SCCM OSD Error Socket Connect Failed 8007274d

SCCM OSD Error Socket Connect Failed 8007274d – Recently I came across an operating system deployment issue. In one of the remote sites the SCCM OSD failed with a rare error. I say this rare because I haven’t seen this issue before. Upon checking the smsts.log file revealed socket connect failed 8007274d. With the PKI in place, the communication between clients and DP’s was secured using HTTPS. The certificate imported on distribution point was valid.

The distribution point had the PKI certificate imported. In my previous posts on PKI, I had mentioned the importance of this certificate. The certificate authenticates DP to a HTTPS-enabled management point. This is just before the distribution point sends status messages. When the Enable PXE support for clients distribution point option is selected, the certificate is sent to computers that PXE boot. Therefore using this certificate they connect to a HTTPS-enabled management point during the OSD. In the smsts log file, i found the following lines.

socket ‘connect’ failed; 8007274d. sending with winhttp failed; 80072efd

However I was curious to find out what error 8007274d translates to. So here is something that I found.

Error 8007274d = No connection could be made because the target machine actively refused it.

Error 80072efd = A connection with the server could not be established

SCCM OSD Error Socket Connect Failed 8007274dSCCM OSD Error Socket Connect Failed 8007274d

Here are the steps to fix the SCCM OSD error socket connect failed 8007274d.

  1. First of all login to the distribution point server. Run the mmc command, load the Add or Remove Snap-ins dialog box, select Certificates from the list and click Add. Select Computer account and in next step ensure Local computer is selected. In the console, expand Certificates (Local Computer), and then click Personal > Certificates. Ensure the correct certificates are in place.
  2. Next step, launch IIS Manager > right click Default web site and click Edit Bindings. Ensure HTTPS is listed along with HTTP. Edit HTTPS and select a valid certificate. Most of all check this post for exact steps.
  3. Finally perform an iisreset and try the OSD.

In conclusion if the above steps did not fix your issue or if something else worked, please mention it in comments.


  1. Hi, I tried to remote to a NON-Domain Client PC from an ON-Domain PC via the CmRcViewer but COULDN’T. It failed all the time. Based on the windows CmRcViewer.LOG, I allowed port 2701 in Client Firewall…Remote Desktop/Assistance is enabled correctly. Following is the error log if you can help out to resolve problem. Thanks


  2. it was a nasty issue.. none of the above worked. problem was wrong dns record. (dns record not updated with dhcp lease renewal) .. upon rectifying dns forward lookup and reverse lookup it worked!! this is worth adding in this article..

  3. We dont have https setup but i’m seeing this error in the smsts log.

    Machine is being build but its not joinning to domian. No changes made to any settings

    1. Avatar photo venkatesh govindaraju says:

      is the issue resolved, can you plz help me with the solution i too have the same issue

  4. Avatar photo Alexander Brau says:

    When you say correct certificate you mean a Webserver cert for SCCM IIS?

  5. Avatar photo Thomas Langhans says:

    Thank you for that hint! Indeed, it’s not sufficient to add the certificates during the DP Installation, you’ll need to put them to the DP’s computer certificate store as well and assign it to the Default Web Site!

    1. Yes that’s correct, you must always assign the correct certificate under IIS.

  6. I received this error when trying to use peer cache to upgrade from Windows 1803 to Windows 1909, i want to use a machine that’s in the same location same subnet. it fails and eventually connects to our DP server and download from there.

    1. Hi Dante,
      I am struggling with the same issue and peer cache. No problem downloading from the DP but from the super peer, just keeps showing this error. Were you able to resolve this??

  7. I am receiving this error on a DVD load from a create task sequence media. what would cause that?

    1. I have no idea why would it occur during create task sequence media but it is always worth checking the log files to determine the issue. Sometimes the error code might be same but resolutions differ.

  8. I checked and confirmed all the settings as per your suggestions and they are all in place, however our technicians in one of our sites getting these error messages from the DP.

  9. Were they failing consistently? We’ve had this happening sporadically for a over a year. When it fails, trying it again the next days often works. Hard to troubleshoot. Extremely frustrating.

    1. Yes this issue was consistent and after applying the right certificate, it all worked.

  10. Avatar photo Felipe Horta says:

    Hi Prajwal, i have a similiar problem, but the error code is different

    <![LOG[sending with winhttp failed; 80072efd]

    i created a OSD task , in site primary this task execute with sucess but in my DPs i have this problem

    1. Avatar photo Dinesh Kashyap says:

      Even I have started facing this issue after SCCM 1806 upgrade recently. Its happening randomly and not on every machine which is really frustrating for us and not able to find root cause for the problem.

      1. Could you be able to expand on how to start the process of addressing DNS/networking issues? For example, is there something I can check locally via command line or if I have to go to Network Services, what is it that needs to be conveyed to illustrate that it is a DNS/networking issue?

      2. Avatar photo Emmanuel Burgos says:

        When I get this error, I notice that I do a telnet to port 80 locally it works correctly, but if I do a telnet from another computer I get an error. Even with firewall turned off and the antivirus uninstalled.

        1. Avatar photo says:

          Solution: run command on DP without quotation marks “netsh http delete iplisten ::”

Leave a Reply

Your email address will not be published. Required fields are marked *