched our ConfigMgr environment to use HTTPS communication. Since then, OSD is not working anymore. It fails at step “apply operating system” with error 0x80070002. I receive errors of type “Http result: 403”, “SendResourceRequest() failed. 80190193”, “Download() failed. 80190193" in smts.log file.
Based on my comprehension, I understand that the system will use Network Access User account to retrieve boot image at this step; the system has no operating system installed so it cannot use certificate.
Debug logs (smts.log, ...) have been uploaded to https://www.swisstransfer.com/d/e2cc198a-2f99-4b76-b9ed-20a13365387c
Certificates are valid and not expired
All roles installed on the same server
Network access user configured
SQL Server : Microsoft SQL Server 2016 (SP3-CU1-GDR)
Configuration Manager 2211
IIS Version : 10.0.14393.0
Windows Authentication and anonymous authentication enabled on the default web site
Could anyone help please?
Hello,
Did you switch your DP to communicate using HTTPS?
You can take a look of the following official documentation about PKI DP & OSD requirements:
Regards,
Youssef Saad | Blog: https://youssef-saad.blogspot.com/ | LinkedIn
I believe you will need to re-create or re-deploy boot images, they will have that new DP cert which you didn't have before.
Hi,
Thank you for posting in Microsoft Q&A forum.
Agree with above replies. You will need to make sure that both your DP and IIS certificates have been assigned to the DP, then re-create and re-deploy boot images. A PXE-enabled distribution point sends this DP certificate to clients. Then the clients can connect to an HTTPS-enabled management point during the OS deployment process.
Helpful articles for your reference:
SOLVED OSD BROKEN AFTER HTTPS SETUP
Deploying the Client Certificate for Distribution Points
Deploy PKI Certificates for SCCM Step by Step Guide
PKI for Site systems that have a distribution point installed
Thanks for your time. Have a nice day!
Best regards,
Simon
If the response is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.