SCCM OSD Certificate issue
We are using a Mixed mode site and my PXE certificate expired. I did the following steps and created a new certificate and it did not help, every time I boot it still gives me the error "The Certificate associated with this media has expired" To resolve the issue for missing or expired certificates on a PXE Service Point , a new Certificate needs to be created: Go to Site Database --> Site Management --> <Site_Code> --> Site Settings --> Site Systems and choose the server where the PXE Service Point is located. In the right pane, right click on the ConfigMgr PXE service point and choose Properties. Click on the Database tab and locate the Create self-signed PXE certificate option. Under Create self-signed PXE certificate, set the Set expiration date option to some time in the future. Click OK. Go to Site Database --> Site Management --> <Site_Code> --> Site Settings --> Certificates --> PXE and verify that there is now a valid non-expired non-blocked Certificate. Update the Boot Images by going to Site Database --> Computer Management --> Operating System Deployment --> Boot Images. Expand both the Boot image (x64) and Boot image (x86) nodes (and any custom Boot Images if present). For each Boot Image, right click on Distribution Points and choose Update Distribution Points. Step through the Manage Distribution Points wizard until it has completed rebuilding the Boot Images. Restart the Windows Deployment Services (WDS) Server service. Any ideas?
October 15th, 2010 10:41pm
umm, do you even need a certificate in mixed mode? is the date in BIOS correct?Mayur
October 16th, 2010 12:09am
You don't have to re-create the boot images because the certificate isn't embedded in them, but the rest of the steps are correct (to the best of my knowledge). Review smspxe.log on the PXE service point system to make sure that it successfully received the new certificate and is using it. Checking the BIOS time (as Mayur suggested) is a good sanity check also.Jason | http://myitforum.com/cs2/blogs/jsandys | http://blogs.catapultsystems.com/jsandys/default.aspx | Twitter @JasonSandys
October 16th, 2010 2:12am
Here is the error in the smspxe.log <![LOG[Certificate not valid.. A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file I checked the system time and everything seems correct.
October 18th, 2010 7:01pm
Here is the error in the smspxe.log <![LOG[Certificate not valid.. A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file I checked the system time and everything seems correct. Could you please offer more entries? it's to short to troubleshoot such problem. On my side, I would like to confirm: 1. Did your create the new certificate successfully? 2. Did the PXE service Point receive new certificat? Thaks.Please remember to click Mark as Answer on the post that helps you, and to click Unmark as Answer if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.
October 20th, 2010 12:02pm