Hi, I’m in a rather weird position that has me hung up. I did some work cleaning up a customer’s PKI as they had some invalid CDPs being specified in their certificates. In the end we opted to publish our CRLs to LDAP and HTTP locations to fix this issue. I went about issuing the certificates for the primary site server, the first one was used for the DP/MP/WSUS roles and the second for PXE. I also issued client certificates as well.
Everything is working from client communication to updates deployment but PXE keeps failing with a black screen after booting. I’ve taken certutil.exe and validated both the CRLs with –URL and the validity of the certificates using –verify. If I look into the SMSPXE.log on the server I see quite a few things going wrong but I haven’t been able to resolve them. Here is a quick overview of what I see as potential problems, I can post more of the log if it helps anyone. [cid:[email protected]] 1. I just rebuilt the image yet I am still being told to update it. It is even more confusing because it was built from scratch when the new certificate was configured and confirmed to be in the running configuration through the SMSPXE.log. 2. I still can’t find much on this task sequence variable and I am not sure if this is one of those SCCM errors you can ignore or is it linked to our issue. 3. I still can’t find much on this task sequence variable and I am not sure if this is one of those SCCM errors you can ignore or is it linked to our issue. 4. I keep seeing this in the logs but it just does not make sense. The best match I get suggests that the distribution point is using a self-signed certificate which it is not from the checks I have done in the SMSPXE.log. There is another that suggests you have the wrong root CA certificate configured in SCCM which I did re-confirm the right one is in place. I’ve tried chasing a number of forum posts but I can’t seem to get anywhere. I am open to suggestions as to where to go next. Any takers?
