Jump to content


Recommended Posts

HI Everyone,

I hoe this email finds you in your best health.

I have been trying to fix an issue where the machines from a particular locations are failing to PXE boot giving an error which I haven't faced yet so I need your expertise to find out the root cause of it.

For a specific site all the machines are failing to PXE boot and when we checked the log to find the exact reason for it it says:

"AsyncCallbacl():WINHTTP_CALLBACK_STATUS_SECURE_FAILURE ENCOUNTERED.

dwStatusInformationLength is 4.

IPVSTATUSInformation is 0x20

WINHTTP_CALLBACK_FLAG_CERT_DATE_INVALID is set..

Error Received 0x80072f8f from winHttpSendRequest.

I have checked everywhere and its is only happening for a specific location in our environment else everything else is working just fine.

I hope I could have your expertise in figuring out what I am missing and how to make it go away?

Regards,

Shashi Dubey

IMG_7085.jpg

Share this post


Link to post
Share on other sites

Make sure you have a valid certificate bound to your IIS default site for the Distribution Point.

  • Like 1

Share this post


Link to post
Share on other sites

HI Peter,

Kindly check the screenshot the Root cert is already inserted and attached are the options used for the site system.

We have enabled the options use PKi certificate for authentication when available but are communication are chosen to be used either HTTP or HTTPS but on the face of below option are the clients communicating on HPPS would also use PKI certificate??

Kindly correct me if I am wrong.

IMG_7108.JPG.7553a5efaf38841e3664777bed7791ab.JPGRegards,

Shashi Dubey

Share this post


Link to post
Share on other sites

Hello Shashi,

Since you already have configured the PKI Option, you should not chose to activate self signed certs also. Especially if you are planning to use the Co-management option later on. This also goes for the CRL option if your CRL is not published to the Internet.

The Configuration in your Screenshot covers only the Management Point configuration. You still need to configure the Web Server certificate and a client certificate for your PE boot images.

Make sure that you follow Nialls instructions to the letter and you will be fine.

 

Share this post


Link to post
Share on other sites

HI Peter,

Thanks a tons for getting back to me on this :).

The info and article provided here is just so amazing and I can't thank you enough for this. This has really made my long pending doubts with the IIS and cert absolutely clear.

Again thanking you so much for befitting and crystal reply.

Stay safe and appreciate the help.Hope to keep on having your assistance going further on some other issues :).

Regards,

Shashi Dubey

Share this post


Link to post
Share on other sites

Hello Shashi,

 

you're very welcome and stay safe yourself too.

 

So long

Peter

  • Like 1

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
Sign in to follow this  

×
×
  • Create New...