Sending with Winhttp failed 80072f8f during SCCM OSD

After upgrading the ConfigMgr 1902 to version 1910, my OSD didn’t work at all. The smsts.log file revealed sending with Winhttp failed 80072f8f error. In this post I will help you to fix this error.

This is my 100th SCCM troubleshooting post and I feel delighted to have published so many posts just on troubleshooting Configuration Manager. This also shows how vast is Configuration Manager when it comes to troubleshooting the issues.

So I setup my SCCM lab by installing Configuration Manager 1902 using baseline media. Since then there have been no baseline versions released. The OSD, application deployment and almost everything worked well.

This week I decided upgrade ConfigMgr version 1902 to 1910. After installing update 1910, something broke the operating system deployment. I am sure the update 1910 installed correctly without any errors.

I was using PKI in my setup and both management point and distribution server configured to run on HTTPS. On the distribution point server, the PKI certificate imported was already imported. In my previous posts on PKI, I had mentioned the importance of this certificate. The certificate authenticates DP to a HTTPS-enabled management point.

On PXE booting a VM, I could see the boot image loaded fine. However nothing appeared except the below screen. So basically the tasks sequence never loaded.

SCCM OSD Error

Since I had enabled command support under the boot image properties, I could open a command prompt by using F8 key. Checking the smsts.log file using CMTrace showed the actual error.

Sending with winhttp failed; 80072f8f. retrying
Retrying and Ignoring date security failures.
AsyncCallback() WINHTTP_CALLBACK_STATUS_SECURE_FAILURE Encountered
dwstatusinformationlength is 4
WINHTTP_CALLBACK_STATUS_FLAG_INVALID_CA is set
sending with winhttp failed; 80072f8f

Sending with Winhttp failed 80072f8f

Fix SCCM OSD Error Sending with Winhttp failed 80072f8f

In your SCCM setup, if you notice PXE boot issues and sending with Winhttp failed 80072f8f you can fix that easily. I found the actual solution in technet forum thread.

If your SMSTS.log file contains WINHTTP_CALLBACK_STATUS_FLAG_INVALID_CA line, it means that CA that issued your certs is not trusted. Hence the SCCM task sequence doesn’t load after you see that screen (screenshot 1).

Most of all check the SCCM Site properties and you will notice that Root CA is not specified. Without this, the PXE and media boot clients won’t trust the CA that issued the certs which is your issue. This was exactly the reason why I saw sending with Winhttp failed 80072f8f.

Missing Root Certificate

So under the Site Properties, I specified the Root CA. Restarted the WDS service once.

Specify Root Certificate

PXE booting the client again showed the SCCM task sequence on the screen. I hope this post helps you in fixing the sending with winhttp failed 80072f8f error.

Fix Sending with Winhttp failed 80072f8f

Related Posts
guest
12 Comments
Newest
Oldest Most Voted
Inline Feedbacks
View all comments
Brett Vice

Thanks Prajwal, amazing content as always.

Marc

Thank you, this helped me, had a wrong root certificate at the beginning…

Mathias

I know little to nothing in regards of Certificates.
What is the root CA exactly? Looking at the local cert under Trusted Root CA i have Microsoft Root CA which i tried to export and apply but that didn’t work.
Is it something i need to create myself?

Dwijen

I have the same issue and I can’t seem to boot using PXE. Getting the following error, “[TSMESSAGING] AsyncCallback(): WINHTTP_CALLBACK_STATUS_SECURE_FAILURE Encountered SMSPXE 04/02/2020 09:48:53 3596 (0x0E0C)
[TSMESSAGING] : dwStatusInformationLength is 4
SMSPXE 04/02/2020 09:48:53 3596 (0x0E0C)
[TSMESSAGING] : *lpvStatusInformation is 0x20
SMSPXE 04/02/2020 09:48:53 3596 (0x0E0C)
[TSMESSAGING] : WINHTTP_CALLBACK_STATUS_FLAG_CERT_DATE_INVALID is set
SMSPXE 04/02/2020 09:48:53 3596 (0x0E0C)
[TSMESSAGING] AsyncCallback(): —————————————————————– SMSPXE 04/02/2020 09:48:53 3596 (0x0E0C)

Cert is specified and HTTPS only option is ticket.

Anyone any ideas?

Thanks

Saurabh

Hi Prajwal, thank you this worked fine.

Manuel Pena

Hello, My mistake was that I can see what I needed is to set a Trusted Root Cert but I wasn’t sure which cert I needed to use. I thought it was the IIS Cert or DP Cert or Client Cert that I created but none worked. So assumed that it was the Root Trusted Certificated Authority so when I exported it and set it that did the trick. Kinda confusing for me since this will be my first time changing my production from self signed cert to PKI and this was the only part on my test environment that… Read more »

Rene hansen

Still getting the 80072f8f here – I wonder what the heck is going on.

[TSMESSAGING] AsyncCallback(): WINHTTP_CALLBACK_STATUS_SECURE_FAILURE Encountered TSPxe 2019-12-30 18:54:47 1612 (0x064C)
[TSMESSAGING] : dwStatusInformationLength is 4
[TSMESSAGING] : *lpvStatusInformation is 0x8
[TSMESSAGING] : WINHTTP_CALLBACK_STATUS_FLAG_INVALID_CA is set
Error. Received 0x80072f8f from WinHttpSendRequest. TSPxe 2019-12-30 18:54:47 1612 (0x064C)

Nate

I too have been fighting with this for a few days now. I’m not sure what is going on. I suspect that I have made a mistake with my certificates as I recently turned on HTTPS only. My end game is to be able to use The Bitlocker Feature in 1910.

When I first set up my certs I was able to get PXE to work. It’s just the task sequence that I can’t access. Is there something I’m missing in my IIS setup?

Rohit

I am getting the same error ,post updating from “Use PKI client ” to “Use Configuration manager generated certificate” .

Question :- Do we still need to use Trusted root certificate with “config manager self signed certificate”

MICHAEL COURVILLE

I’ve been fighting this all morning with my OSD process. I put the root CA in place and was doing some more googling while waiting for my VM to download the boot image and THEN ran across this post, which would have saved me three hours this morning. LOL. Thanks!

This website uses cookies to improve your experience. We'll assume you're ok with this, but you can opt-out if you wish. Accept Read More