Task sequence fails when using PXE OSD
"certificate is not valid due to failures in certificate chain validation, Raising status event. Failure HR = 0x800b010a"
it sounds like you need to check & possibly refresh the root ca cert & any intermediate certs, from your PKI, onto your site server.
this is an older article but should put you on the right track.
Troubleshooting Certificate Status and Revocation
http://technet.microsoft.com/en-us/library/cc700843.aspxtesgroup
January 21st, 2011 1:25am
Hello,
Friend,
so
I know the
SCCM
2007 is
not supported
by
Windows Server
2008
R2.
Could this be
the reason for the
error.Na vida h dois caminhos mais s um que vai na direo certa
Free Windows Admin Tool Kit Click here and download it now
January 21st, 2011 2:10am
Hello,
Our SCCM environment (all points are on a single server, running in Native mode, Windows Server 2008 R2) recently had its certificates changed/updated, now we are
unable to use PXE as a deployment method.
Clients can boot to WinPE, the splash screen is displayed, we are prompted for the password but then the client machine will display the following error message:
“Failed to Run Task Sequence
An error occurred while retrieving policy for this computer (0x80004005). For more information please contact your system administrator or helpdesk operator”
Under
Site Status the SMS_MP_CONTROL_MANAGER is showing as Critical with the warning message:
MP has rejected registration request due to failure in client certificate (Subject Name: *.DOMAIN1.COM) chain validation. If this is a valid client SMS Administrator
needs to place the Root Certification Authority and Intermediate Certificate Authorities in the MPÆs Certificate store. The operating system reported error 2148204810: A certificate chain could not be built to a trusted root authority.
Upon checking the
MP_RegistrationManager.log I can see this error:
MP Reg: Client in-band certificate is not valid due to failures in certificate chain validation, Raising status event. Failure HR = 0x800b010a, In-band Cert SubjectName
= *.DOMAIN1.COM MP_RegistrationManager
20/01/2011 11:16:38 AM
4596 (0x11F4)
The logs say that this is being generated from the server hosting SCCM.
However I am unable to locate the mentioned certificate in the certificate store to change it over.
http://technet.microsoft.com/en-us/library/cc872789.aspx is what I followed to deploy the
new/updated certs.
I am able to provide further details/logs if needed, any assistance would be greatly appreciated as it is starting to drive me crazy and I would really like PXE functionality
working again.
Thanks in advance
Locust12
January 21st, 2011 2:37am
Hello,
Thankyou for your response.
This server has been actively running SCCM 2007 v4.00 for over 1 year without any trouble.
The only changes made have been to deployment packages (which were previously tested and working) and most recently the certificates.
Thanks
Locust12
Free Windows Admin Tool Kit Click here and download it now
January 21st, 2011 2:37am
Hi Tesgroup,
Thank you for the link, replacing the root ca cert did resolve this error.
However I am still unable to deploy any OS. The error I receive now is "BOM not found on policy reply". I will try
this solution to fix.
Thanks again.
Edit..
I resolved the second issue using
this method as the above did not work for me.
February 7th, 2011 3:35am
Hi Tesgroup,
Thank you for the link, replacing the root ca cert did resolve this error.
However I am still unable to deploy any OS. The error I receive now is "BOM not found on policy reply". I will try
this solution to fix.
Thanks again.
Free Windows Admin Tool Kit Click here and download it now
February 7th, 2011 9:33pm