SCCM – OSD not working anymore after switching to HTTPS environment.

Kevin Burgisser 6 Reputation points
2023-05-16T06:08:25.3833333+00:00

I have recently switched our ConfigMgr environment to use HTTPS communication. Since then, OSD is not working anymore. It fails at step “apply operating system” with error 0x80070002. I receive errors of type “Http result: 403”, “SendResourceRequest() failed. 80190193”, “Download() failed. 80190193" in smts.log file.

Based on my comprehension, I understand that the system will use Network Access User account to retrieve boot image at this step; the system has no operating system installed so it cannot use certificate.

Debug logs (smts.log, ...) have been uploaded to https://www.swisstransfer.com/d/e2cc198a-2f99-4b76-b9ed-20a13365387c

Certificates are valid and not expired
All roles installed on the same server
Network access user configured
SQL Server : Microsoft SQL Server 2016 (SP3-CU1-GDR)
Configuration Manager 2211
IIS Version : 10.0.14393.0
Windows Authentication and anonymous authentication enabled on the default web site

Could anyone help please?

Microsoft Configuration Manager
{count} votes

3 answers

Sort by: Most helpful
  1. Youssef Saad 3,406 Reputation points
    2023-05-16T13:44:32.5+00:00

    Hello,

    Did you switch your DP to communicate using HTTPS?

    You can take a look of the following official documentation about PKI DP & OSD requirements:

    Regards,

    Youssef Saad | Blog: https://youssef-saad.blogspot.com/ | LinkedIn

    1 person found this answer helpful.

  2. Pavel yannara Mirochnitchenko 12,411 Reputation points MVP
    2023-05-16T14:52:51.6933333+00:00

    I believe you will need to re-create or re-deploy boot images, they will have that new DP cert which you didn't have before.


  3. Simon Ren-MSFT 31,911 Reputation points Microsoft Vendor
    2023-05-17T08:49:15.44+00:00

    Hi,

    Thank you for posting in Microsoft Q&A forum.

    Agree with above replies. You will need to make sure that both your DP and IIS certificates have been assigned to the DP, then re-create and re-deploy boot images. A PXE-enabled distribution point sends this DP certificate to clients. Then the clients can connect to an HTTPS-enabled management point during the OS deployment process.

    Helpful articles for your reference:

    SOLVED OSD BROKEN AFTER HTTPS SETUP

    Deploying the Client Certificate for Distribution Points

    Deploy PKI Certificates for SCCM Step by Step Guide

    PKI for Site systems that have a distribution point installed

    Thanks for your time. Have a nice day!

    Best regards,

    Simon


    If the response is helpful, please click "Accept Answer" and upvote it.

    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.