After upgrading the ConfigMgr 1902 to version 1910, my OSD didn’t work at all. The smsts.log file revealed sending with Winhttp failed 80072f8f error. In this post I will help you to fix this error.
This is my 100th SCCM troubleshooting post and I feel delighted to have published so many posts just on troubleshooting Configuration Manager. This also shows how vast is Configuration Manager when it comes to troubleshooting the issues.
So I setup my SCCM lab by installing Configuration Manager 1902 using baseline media. Since then there have been no baseline versions released. The OSD, application deployment and almost everything worked well.
This week I decided upgrade ConfigMgr version 1902 to 1910. After installing update 1910, something broke the operating system deployment. I am sure the update 1910 installed correctly without any errors.
I was using PKI in my setup and both management point and distribution server configured to run on HTTPS. On the distribution point server, the PKI certificate imported was already imported. In my previous posts on PKI, I had mentioned the importance of this certificate. The certificate authenticates DP to a HTTPS-enabled management point.
On PXE booting a VM, I could see the boot image loaded fine. However nothing appeared except the below screen. So basically the tasks sequence never loaded.
Sending with winhttp failed; 80072f8f. retrying Retrying and Ignoring date security failures. AsyncCallback() WINHTTP_CALLBACK_STATUS_SECURE_FAILURE Encountered dwstatusinformationlength is 4 WINHTTP_CALLBACK_STATUS_FLAG_INVALID_CA is set sending with winhttp failed; 80072f8f
Fix SCCM OSD Error Sending with Winhttp failed 80072f8f
In your SCCM setup, if you notice PXE boot issues and sending with Winhttp failed 80072f8f you can fix that easily. I found the actual solution in technet forum thread.
If your SMSTS.log file contains WINHTTP_CALLBACK_STATUS_FLAG_INVALID_CA line, it means that CA that issued your certs is not trusted. Hence the SCCM task sequence doesn’t load after you see that screen (screenshot 1).
Most of all check the SCCM Site properties and you will notice that Root CA is not specified. Without this, the PXE and media boot clients won’t trust the CA that issued the certs which is your issue. This was exactly the reason why I saw sending with Winhttp failed 80072f8f.
So under the Site Properties, I specified the Root CA. Restarted the WDS service once.
PXE booting the client again showed the SCCM task sequence on the screen. I hope this post helps you in fixing the sending with winhttp failed 80072f8f error.