none
OS Deployment Issue with dedicated DP within a Boundary Group RRS feed

  • Question

  • Hi,
    I've the following issue:
    Having two Boundary Groups, BG1 for the 192.168.x.y subnet and one other for the 10.10.10.x subnet. Each BG is one DP assigned, BG1 contains other roles as well, BG2 only DP. I'm distributing an OS only to the DP in BG2 assuming a client in BG2 will be able to contact the DP and download the OS from the DP.
    So I use the default settings within the TS and selected the following deployment options:
    "Download content locally when needed by the running task sequence"
    That fails with error code 0x80070002. It seems as if the client will contact the DP in BG1 to download the OS, but it fails for sure, because the OS has not been distributed there. How can I check which DP the client contacts during OSD?

    If I activate the following two options , everything works fine:

    1. Within the TS step "Apply Operating System" enable "Access content directly from the distribution point"
    2. Properties of the OS Image, Data Access and enable "Copy the content in this package to a package share on distribution points"

    Is there a chance to get the content downloaded from the DP in BG2 without having the content also available on the DP in BG1? Any ideas? 


    Kind regards, Thomas

    Monday, February 17, 2020 12:28 PM

Answers

  • Everything done what you suggested - but the help of Prajwal Desai I could solve the issue;

    https://www.prajwaldesai.com/sccm-osd-error-socket-connect-failed-8007274d/

    Long story short:

    It's not enough to import the ConfigMgr Client Distribution Point Certificate onto the "Communication" tab of the DP properties, you also need to assign that certificate as a web server certificate in the IIS console of the particular DP. After that the deployment runs without issues.

    I will keep on testing, for the moment we can set the issue to be "solved" ...


    Kind regards, Thomas

    Tuesday, February 18, 2020 3:23 PM

All replies

  • Hi,

    Thanks for posting in TechNet.

    1.The error 0x80070002 means "The system cannot find the file specified". This is often seen when the DP can't be reached. May we know what version of Configuration Manager you are using? Please also help check if you have configured the Network Access Account? Please refer to:
    Task Sequence Failed With The Error Code 0x80070002

    2.In the smsts.log, we can see which DP is in use. Please refer to the following article to export the smsts.log to troubleshoot the task sequence error.
    SCCM: How to copy SMSTS.log when a Task Sequence fails

    Thanks for your time.

    Best regards,
    Simon

    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Monday, February 17, 2020 1:07 PM
  • Hi Simon, 

    yes, I know about the meaning of the 0x80070002 error message and it seems that the client will contact the DP in BG1 instead of the DP in BG2, where the client is assigned to (same network). And for sure, the OS is not distributed to the DP in BG1, because the DP in BG2 should be used for the deployment.

    And apparently I cannot see from SMSTS.log, which DP will be contacted and why (as I suppose) the client will try to connect the DP in BG1 instead of connecting the DP in BG2 as desired.

    The NAA-Account has been configured correctly, otherwise there would be issues with the clients on BG1 as well.

    Any further hints appreciated why the client connects to the wrong DP!


    Kind regards, Thomas

    Monday, February 17, 2020 1:30 PM
  • Hi, 

    Thanks for your reply.

    1. If possible, please help check the Firewall settings and make sure the clients in BG2 can communicate with its assigned DP in BG2. May we know how many clients are facing the issue, all the clients in BG2 or only some of them?
    Please refer to: Ports used by Configuration Manager clients and site systems

    2. Please also help double check the boundaries and boundary groups configuration to make sure the clients are within correct boundary groups.

    Thanks for your time.

    Best regards,
    Simon

    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Tuesday, February 18, 2020 3:04 AM
  • Hi Simon,

    thank you for your quick answer again. I cannot see any kind of errors within the smsts.log file. From the status query messages for the affected client I can see the following issues:

    "The task sequence execution engine failed executing the action (Apply Operating System) in the group (Install Operating System) with the error code 2147942402
    Action output: ... p,2121)
    installer.install(), HRESULT=80070002 (installimage.cpp,2187)
    Closing image file \\dp2.domain.local\SMSPKGD$\P01000B7\SMS Windows 10 Enterprise x64 LTSC 2019 German.wim
    ReleaseSource() for \\dp2.domain.local\SMSPKGD$\P01000B7\.
    reference count 1 for the source \\dp2.domain.local\SMSPKGD$\P01000B7\ before releasing
    Released the resolved source \\dp2.domain.local\SMSPKGD$\P01000B7socket 'connect' failed; 8007274cSending with winhttp failed; 80072ee2
    SendResourceRequest() failed. 80072ee2
    Download() failed. 80072ee2.
    Failed to resolve source for configuration file package P01000B5 (80070002)
    Installation of image 1 in package P01000B7 failed to complete..The system cannot find the file specified. (Error: 80070002; Source: Windows)
    InstallImage( g_InstallPackageID, g_ImageIndex, targetVolume, ImageType_OS, g_ConfigPackageID, g_ConfigFileName, bOEMMedia, g_RunFromNet ), HRESULT=80070002 (applyos.cpp,513). The operating system reported error 2147942402: The system cannot find the file specified. "

