Jump to content


  • 0
Paul H

Creating Boot Media in Native mode

Asked by Paul H

Question

Paul H Newbie

Paul H

Posted
Posted

Hi all,

 

We've setup SCCM 2007 r3 in native mode on a server 2008 r2 sp1 OS.

MDT2010 also installed

site server signing certificate web server certificate and client certificate are OK.

But now i want to create Task sequence boot media.

What has been done so far..

Duplicated the SCCM client certificate template and set the allow private key to be exported switch

From a freshly (manually) installed windows 7 sp1 machine requested a certificate from the duplicated template.

Exported this certificate with the private key and tried to use this in the boot media.

 

basically thats what it says here: http://technet.microsoft.com/en-us/library/bb632961.aspx

 

We keep getting "Unspecified error, refer to CreateMedia.log"

In that log it states: "Could not get name from cert context"

 

At first, while requesting the cert, we did not bother to fill in any fields in the properties. After a fail we tried filling in the common name, friendly name and description in various combinations all resulting in "Could not get name from cert context""

 

Could this be a SP1 issue? Or are we filling in the wrong fields or missing something else.

I've also seen an extra setting to be applied to the CA: "certutil -setreg policy \EditFlags +EDITF_ATTRIBUTESUBJECTALTNAME2" to add the SAN attribute. This is something we do not have. Could that be the problem? The CA administrator is reluctant to try this, i'm looking for arguments here...

 

 

 

Any help would be appreciated...

Thanks in advance.

Share this post

Link to post
Share on other sites

2 answers to this question

Recommended Posts

  • 0
Paul H Newbie

Paul H

Posted
Posted

by now i'm convinced the certutil -setreg policy \EditFlags +EDITF_ATTRIBUTESUBJECTALTNAME2 on the CA is absolutely necessary.

 

But i still get the same error: Could not get name from cert context

 

i created a windows7 VM. From that machine i requested a certificate. in the wizard i open the properties of the request and fill friendly name, description, common name and alternate name. I tried several combinations including not filling in anything and leaving out some fields. Always the same result: FAIL.

 

Can anybody tell me which fields i have to fill and what do i have to fill them with?

 

Can i keep the VM on which i requested and installed the certificate while i try to create the bootmedia or do i have to delete it (and remove it from AD and DNS)?

 

i'm going ballistic here.. please help!

Share this post

Link to post
Share on other sites
  • 0
Peter van der Woude Newbie

Peter van der Woude

Posted
Posted (edited)

Take a look here: http://www.myitforum.com/forums/OSD-certificate-for-boot-Media-in-Native-mode-is-a-nightmare-m225360.aspx (it's all about the common name)

 

The command certutil -setreg policy \EditFlags +EDITF_ATTRIBUTESUBJECTALTNAME2 is needed when you need to use multiple SANS (like with Internet Clients)

Edited by Peter van der Woude
Had the wrong link...

Share this post

Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Answer this question...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
×
Go to question listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.