SHASHIDUBEY01 Posted May 18, 2020 Report post Posted May 18, 2020 HI Everyone, I hoe this email finds you in your best health. I have been trying to fix an issue where the machines from a particular locations are failing to PXE boot giving an error which I haven't faced yet so I need your expertise to find out the root cause of it. For a specific site all the machines are failing to PXE boot and when we checked the log to find the exact reason for it it says: "AsyncCallbacl():WINHTTP_CALLBACK_STATUS_SECURE_FAILURE ENCOUNTERED. dwStatusInformationLength is 4. IPVSTATUSInformation is 0x20 WINHTTP_CALLBACK_FLAG_CERT_DATE_INVALID is set.. Error Received 0x80072f8f from winHttpSendRequest. I have checked everywhere and its is only happening for a specific location in our environment else everything else is working just fine. I hope I could have your expertise in figuring out what I am missing and how to make it go away? Regards, Shashi Dubey Quote Share this post Link to post Share on other sites More sharing options...
SHASHIDUBEY01 Posted May 19, 2020 Report post Posted May 19, 2020 Dear Sir, Kindly reply to my query. Regards, Shashi Dubey Quote Share this post Link to post Share on other sites More sharing options...
Peter33 Posted May 19, 2020 Report post Posted May 19, 2020 Make sure you have a valid certificate bound to your IIS default site for the Distribution Point. 1 Quote Share this post Link to post Share on other sites More sharing options...
SHASHIDUBEY01 Posted May 20, 2020 Report post Posted May 20, 2020 HI Peter, Kindly check the screenshot the Root cert is already inserted and attached are the options used for the site system. We have enabled the options use PKi certificate for authentication when available but are communication are chosen to be used either HTTP or HTTPS but on the face of below option are the clients communicating on HPPS would also use PKI certificate?? Kindly correct me if I am wrong. Regards, Shashi Dubey Quote Share this post Link to post Share on other sites More sharing options...
Peter33 Posted May 20, 2020 Report post Posted May 20, 2020 Hello Shashi, Since you already have configured the PKI Option, you should not chose to activate self signed certs also. Especially if you are planning to use the Co-management option later on. This also goes for the CRL option if your CRL is not published to the Internet. The Configuration in your Screenshot covers only the Management Point configuration. You still need to configure the Web Server certificate and a client certificate for your PE boot images. Make sure that you follow Nialls instructions to the letter and you will be fine. Quote Share this post Link to post Share on other sites More sharing options...
SHASHIDUBEY01 Posted May 21, 2020 Report post Posted May 21, 2020 HI Peter, Thanks a tons for getting back to me on this :). The info and article provided here is just so amazing and I can't thank you enough for this. This has really made my long pending doubts with the IIS and cert absolutely clear. Again thanking you so much for befitting and crystal reply. Stay safe and appreciate the help.Hope to keep on having your assistance going further on some other issues :). Regards, Shashi Dubey Quote Share this post Link to post Share on other sites More sharing options...
Peter33 Posted May 22, 2020 Report post Posted May 22, 2020 Hello Shashi, you're very welcome and stay safe yourself too. So long Peter 1 Quote Share this post Link to post Share on other sites More sharing options...
