Hi AJ, did you or anyone get this resolved? I am upgrading to 2103 and need to know this for my org as we use PXE and it cannot go down whatsoever. Thanks.

Before you disabled the enhanced HTTP did you examine the PXE boot log files ?.

I am also having PxE issues, when I enabled the Enhanced HTTP we could not get PXE boot, the device would get an IP and then reboot with a failed boot message, I remove the Enhanced HTTP and it works again.

Please let me know which logs would be useful in troubleshooting this issue.

Im have the same issues after update to 2103 – and the pre-req warning…
I found that the DHCP Policies we had before was disabled and the Option 66 and 67 was unticked and empty.
So after adding back the DHCP Policies and options, I am now stuck with the BCD 0x089 error.

The SMSPXE log shows a
CryptVerifySignature failed, 80090006 error
followed by
untrusted certificate: xxxxxx,
PXE::MP_InitializeTransport failed; 0x80090006 PXE::MP_LookupDevice failed; 0x80070490
PXE Provider failed to process message.
Element not found. (Error: 80070490; Source: Windows)

Looking at the Management Point – HTTPS was not selected. I Selected this again.
Both the Enrollment and Enrollment Proxy Point already had HTTPS selected
Logs now showed a slightly different error:
PXE::MP_GetList failed; 0x80070490
PXE::MP_LookupDevice failed; 0x80070490
PXE::MP_ReportStatus failed; 0x80070490
PXE Provider failed to process message.
Element not found. (Error: 80070490; Source: Windows)

The Management point seems to revert back to HTTP.
The log also continues to show
Using Management Point: http://
and
CLibSMSMessageWinHttpTransport::Send: WinHttpOpenRequest – URL: :80 GET /SMS_MP/.sms_aut?MPKEYINFORMATIONEX

PS: I reinstalled PXE / WDS a few times with no benefit to this.

So maybe the underlaying issue is a SCCM installation not setup properly for HTTPS?

If you haven’t implemented PKI in your setup, you can switch to Use Configuration Manager-generated certificates for HTTP site systems. When you do that it shouldn’t affect OSD, app deployment etc. However I am seeing some comments where people are complaining that PXE boot isn’t working. I haven’t got any log files to review so I can’t comment much.

Thanks Prajwal.

For clarity – We can enable the option on our Primary Site and select :

Use Configuration Manager-generated certificates for HTTP site systems

and this option will handle all client communication requirements, for OSD, for App deployment and for management, etc.

Is there any further action required for sites that do NOT have HTTPS or PKI setup?

Thanks ever so much Man, Love your site!!!

Hi, I am also having the same issue. After navigating to Administration > Site Configuration > Sites > Properties of site > Communication Security I ticked the box that says ‘Use Configuration Manager -generated certificates for HTTP site systems.

After ticking this box I am no longer able to PXE boot devices. The clients don’t receive a PXE response.

I was wondering if you can please point me to the right directions. In our Primary Site i’ve changed from Https or http to https Only and clicked on ‘Apply’…..We now can’t image any PCs. We are stuck on ‘Start PXE over IPv4. Also, all of our devices in SCCM are showing ‘offline’ plus none of the applications in software center are visible.

-I’ve changed the setting back to HTTP Only – But still the same result
-Reboot the Primary Server and Site System Server – No change
-Check IIS – But not sure what certificates are missing in Bindings.

Any help is much appreciated.

Thanks,
Daniel

You don’t need to worry about the certificates. The OSD and client agents will be unaffected with this change.