Share via

SCCM pxe boot error: Error code:0xc0000098 with no client cert

Eaven HUANG 2,196 Reputation points
2024-02-08T08:45:41.78+00:00

Dear Experts,

I've configured SCCM for OSD, DHCP has been set up but after the PC boots from network, I saw the following screen then it goes into the old OS, what might be wrong?

CLIENT MAC ADDR:88 D? F6 57 0C 45 GUID: FBB98D2E 2F95 4A41 85ED FABDBCEEBEBCCLIENT IP: 10.103.254.114 MASK:255.255.255.0 DHCP IP: 18.183.4.51GATEWAY IP: 10.183.254.1 TFTP. PxE-MF: Exiting Intel Boot Agent.

I restarted WDS services, reboot the SCCM server then the client can pxe boot with F12, but it didn't load the boot image, instead it shows the error:

Recovery 
Your PC/Device needs to be repaired The Windows Boot Configuralion Data (BCD) file from the PXE server does not contain a valid operating system enlry. Ensure thatthe server has boot images installed for this architecture File:\Tmp\x86x64{E9C9C3CD-A5ED-4543-89AF-AB9C1F99BA641}.bcd Error code:0xc0000098 You'l need to use recovery tools. lf you don' have any installtion media (ike a disc or UsB device), conlact your Pc administrator olPC/Device manufacturer.

I've tried to follow some solutions to uninstall WDS, reboot the server, but it went back to the TFTP error "PxE-MF: Exiting Intel Boot Agent."

From the SCCM smspxe.log, I can see the following that seems to be cert issue but I have no clue how to fix it, we had PKI for our SCCM environment.

