Jump to content


Rob MacLennan

SCCM 2007 OSD - Error The certificate associated with this media has expired

Recommended Posts

^ New media with a valid certificate will need to be created.

 

 

Folks, would appreciate a little help with this one, despite new certificates in Pxe and Boot I'm still getting the above error message when booting to pxe, I've even gone as far as renewing the boot images and also the main OS image to no avail.

 

Certificates are not blocked and the live certificates both don't expire until 2016.

 

Rob

Share this post


Link to post
Share on other sites


Hello Rob,

 

Are you using PXE Service Points or media? Each one of these requires its own unique certificate.
For media, there is no possibility to renew the cert, you need to create new media.For PSP, you simply need to go into the PSP's properties and create a new cert.
To determine if the Certificate is missing, expired, or blocked follow the steps below:
In the Configuration Manager Admin Console, expand Site Database --> Site Management --> <Site_Code> --> Site Settings --> Certificates.
Click on either Boot Media or PXE, depending on the method that the PC is being booted when trying to run the OSD Task Sequence.
On the right hand pane, locate the Certificate being used and see if it is blocked, expired, or missing.
To resolve the issue for missing or expired certificates on Boot Media, a new certificate needs to be created:
Recreate the Boot Media by going in the Configuration Manager Admin Console to Site Database --> Computer Management --> Operating System Deployment.
Right clicking on Task Sequences and choosing Create Task Sequence Media.
Step through the Task Sequence Media Wizard to create the appropriate media.
In the Security screen, locate the Create self-signed media certificate option.
Make sure that the Set start date is set to either today or some date in the past.
Make sure that the Set expiration date is set to some date in the future.
Finish stepping through the Task Sequence Media Wizard to finish creating the ISO or USB Flash Drive.
Go to Site Database --> Site Management --> <Site_Code> --> Site Settings --> Certificates --> Boot Media and verify that there is now a valid non-expired non-blocked Certificate.
If using CDs/DVDs, once the ISO is created, create a CD/DVD from the ISO and dispose any previous OSD CDs or DVDs.
To resolve the issue for missing or expired certificates on a PXE Service Point, a new Certificate needs to be created:
Go to Site Database --> Site Management --> <Site_Code> --> Site Settings --> Site Systems and choose the server where the PXE Service Point is located.
In the right pane, right click on the ConfigMgr PXE service point and choose Properties.
Click on the Database tab and locate the Create self-signed PXE certificate option.
Under Create self-signed PXE certificate, set the Set expiration date option to some time in the future.
Click OK.
Go to Site Database --> Site Management --> <Site_Code> --> Site Settings --> Certificates --> PXE and verify that there is now a valid non-expired non-blocked Certificate.
Update the Boot Images by going to Site Database --> Computer Management --> Operating System Deployment --> Boot Images.
Expand both the Boot image (x64) and Boot image (x86) nodes (and any custom Boot Images if present).
For each Boot Image, right click on Distribution Points and choose Update Distribution Points.
Step through the Manage Distribution Points wizard until it has completed rebuilding the Boot Images.
Restart the Windows Deployment Services (WDS) Server service.

Share this post


Link to post
Share on other sites

Thanks for taking the time to reply, sadly in the end it had nothing to do with the certificates being recreated, they were working fine.

 

The Component service had stopped and for some reason had set its self to manual, quick restart service up and away it goes again!

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...

×
×
  • Create New...