    "The task sequence execution engine failed executing the action (Setup Windows and Configuration Manager) in the group (Setup Operating System) with the error code 2147500037
    Action output: ==============================[ OSDSetupWindows.exe ]===========================
    Command line: "OSDSetupWindows.exe"
    Running module version 5.0.8913.1000 from location 'X:\sms\bin\x64\OSDSetupWindows.exe'
    this->answerFilePath.empty() == false, HRESULT=80004005 (setupwindows.cpp,351)
    setup.run(), HRESULT=80004005 (setupwindows.cpp,1652)
    Exiting with code 0x80004005. The operating system reported error 2147500037: Unspecified error"

    Remarks:

    P01000B5 is the package with the unattend.xml file, which has for sure been distributed to dp2 as well. Both, the ini-file and the xml-file can be found on dp2.

    Regarding Firewalls:

    Yes, there is a network firewall with all required ports open. When I run a trace for the particular client I cannot see any dropped or blocked packages. The Windows Firewall has also be configured properly, but is currently disabled for troubleshooting purposes.

    Regarding Boundaries:

    10.10.10.1 - 10.10.10.255 IP-range BG2
    192.168.28.1 - 192.168.28.255 IP-range BG1

    Boundary Groups:

    BG2: 
    - Use this boundary group for site assignment: P01 (only one primary site in place)
    - Site server systems: DP2 (is actually Distribution point, Management point)
    - Relationship: No fallback boundary group times per site system role defined
    - Options: No options like peer download or cloud based sources defined

    BG1:
    - Use this boundary group for site assignment: P01 (only one primary site in place)
    - Site server systems: DP1 (is actually Asset Intelligence synchronization point, Component server, Distribution point, Endpoint Protection point, Management point, Reporting services point, Server connection point, Site database server, Site server, Site system, SMS Provider, Software update point)
    - Relationship: No fallback boundary group times per site system role defined
    - Options: Allow peer downloads in this boundary group

    Am I something missing? Do I need additional roles on DP2? If I add DP1 as a site server in BG2, all content will be downloaded from DP1 instead of DP2.

    Deployments within BG1 connecting to DP1 are running fully properly without any issues.

    And finally, yes - the Background Intelligent Transfer Service is running.

    Any further ideas?

     

    Kind regards, Thomas

    Tuesday, February 18, 2020 8:52 AM
  • Hi Thomas,

    Thanks for your detailed information.

    1.If possible, please try the following steps.:
    Create two Task Sequence Variables at the very top of your TS.
    SMSTSDownloadRetryCount = 5
    SMSTSDownloadRetryDelay = 15

    A similar thread for your reference:
    OSD TS Fails during package download - SendWinHttpRequest failed. 80072ee2

    2. Please help check the package P01000B7 and its files under \\dp2.xxx.local\SMSPKGD$\P01000B7. How about redistribute the OS image?

    Thanks for your time.

    Best regards,
    Simon

    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Tuesday, February 18, 2020 3:11 PM
  • Everything done what you suggested - but the help of Prajwal Desai I could solve the issue;

    https://www.prajwaldesai.com/sccm-osd-error-socket-connect-failed-8007274d/

    Long story short:

    It's not enough to import the ConfigMgr Client Distribution Point Certificate onto the "Communication" tab of the DP properties, you also need to assign that certificate as a web server certificate in the IIS console of the particular DP. After that the deployment runs without issues.

    I will keep on testing, for the moment we can set the issue to be "solved" ...


    Kind regards, Thomas

    Tuesday, February 18, 2020 3:23 PM
  • Hi Thomas,
     
    Thanks very much for your sharing and feedback. It may help others who have similar issue.  Here's a short summary for the problem. 
     
    Problem/Symptom:
    ===================
    The client in BG2 downloaded content from another DP in BG1 rather than its assigned DP in BG2.

    Solution:
    ===================
    It's not enough to import the ConfigMgr Client Distribution Point Certificate onto the "Communication" tab of the DP properties, we also need to assign that certificate as a web server certificate in the IIS console of the particular DP. 
     
    It's appreciated if you could mark your reply as answer, that will help other users to search for useful information more quickly. Thank you!

    Best regards,
    Simon 

    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Wednesday, February 19, 2020 2:07 AM