PXE boot policy request results in 'NoReply' (0x80004005)

John Perkins 41 Reputation points
2023-08-24T19:29:32.0033333+00:00

We have recently run across a problem trying to boot and install clients via PXE from our ConfigMgr/EndpointMgr server. The server is currently running CM 2303 with hotfix rollup KB24719670 applied.

Things look good until the PXE client attempts to download policy to determine which task sequences are available to run. Logs from the client follow:

Preparing Policy Assignment Request.	TSMBootstrap	8/24/2023 1:17:07 PM	1560 (0x0618)
    Setting transport.	TSMBootstrap	8/24/2023 1:17:07 PM	1560 (0x0618)
    Setting site code = CSE.	TSMBootstrap	8/24/2023 1:17:07 PM	1560 (0x0618)
    Setting client ID = 7ee8d364-41fc-4a30-a171-4fb26ffd7e3e.	TSMBootstrap	8/24/2023 1:17:07 PM	1560 (0x0618)
   Setting site signing Certificate.	TSMBootstrap	8/24/2023 1:17:07 PM	1560 (0x0618)
Setting SiteSigningCertificateContext	TSMBootstrap	8/24/2023 1:17:07 PM	1560 (0x0618)
Executing Policy Assignment Request.	TSMBootstrap	8/24/2023 1:17:07 PM	1560 (0x0618)
Sending RequestAssignments	TSMBootstrap	8/24/2023 1:17:07 PM	1560 (0x0618)
Setting the authenticator.	TSMBootstrap	8/24/2023 1:17:07 PM	1560 (0x0618)
CLibSMSMessageWinHttpTransport::Send: WinHttpOpenRequest - URL: <SCCM_SERVER>:443  CCM_POST /ccm_system_AltAuth/request	TSMBootstrap	8/24/2023 1:17:07 PM	1560 (0x0618)
SSL, using authenticator in request.	TSMBootstrap	8/24/2023 1:17:07 PM	1560 (0x0618)
In SSL, but with no client cert.	TSMBootstrap	8/24/2023 1:17:07 PM	1560 (0x0618)
Request was successful.	TSMBootstrap	8/24/2023 1:17:07 PM	1560 (0x0618)
reply from server is 'NoReply'	TSMBootstrap	8/24/2023 1:17:07 PM	1560 (0x0618)
DoRequest (sReply, true), HRESULT=80004005 (K:\dbs\sh\cmgm\0807_174415\cmd\n\src\Framework\OSDMessaging\libsmsmessaging.cpp,3344)	TSMBootstrap	8/24/2023 1:17:07 PM	1560 (0x0618)
oPolicyAssignments.RequestAssignments(), HRESULT=80004005 (K:\dbs\sh\cmgm\0807_174415\cmd\1v\src\Framework\TSCore\tspolicy.cpp,1452)	TSMBootstrap	8/24/2023 1:17:07 PM	1560 (0x0618)
Failed to request policy assignments (Code 0x80004005)	TSMBootstrap	8/24/2023 1:17:07 PM	1560 (0x0618)
m_pPolicyManager->init( sMP, nHttpPort, nHttpsPort, sSiteCode, bUseCRL, L"", sMediaPfx, sMediaGuid, sEnterpriseCert, sServerCerts, sSiteSigningCert, sAuthenticator), HRESULT=80004005 (K:\dbs\sh\cmgm\0807_174415\cmd\9\src\client\TaskSequence\TSMBootstrap\tsmediawizardcontrol.cpp,1234)	TSMBootstrap	8/24/2023 1:17:07 PM	1560 (0x0618)
Failed to initialize policy from Management Point	TSMBootstrap	8/24/2023 1:17:07 PM	1560 (0x0618)
Exiting TSMediaWizardControl::GetPolicy.	TSMBootstrap	8/24/2023 1:17:07 PM	1560 (0x0618)

I've gone through reinstalling the DP and MP services (all on one server with site database) and redeploying PXE services both with and without WDS. The client will successfully boot to the WinPE environment, accept the configured PXE password, but then fail with error 0x80004005 due to a policy download issue.

I would be most grateful for any suggestions to clear up this issue that would allow our clients to install via PXE again.

Microsoft System Center
Microsoft System Center
A suite of Microsoft systems management products that offer solutions for managing datacenter resources, private clouds, and client devices.
815 questions
Microsoft Configuration Manager
{count} vote

Accepted answer
  1. Simon Ren-MSFT 29,711 Reputation points Microsoft Vendor
    2023-08-30T09:34:42.5466667+00:00

    Hi,

    Thanks for your reply.

    Have you also deployed the Client Certificate for Distribution Points? A PXE-enabled distribution point sends this certificate to computers. If the task sequence includes client actions like client policy retrieval or sending inventory information, the computer can connect to an HTTPS-enabled management point during the OS deployment process. Refer to:

    Deploying the Client Certificate for Distribution Points

    PKI for site systems that have a distribution point installed

    Thanks for your time. Have a nice day!

    Best regards,

    Simon


    If the response is helpful, please click "Accept Answer" and upvote it.

    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

    1 person found this answer helpful.

1 additional answer

Sort by: Most helpful
  1. Simon Ren-MSFT 29,711 Reputation points Microsoft Vendor
    2023-08-28T09:08:43.97+00:00

    Hi,

    Thank you for posting in Microsoft Q&A forum.

    The error 0x80004005 translates to "unspecified error".

    1,Please make sure that the boundaries and boundary groups are correctly configured in Configuration Manager. The client needs to be within a boundary group that has a distribution point and a management point assigned to it.

    2,Since you are using HTTPS with an internal PKI, ensure that the necessary certificates are correctly configured on your management point, distribution point, and PXE-enabled distribution point. Ensure the certificates are valid and trusted by the clients.

    3,Also ensure that the client has proper network connectivity to the management point and distribution point. Check for any firewall rules or network issues that might be preventing communication.

    Thanks for your time. Have a nice day!

    Best regards,

    Simon


    If the response is helpful, please click "Accept Answer" and upvote it.

    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.