============> Received from client: SMSPXE 08/02/2024 16:06:21 4960 (0x1360) Operation: BootRequest (1) Addr type: 1 Addr Len: 6 Hop Count: 0 ID: 450C57F6 Sec Since Boot: 0 Client IP: 010.103.254.114 Your IP: 000.000.000.000 Server IP: 000.000.000.000 Relay Agent IP: 000.000.000.000 Addr: 88:d7:f6:57:0c:45: Magic Cookie: 63538263 Options: Type=53 Msg Type: 3=Request Type=60 ClassId: PXEClient Type=97 UUID: 00fb098d2e2f954a4185edfa8d0cee0e0c Type=93 Client Arch: Intel x86PC Type=250 0c01010d0208000e010001020006ff Type=55 Param Request List: 03013c8081828384858687 SMSPXE 08/02/2024 16:06:21 4960 (0x1360) Prioritizing local MP https://MECMServer.gtiit.edu.cn. SMSPXE 08/02/2024 16:06:21 7096 (0x1BB8) Using Management Point: https://MECMServer.gtiit.edu.cn SMSPXE 08/02/2024 16:06:21 7096 (0x1BB8) SSL, using authenticator in request. SMSPXE 08/02/2024 16:06:21 7096 (0x1BB8) In SSL, but with no client cert. SMSPXE 08/02/2024 16:06:21 7096 (0x1BB8) SSL, using authenticator in request. SMSPXE 08/02/2024 16:06:21 7096 (0x1BB8) In SSL, but with no client cert. SMSPXE 08/02/2024 16:06:21 7096 (0x1BB8) reply has no message header marker SMSPXE 08/02/2024 16:06:21 7096 (0x1BB8) Unsuccessful client info request. 80004005. SMSPXE 08/02/2024 16:06:21 7096 (0x1BB8) PXE::MP_LookupDevice failed; 0x80070490 SMSPXE 08/02/2024 16:06:21 7096 (0x1BB8) Prioritizing local MP https://MECMServer.gtiit.edu.cn. SMSPXE 08/02/2024 16:06:21 7096 (0x1BB8) Using Management Point: https://MECMServer.gtiit.edu.cn SMSPXE 08/02/2024 16:06:21 7096 (0x1BB8) SSL, using authenticator in request. SMSPXE 08/02/2024 16:06:21 7096 (0x1BB8) In SSL, but with no client cert. SMSPXE 08/02/2024 16:06:21 7096 (0x1BB8) SSL, using authenticator in request. SMSPXE 08/02/2024 16:06:21 7096 (0x1BB8) In SSL, but with no client cert. SMSPXE 08/02/2024 16:06:21 7096 (0x1BB8) reply has no message header marker SMSPXE 08/02/2024 16:06:21 7096 (0x1BB8) Failed to send status message (80004005) SMSPXE 08/02/2024 16:06:21 7096 (0x1BB8) Unsuccessful in sending status message. 80004005. SMSPXE 08/02/2024 16:06:21 7096 (0x1BB8) PXE::MP_ReportStatus failed; 0x80070490 SMSPXE 08/02/2024 16:06:21 7096 (0x1BB8) PXE Provider failed to process message. Element not found. (Error: 80070490; Source: Windows) SMSPXE 08/02/2024 16:06:21 7096 (0x1BB8) 88:D7:F6:57:0C:45, 2E8D09FB-952F-414A-85ED-FA8D0CEE0E0C: Not serviced. SMSPXE 08/02/2024 16:06:21 7096 (0x1BB8) Boot image GTN00005 has changed since added SMSPXE 08/02/2024 16:39:22 2588 (0x0A1C) Loaded Windows Imaging API DLL (version '10.0.22000.1') from location 'C:\Program Files (x86)\Windows Kits\10\Assessment and Deployment Kit\Deployment Tools\amd64\DISM\wimgapi.dll' SMSPXE 08/02/2024 16:39:22 2588 (0x0A1C) Opening image file J:\RemoteInstall\SMSImages\GTN00005\boot.GTN00005.wim SMSPXE 08/02/2024 16:39:22 2588 (0x0A1C) Found Image file: J:\RemoteInstall\SMSImages\GTN00005\boot.GTN00005.wim PackageID: GTN00005 ProductName: Microsoft® Windows® Operating System Architecture: 9 Description: Microsoft Windows PE (amd64) Version:
Creator: SystemDir: WINDOWS SMSPXE 08/02/2024 16:39:22 2588 (0x0A1C) Closing image file J:\RemoteInstall\SMSImages\GTN00005\boot.GTN00005.wim SMSPXE 08/02/2024 16:39:22 2588 (0x0A1C) Begin validation of Certificate [Thumbprint 0A1159C6EDD6DDA05421673EA3F4BFD481A2DB11] issued to 'MECMServer.gtiit.edu.cn' SMSPXE 08/02/2024 16:41:24 2588 (0x0A1C) Certificate [Thumbprint 0A1159C6EDD6DDA05421673EA3F4BFD481A2DB11] issued to 'MECMServer.gtiit.edu.cn' has expired. SMSPXE 08/02/2024 16:41:24 2588 (0x0A1C) Completed validation of Certificate [Thumbprint 0A1159C6EDD6DDA05421673EA3F4BFD481A2DB11] issued to 'MECMServer.gtiit.edu.cn' SMSPXE 08/02/2024 16:41:24 2588 (0x0A1C) Prioritizing local MP https://MECMServer.gtiit.edu.cn. SMSPXE 08/02/2024 16:41:24 2588 (0x0A1C) Using Management Point: https://MECMServer.gtiit.edu.cn SMSPXE 08/02/2024 16:41:24 2588 (0x0A1C) SSL, using authenticator in request. SMSPXE 08/02/2024 16:41:24 2588 (0x0A1C) In SSL, but with no client cert. SMSPXE 08/02/2024 16:41:24 2588 (0x0A1C) File J:\RemoteInstall\SMSTemp\2024.02.08.15.52.38.04.{D1615FAA-1234-4321-8489-550A0A870DF0}.boot.bcd deleted. SMSPXE 08/02/2024 16:41:24 1328 (0x0530) File J:\RemoteInstall\SMSTemp\2024.02.08.15.52.38.04.{D1615FAA-1234-4321-8489-550A0A870DF0}.boot.bcd.log deleted. SMSPXE 08/02/2024 16:41:24 1328 (0x0530) SSL, using authenticator in request. SMSPXE 08/02/2024 16:41:24 2588 (0x0A1C) In SSL, but with no client cert. SMSPXE 08/02/2024 16:41:24 2588 (0x0A1C) reply has no message header marker SMSPXE 08/02/2024 16:41:24 2588 (0x0A1C) Failed to send status message (80004005) SMSPXE 08/02/2024 16:41:24 2588 (0x0A1C) Unsuccessful in sending status message. 80004005. SMSPXE 08/02/2024 16:41:24 2588 (0x0A1C) PXE::MP_ReportStatus failed; 0x80070490 SMSPXE 08/02/2024 16:41:24 2588 (0x0A1C) Certificate not valid.. A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file. (Error: 800B0101; Source: Windows) SMSPXE 08/02/2024 16:41:24 2588 (0x0A1C) Any advice would be much appreciated!

Microsoft Security | Intune | Configuration Manager | Other
0 comments
Answer accepted by question author
  1. AlexZhu-MSFT 6,596 Reputation points Moderator
    2024-02-09T01:45:51.4933333+00:00

    Hi Eaven,

    During OSD phase, if prompts BCD error above, it indicates the network level is ok (DHCP, TFTP, PXE, etc.), and just there is no entry in the BCD store for the boot image (PE).

    For the current problem we are facing, it seems it's out of Configuration Manager. From the log, we need to renew the certificate to ensure the communication.

    Thumbprint 0A1159C6EDD6DDA05421673EA3F4BFD481A2DB11

    Regards,

    Alex

1 additional answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. AlexZhu-MSFT 6,596 Reputation points Moderator
    2024-02-12T01:49:11.2033333+00:00

    Hi Eaven,

    Since we have located the certificate in localmachine\my, we can right-click the certificate to renew it to see if it works.

    Note: if we have any problems when renewing the certificate, we can see the help from AD guys, who are in charge of the internal CA.

    User's image

    Regards,

    Alex

Your answer

Answers can be marked as 'Accepted' by the question author and 'Recommended' by moderators, which helps users know the answer solved the author's problem.