none
Enabling HTTPS on MP and DP breaks PXE RRS feed

  • Question

  • I have configured a client auth cert issued by our CA on all of our PXE servers. I have enabled HTTPS on the MP and on the DP. I have even created a webserver cert and bound ssl on the PXE DP with the same CA generated cert. I have reinstalled the PXE on a DP, redistributed the boot image. still getting the same errors.

    <code>

    MACADDRESS, DD097655-B3BB-11E6-A2D4-3BB2E60260BB: Not serviced.    SMSPXE    2/14/2020 5:05:54 PM    3692 (0x0E6C)
    ============> Received from client:    SMSPXE    2/14/2020 5:05:54 PM    6292 (0x1894)
     Operation: BootRequest (1)  Addr type: 1 Addr Len: 6 Hop Count: 0 ID: 10C2D1FF
     Sec Since Boot: 0 Client IP: 266.266.266.266 Your IP: 000.000.000.000 Server IP: 000.000.000.000 Relay Agent IP: 000.000.000.000
     Addr: c8:d3:ff:d1:c2:10:
     Magic Cookie: 63538263
     Options:
      Type=53 Msg Type: 3=Request
      Type=60 ClassId: PXEClient
      Type=97 UUID: 00557609ddbbb3e611a2d43bb2e60260bb
      Type=93 Client Arch: Intel x86PC
      Type=250 0c01010d0208000e010001020006ff
      Type=55 Param Request List: 03013c8081828384858687    SMSPXE    2/14/2020 5:05:54 PM    6292 (0x1894)
    Using values from 'AllowedMPs' key.    SMSPXE    2/14/2020 5:05:54 PM    3692 (0x0E6C)
    Prioritizing local MP contosoSCDP01.contoso.com.    SMSPXE    2/14/2020 5:05:54 PM    3692 (0x0E6C)
    Not in SSL    SMSPXE    2/14/2020 5:05:54 PM    3692 (0x0E6C)
    RequestMPKeyInformation: Send() failed.    SMSPXE    2/14/2020 5:05:54 PM    3692 (0x0E6C)
    Unsuccessful in getting MP key information. 80004005.    SMSPXE    2/14/2020 5:05:54 PM    3692 (0x0E6C)
    PXE::MP_InitializeTransport failed; 0x80004005    SMSPXE    2/14/2020 5:05:54 PM    3692 (0x0E6C)
    Not in SSL    SMSPXE    2/14/2020 5:05:54 PM    3692 (0x0E6C)
    RequestMPKeyInformation: Send() failed.    SMSPXE    2/14/2020 5:05:54 PM    3692 (0x0E6C)
    Unsuccessful in getting MP key information. 80004005.    SMSPXE    2/14/2020 5:05:54 PM    3692 (0x0E6C)
    PXE::MP_InitializeTransport failed; 0x80004005    SMSPXE    2/14/2020 5:05:54 PM    3692 (0x0E6C)
    PXE::MP_LookupDevice failed; 0x80070490    SMSPXE    2/14/2020 5:05:54 PM    3692 (0x0E6C)
    Using values from 'AllowedMPs' key.    SMSPXE    2/14/2020 5:05:54 PM    3692 (0x0E6C)
    Prioritizing local MP contosoSCDP01.contoso.com.    SMSPXE    2/14/2020 5:05:54 PM    3692 (0x0E6C)
    Not in SSL    SMSPXE    2/14/2020 5:05:54 PM    3692 (0x0E6C)
    RequestMPKeyInformation: Send() failed.    SMSPXE    2/14/2020 5:05:54 PM    3692 (0x0E6C)
    Unsuccessful in getting MP key information. 80004005.    SMSPXE    2/14/2020 5:05:54 PM    3692 (0x0E6C)
    PXE::MP_InitializeTransport failed; 0x80004005    SMSPXE    2/14/2020 5:05:54 PM    3692 (0x0E6C)
    Not in SSL    SMSPXE    2/14/2020 5:05:54 PM    3692 (0x0E6C)
    RequestMPKeyInformation: Send() failed.    SMSPXE    2/14/2020 5:05:54 PM    3692 (0x0E6C)
    Unsuccessful in getting MP key information. 80004005.    SMSPXE    2/14/2020 5:05:54 PM    3692 (0x0E6C)
    PXE::MP_InitializeTransport failed; 0x80004005    SMSPXE    2/14/2020 5:05:54 PM    3692 (0x0E6C)
    PXE::MP_ReportStatus failed; 0x80070490    SMSPXE    2/14/2020 5:05:54 PM    3692 (0x0E6C)
    PXE Provider failed to process message.
    Element not found. (Error: 80070490; Source: Windows)    SMSPXE    2/14/2020 5:05:54 PM    3692 (0x0E6C)
    C8:D3:FF:D1:C2:10, DD097655-B3BB-11E6-A2D4-3BB2E60260BB: Not serviced.    SMSPXE    2/14/2020 5:05:54 PM    3692 (0x0E6C)
    </code>

    Saturday, February 15, 2020 1:11 AM

All replies

  • Did you configure a PKI-issued, client auth cert on the properties of the PXE-enabled DP in the ConfigMgr console?

    Have you issues unique client auth certs to all of your clients?


    Jason | https://home.configmgrftw.com | @jasonsandys

    Saturday, February 15, 2020 2:00 PM
  • Did you configure a PKI-issued, client auth cert on the properties of the PXE-enabled DP in the ConfigMgr console?

    Have you issues unique client auth certs to all of your clients?


    Jason | https://home.configmgrftw.com | @jasonsandys


    Yes. I exported the client auth cert with key, imported in the properties of each DP properties. PKI auth is working on the clients. This is pxe clients that are “unknown” no OS on them.
    16 hours 31 minutes ago