SCCM OSD Failed to create certificate store from encoded certificate

One of the IT guy reported that OSD stopped working in a remote site. The DP in this remote site was up and running. When they PXE booted the clients, they saw the PXE-E53: No boot filename received. In the past we already dealt with issues related to No boot filename received. Not one but there could be many reasons to why you see that error. The IT guy mentioned that he had already performed the below steps. Seems like he did the best he could.

  • Uninstall PXE and Multicast on distribution point.
  • Verify WDS role removal.
  • Bounced the Distribution point.
  • Enable PXE and Multicast again on DP.
  • Redistribute both x86 and x64 boot images.

Even after performing above steps, the issue still persisted. I don’t think those steps were required to be done without analyzing some log files. So when i asked the IT guy to send over the log files, the errors were found after i analyzed them. These errors helped me to troubleshoot the issue and find a fix.

SCCM OSD Failed to create certificate store from encoded certificate

SCCM Troubleshooting always begins by analyzing log files. If you observe carefully, the lines from smsdpusage.log file will give some info about this issue. Failed to create certificate store from encoded certificate. The specified network password is not correct. Failed to initialize DP usage object.

Snippet from smsdpusage.log file.

Snippet from smsdvprov.log file.

The IT guy told me that the DP was running on HTTPS mode. He also mentioned that PKI was configured in the setup. Probably that gave me enough hint to realize that it might be an issue with certificates. Either the certificates could have expired or it could be an issue with certificate itself.

Logging in to the distribution point, i noticed that the distribution point certificate had expired. If you don’t know what this certificate is, please refer my SCCM PKI step by step guide. I am not sure why was it not auto-renewed. However i considered to delete the expired certificate and requested a new certificate. In addition I choose to delete both distribution point and web server certificate, imported new ones. Exported the distribution point certificate with a password. Assigned the certificate under distribution point properties. Opened IIS, assigned the correct SSL certificate under default website > bindings > HTTPS. Restarted the WDS service and voila the OSD worked fine.

You might also like

Leave a Reply

This website uses cookies to improve your experience. We'll assume you're ok with this, but you can opt-out if you wish. AcceptRead More