After SCCM CU 1810 update 4488598, in PKI enviroment, PXE, Windows PE cannot get auth tokens

Copper Contributor

Installed update 4488598 last week and now our pxe booting is failing. Release notes says that this [Unable to get the DP auth token from MP] issue was resolded on update #4488598, but it actualy appears after this update.

 

Does anyone knows if there any workarounds for this problem, like tweaking IIS or so or do we just have to wait next sccm update?

 

 

Regards,

 

Petri Asikainen

 

<![LOG[Retrieving DP Auth token from MP.]LOG]!><time="14:49:27.220-180" date="04-12-2019" component="TSPxe" context="" type="1" thread="1436" file="utils.cpp:6840">
<![LOG[ Setting URL = https://SKAOAS17.corpdomain.local, Ports = 80,443, CRL = false]LOG]!><time="14:49:27.220-180" date="04-12-2019" component="TSPxe" context="" type="0" thread="1436" file="utils.cpp:7062">
<![LOG[ Setting Server Certificates.]LOG]!><time="14:49:27.220-180" date="04-12-2019" component="TSPxe" context="" type="0" thread="1436" file="utils.cpp:7090">
<![LOG[ Setting Authenticator.]LOG]!><time="14:49:27.220-180" date="04-12-2019" component="TSPxe" context="" type="0" thread="1436" file="utils.cpp:7097">
<![LOG[Sending Peer Token Request]LOG]!><time="14:49:27.220-180" date="04-12-2019" component="TSPxe" context="" type="1" thread="1436" file="libsmsmessaging.cpp:4929">
<![LOG[Setting the authenticator.]LOG]!><time="14:49:27.251-180" date="04-12-2019" component="TSPxe" context="" type="0" thread="1436" file="libsmsmessaging.cpp:1527">
<![LOG[CLibSMSMessageWinHttpTransport::Send: WinHttpOpenRequest - URL: SKAOAS17.corpdomain.local:443 CCM_POST /ccm_system_AltAuth/request]LOG]!><time="14:49:27.251-180" date="04-12-2019" component="TSPxe" context="" type="1" thread="1436" file="libsmsmessaging.cpp:9946">
<![LOG[SSL - using authenticator in request.]LOG]!><time="14:49:27.251-180" date="04-12-2019" component="TSPxe" context="" type="1" thread="1436" file="libsmsmessaging.cpp:10081">
<![LOG[In SSL, but with no client cert]LOG]!><time="14:49:27.251-180" date="04-12-2019" component="TSPxe" context="" type="1" thread="1436" file="libsmsmessaging.cpp:10102">
<![LOG[In SSL, but with no media cert]LOG]!><time="14:49:27.251-180" date="04-12-2019" component="TSPxe" context="" type="1" thread="1436" file="libsmsmessaging.cpp:10108">
<![LOG[Request was successful.]LOG]!><time="14:49:27.282-180" date="04-12-2019" component="TSPxe" context="" type="0" thread="1436" file="libsmsmessaging.cpp:10303">
<![LOG[::DecompressBuffer(65536)]LOG]!><time="14:49:27.282-180" date="04-12-2019" component="TSPxe" context="" type="0" thread="1436" file="ccmzlib.cpp:739">
<![LOG[Decompression (zlib) succeeded: original size 2545, uncompressed size 6858.]LOG]!><time="14:49:27.282-180" date="04-12-2019" component="TSPxe" context="" type="0" thread="1436" file="ccmzlib.cpp:651">
<![LOG[ Setting URL = https://SKAOAS17.corpdomain.local, Ports = 80,443, CRL = false]LOG]!><time="14:49:27.282-180" date="04-12-2019" component="TSPxe" context="" type="0" thread="1436" file="utils.cpp:7062">
<![LOG[ Setting Server Certificates.]LOG]!><time="14:49:27.282-180" date="04-12-2019" component="TSPxe" context="" type="0" thread="1436" file="utils.cpp:7090">
<![LOG[ Setting Authenticator.]LOG]!><time="14:49:27.282-180" date="04-12-2019" component="TSPxe" context="" type="0" thread="1436" file="utils.cpp:7097">
<![LOG[hCertStore != NULL, HRESULT=80070490 (..\resolvesource.cpp,2086)]LOG]!><time="14:49:27.282-180" date="04-12-2019" component="TSPxe" context="" type="0" thread="1436" file="resolvesource.cpp:2086">
<![LOG[No cert available for decoding.]LOG]!><time="14:49:27.282-180" date="04-12-2019" component="TSPxe" context="" type="3" thread="1436" file="resolvesource.cpp:2086">
<![LOG[ParseTokenFromResponse() failed. 0x80070490]LOG]!><time="14:49:27.282-180" date="04-12-2019" component="TSPxe" context="" type="3" thread="1436" file="resolvesource.cpp:2099">
<![LOG[ParseTokenFromResponse (sReply.c_str(), sToken), HRESULT=80070490 (..\resolvesource.cpp,2143)]LOG]!><time="14:49:27.282-180" date="04-12-2019" component="TSPxe" context="" type="0" thread="1436" file="resolvesource.cpp:2143">
<![LOG[ParseTokenFromResponse() failed.]LOG]!><time="14:49:27.282-180" date="04-12-2019" component="TSPxe" context="" type="2" thread="1436" file="resolvesource.cpp:2143">
<![LOG[GetDPAuthDownloadToken() failed. 80070490]LOG]!><time="14:49:27.282-180" date="04-12-2019" component="TSPxe" context="" type="3" thread="1436" file="resolvesource.cpp:2147">
<![LOG[Unable to get the DP auth token from MP]LOG]!><time="14:49:27.282-180" date="04-12-2019" component="TSPxe" context="" type="2" thread="1436" file="utils.cpp:6843">
<![LOG[No content source files for selected task sequence.]LOG]!><time="14:49:27.282-180" date="04-12-2019" component="TSPxe" context="" type="1" thread="1436" file="tspolicy.cpp:3779">
<![LOG[Getting policy for CCM_SoftwareDistribution[AdvertID="C01201CC", PackageID="C0100002", ProgramID="*"]]LOG]!><time="14:49:27.282-180" date="04-12-2019" component="TSPxe" context="" type="0" thread="1436" file="tspolicy.cpp:2618">

1 Reply

 

Turns out that this was not related to PKi auth or update 4488596.

 

Some content that tasksequence was using was not replicated to distribution points, even that monitoring content status shows green on all DPs. After redistributing problematic package task sequence runs fine. 

 

There was following entries in smsts.log

<![LOG[Content location request for C0100333:1 failed. (Code 0x80040102)]LOG]!><time="14:49:29.609-180" date="04-12-2019" component="TSPxe" context="" type="3" thread="1436" file="tspolicy.cpp:2047">
<![LOG[hr, HRESULT=80040102 (..\tspolicy.cpp,2924)]LOG]!><time="14:49:29.609-180" date="04-12-2019" component="TSPxe" context="" type="0" thread="1436" file="tspolicy.cpp:2924">
<![LOG[Failed to resolve PackageID=C0100333]LOG]!><time="14:49:29.609-180" date="04-12-2019" component="TSPxe" context="" type="3" thread="1436" file="tspolicy.cpp:2924">