Trying to do a build an capture via PXE from sccm smsts log shows: WINHTTP_CALLBACK_STATUS_SECURE_FAILURE and WINHTTP_CALLBACK_STATUS_FLAG_CERT_REV_FAILED I get the feeling that this has to do with the certificates installed on the machine. We currently have no root certificates defined and a self-signed PXE certificate I've done what is recommended in http://technet.microsoft.com/en-us/library/bb680501.aspx and http://technet.microsoft.com/en-us/library/bb632961.aspx , but there are multiple certificates and I'm not positive if I'm exporting the correct one. I'm exporting these certificates from the SCCM box. Is this the correct method?

is SCCM in mixed mode or native mode ? My step by step SCCM Guides I'm on Twitter > ncbrady

native mode.

For an update, I went to an XP machine and pulled the root certificate and PXE certificate (had to work a little for this one - our personal certs are not exportable by default.) I then applied them to SCCM and I'm still getting the same problem. Are there any other certificates that I need for OS deployment? App deployment works fine.

You can find all requirements here: http://technet.microsoft.com/en-us/library/bb680733.aspx Miguel Rodriguez

I've seen that before and I believe that we have met those requirements, as explained above. Are there any other key configurations needed if we are successfully able to deploy files already?

Hi, The error code 0x80072f8f means ERROR_INTERNET_SECURE_FAILURE ErrorClockWrong. This issue can be caused by a problem when booting to WinPE which makes a request to the BIOS to grab the system time. The local system time returned is different with the time on the Cert Authority. When PXE booting, we don't need to make such a time check so we don't hit this error. We could boot to WinPE and immediately break out to a CMD prompt and check the system time to see if it is changed a few seconds later. You may use intlcfg.exe command on the WinPE offline image as below: 1. With ImageX, mount the WinPE offline image to C:\Mount 2. Run: WAIK folder\Tools\x86\intlcfg.exe -timezone: "E. South America Standard Time" -image:c:\mount 3. Unmount the WinPE offline image with ImageX 4. Update all distribution points References: Issue building Latitude e6320 Daylight Savings Time in WinPE Regards, Sabrina This posting is provided "AS IS" with no warranties or guarantees, and confers no rights. |Please remember to click Mark as Answer on the post that helps you, and to click Unmark as Answer if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

The time doesn't seem to be the problem. I've checked the system time against the cart authority time and they are perfectly in sync. I believe that this has to do with the fact that we are pulling the personal local computer certificates from the SCCM server itself, since the XP machines do not allow for export of personal certificates. How would I go about allowing the XP machines the ability to expoert personal certificates? Would this need to be done on the Cert Authority? For the record, I'm talking about the export procedure detailed here: http://technet.microsoft.com/en-us/library/bb632961.aspx