I've tried many things to attempt to get this to work, but have failed. There is a cert from the domain CA. Server the following SC components installed: ConfigMgr component server ConfigMgr device management ConfigMgr distribution point ConfigMgr management point ConfigMgr PXE service point ConfigMgr reporting point ConfigMgr server locator point ConfigMgr site server ConfigMgr site system ConfigMgr software update point ConfigMgr state migration point Additionally, it has Symantec Endpoint Protection Manager on it (as well as the client), WSUS. The CA is another DC in the domain, and the SQL server it connects to is an entirely different server as well.

Hello - Have you seen the below thread? http://social.technet.microsoft.com/Forums/en-US/configmgrosd/thread/40d8c129-33ac-4857-a6c6-52628af917f2 Extract from the thread 1. run "Netstat -a", check whether Port 4011 is open. 2. Take a look at this KB article: PXE clients computers do not start when you configure the Dynamic Host Configuration Protocol server to use options 60, 66, 67 http://support.microsoft.com/?scid=kb%3Ben-us%3B259670&x=19&y=10 3. check SMSPXE.log, if there is any error, post it in the thread. Anoop C Nair - This posting is provided "AS IS" with no warranties or guarantees, and confers no rights. |Please remember to click Mark as Answer on the post that helps you, and to click Unmark as Answer if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

ok, silly question, i have the firewall disabled on the server, how do i open up port 4011. it is Server 2008 R2 Enterprise.

We do have our DHCP set to use options 66 and 67 for a Citrix environment, but not option 60. I checked the SMSPXE.log (which had a lot of info in it), and it had no errors though.

Hi, First, run the command: "Netstat -a" to check whether Port 4011 is open. You may refer to the steps in the following link to open the port: http://support.microsoft.com/kb/889712 Also, please check if there is any error in the CreateTSMedia.Log. You may check if the MP is functionally: Please browse through MP URL from Client machines Url to check MP is working or not: http://smsservername/sms_mp/.sms_aut?mplist - if page display MP list, MP is working fine. http://smsservername/sms_mp/.sms_aut?mpcert - if a longstring appears, MP is working fine. Regards, Sabrina This posting is provided "AS IS" with no warranties or guarantees, and confers no rights. |Please remember to click Mark as Answer on the post that helps you, and to click Unmark as Answer if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

The link you posted was for Windows Server 2003, not Windows Server 2008 R2. The computer the SCCM is on is Windows Server 2008 R2. Also, trying to access either of those sites resulted in a 404 error. What do I do to resolve that?

Also, with the CreateTSMedia.log, this is one of the errors in it: <![LOG[Failed to create media generator (0x80040002)]LOG]!><time="08:21:29.854+240" date="04-06-2011" component="CreateTsMedia" context="" type="3" thread="3768" file="createtsmedia.cpp:218"> <![LOG[CreateTsMedia failed with error 0x80040002, details=""]LOG]!><time="08:21:29.854+240" date="04-06-2011" component="CreateTsMedia" context="" type="1" thread="3768" file="createtsmedia.cpp:229">

Hi, This error can be caused by the MP Trustedkey value was missing in registry. Please go to Registry HKLM\Software\Wow6432node\Microsoft\SMS\MP\Certificates and check if the values for Trustedrootkey and Signedtrustedrootkey are empty. If so, you may copy the trusted root key information from C:\Program files\Microsoft Configuration manager\bin\i386\Mobileclient.tcf and paste it in 'Trustedrootkey' registry hive. Signedtrustedrootkey value would be same as Signedencryptionkey. Regards, Sabrina This posting is provided "AS IS" with no warranties or guarantees, and confers no rights. |Please remember to click Mark as Answer on the post that helps you, and to click Unmark as Answer if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.