SCCM OSD failed on one remote site

kevin jimand 400 Reputation points
2023-08-20T14:39:35.53+00:00

Hi,

We are using the latest SCCM 2303. We have one primary site and three remote site. Everything works well except SCCM OSD failed on one remote site. When I check the smspxe.log on the DP of remote site, I can see below error:

SMSPXE Failed to create certificate store from encoded certificate. Verify the provided Certificate was provisioned correctly. .

An error occurred during encode or decode operation. (Error: 80092002; Source: Windows)

SMSPXE PXE::MP_GetList failed; 0x80092002

SMSPXE PXE::MP_ReportStatus failed; 0x80092002

SMSPXE PXE::CPolicyProvider::InitializePerformanceCounters failed; 0x80070002

SMSPXE Failed to create certificate store from encoded certificate. Verify the provided Certificate was provisioned correctly. .

Is there any way to solve this problem? Appreciate your help!

Microsoft Deployment Toolkit
Microsoft Deployment Toolkit
A collection of Microsoft tools and documentation for automating desktop and server deployment. Previously known as Microsoft Solution Accelerator for Business Desktop Deployment (BDD).
884 questions
Microsoft Configuration Manager Deployment
Microsoft Configuration Manager Deployment
Microsoft Configuration Manager: An integrated solution for for managing large groups of personal computers and servers.Deployment: The process of delivering, assembling, and maintaining a particular version of a software system at a site.
964 questions
0 comments No comments
{count} votes

Accepted answer
  1. Simon Ren-MSFT 33,226 Reputation points Microsoft Vendor
    2023-08-21T02:35:16.6966667+00:00

    Hi,

    Thank you for posting in Microsoft Q&A forum.

    It seems to be a known issue. This issue occurs if the IssuingCertificateList registry key is missing from the following registry subkey on the DP.

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SMS\Security

    To fix the issue, copy the IssuingCertificateList registry key value from the management point. Then, copy this value to the same registry key on the DP. To do this, you can run the following command at an elevated command prompt on the DP:

    REG.exe ADD "HKLM\SOFTWARE\Microsoft\SMS\Security" /v IssuingCertificateList /t REG_MULTI_SZ /d <Value_From_MP>

    For more information, please refer to: PXE boot doesn't work because a self-signed certificate isn't created

    Thanks for your time. Have a nice day!

    Best regards,

    Simon


    If the response is helpful, please click "Accept Answer" and upvote it.

    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

    0 comments No comments

0 additional answers

Sort by: Most helpful

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.