Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Monday, July 25, 2016 3:15 PM
Hi!
For about two weeks I'm struggling with the error in PXEboot.log on remote Distribution Point:
Unable to open Registry key Software\Microsoft\CCM. Return Code [80070002]. Client HTTPS state is Unknown. SMSPXE 25 Jul 16 18:02:13 3880 (0x0F28)
In SSL, but with no client cert SMSPXE 25 Jul 16 18:02:13 3880 (0x0F28)
In SSL, but with no client cert SMSPXE 25 Jul 16 18:02:13 3880 (0x0F28)
I've followed this article and so many others to reveal my mistake but I couldn't. Looks like I can't inject client certificates into PXE. Did anybody come with this before?
What I've checked so far:
- The client certificate is correct. It's been copied from workstation template and wasn't altered (except for private key export option)
- DP has the certificate in its Personal store of computer cert store.
- Site client computer communication set to HTTPS only, client certificate selection is left default
- CDP is available, CRL is accessible, certificate share is available for everyone in read-only mode.
Nuances:
Management point has been updated (in-place) from 2008R2 to 2012R2. I didn't implement HTTPS prior to update. DP is 2012R2 server core.
Any ideas what am I missing?
Monday, July 25, 2016 3:50 PM ✅Answered
There's no such log as PXEBoot.log. Do you mean smspxe.log?
Can you post a screenshot of the PXE tab of the DP?
Jason | http://blog.configmgrftw.com | @jasonsandys
Wednesday, July 27, 2016 7:01 AM
Hi,
Please also refer to the link below:
Step-by-Step Example Deployment of the PKI Certificates for Configuration Manager: Windows Server 2008 Certification Authority
Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.