- Remove From My Forums
-
Question
-
I have been trying to set up System Center 2012 Configuration Manager in a test environment and am stuck at this point. I have created a task sequence to build and capture a reference machine (a VM), and whilst the VM allows me to PXE boot and run
WinPE, i don’t see the task sequence. I know the network drivers are good as I can F8 into a command prompt and check I have an IP address, as well as being able to ping the SCCM server where my distribution point is. If there is no password
set for PXE on the Distribution Point, the VM boots up into WinPE and eventually reboots after loading the network drivers. If there is a password set for PXE on the DP, the VM boots up into WinPE, I get the Welcome to the Task Sequence wizard and
prompted for the password, and then there is a short message relating to getting the policy for the computer. I will attach a screenshot shortly, just created my profile so cannot include images at this time.Having done some digging around already, I believe the specific error number relates to access denied. I’ve checked the Network Access Account being used and it is a member of Domain Admins so I would have thought that would suffice however having
not set this up previously I am not certain.I’ve checked the SMSPXE.log as well as the SMSTS.log however nothing jumps out at being amiss. Can anyone suggest what might be causing this failure? Many thanks.
Answers
-
Based upon your log, you likely have IIS problems. See
http://social.technet.microsoft.com/Forums/bs-Cyrl-BA/configmanagerdeployment/thread/baa2d7e0-599d-4bd0-a375-8905a7d0b2ffFrom your log:
401 — Authentication failure on request with anonymous access, retrying with context credentials. ApplyOperatingSystem 1/9/2013 12:20:52 PM 1412 (0x0584)
Using thread token for request ApplyOperatingSystem 1/9/2013 12:20:52 PM 1412 (0x0584)
401 — Authentication failure on request with context credentials, retrying with supplied credentials. ApplyOperatingSystem 1/9/2013 12:20:52 PM 1412 (0x0584)
401 — Authentication failure with supplied credentials. ApplyOperatingSystem 1/9/2013 12:21:07 PM 1412 (0x0584)
dwHttpResultCode>=200 && dwHttpResultCode<=299, HRESULT=80004005 (e:nts_sccm_releasesmsframeworktscoredownloadcontent.cpp,834) ApplyOperatingSystem 1/9/2013 12:21:07 PM 1412 (0x0584)
Http result: 401 ApplyOperatingSystem 1/9/2013 12:21:07 PM 1412 (0x0584)
SendResourceRequest() failed with 0x80004005 ApplyOperatingSystem 1/9/2013 12:21:07 PM 1412 (0x0584)
Nick Moseley | http://t3chn1ck.wordpress.com
-
Marked as answer by
Wednesday, January 9, 2013 5:25 PM
-
Marked as answer by
В этой статье мы расскажем, как легко и эффективно траблшутить установку Windows, выполняемую через System Center Configuration Manager (SCCM) или с помощью MDT.
Итак, мы рассматриваем ситуацию, когда выполняется task sequence, запущенный с SCCM сервера или из MDT, интегрированной с WDS. Существенной разницы нет, ведь exit коды фактически у них одинаковые для стандартных типовых шагов. также соверщенно не важно, загружали ли вы клиента с PXE или через Boot media (загрузочную срезу на USB или DVD), главное, чтобы вы попали в среду Windows PE и могли там выбрать нужный task sequence.
Exit win32 codes — коды ошибок в task sequence
Итак, представим себе, что вы успешно запустили task sequence и через некотрое время получили окно с кодом ошибки. Вот типовые коды:
0x80070070 — «There is not enough space on the disk.» На диске нет достаточно места. Такое встречается, когда диск не обнаружен или не является disk 0 на SATA контроллере (нельзя установить ОС на disk 1 и т.д.) или когда в компьютер вставлены другие носители (флэшки, внешние диски). Также такое встречается, когда структура разделов на диске не соотвествует утанавливаемой ОС: например, диск разбит в MBR, а вы ставите в GPT. Это типовая ситуация, когда вы устанавливаете Windows 10 в UEFI (со структурой разделов GPT) после того, как на этом диске стояла Windows 7 в Legacy mode (структура разделов MBR). И самый последний возможный случай — когда на диске есть скрытые или зашифрованные разделы (например с помощью Bitlocker). Во всех случаях диск необходимо очистить от разделов с помощью утилиты diskpart.
Очистка выполняется следующими командами в окне cmd:
diskpart
select disk 0
clean
exit
0x80070490 — «Invalid disk number specified». «System partition is not defined». Failed to identify HDD, failed to identify existing partitions on the HDD, failed to find driver for PCIVEN device. Типовая ошибка, когда Windows PE не может определить наличие диска на контроллере, разделов на нем, часто в случае неправильной настройки в BIOS или в следствие того, что ваш загрузочный образ Windows PE просто не содержит нужных драйверов для вашего контроллера диска. Напомню, что необходимо добавлять драйвера контроллеров в загрузочный образ через утилиту DISM, когда вы переходите с одной платформы на другую.
0x80070032 — «The active system partition on a MBR system must be NTFS». Существующая файловая система или разбиение диска не NTFS. Диск необходимо очистить от разделов с помощью утилиты diskpart.
0x80070570 — «An error occurred while starting task sequence». «The file or directory is corrupted and unreadable.» Эта ошибка может как означать повреждение самого диска или файловой системы, так и исходных файлов пакетов, которые вы ставите на диск. Также эта ошибка встречается, когда компьютер некорректно выключен и Windows хочет проверить диск на ошибки при следующей загрузке.
0x80070057 — «Format failed». Утилита для форматирования диска. встроенная в MDT, не может отформатировать диск. Чаще всего из-за того, что диск не определяется или не подключен как disk 0 в системе.
0x80070002 — «The system cannot find the file specified». Если установка происходит с SCCM, то это означает, что пакет не удалось успешно скачать с сервера, в остальных случаях — в пакете установки программы используется неверный путь или отсуствуют какие-то файлы.
0x80004005 — «An error occurred while retrieving policy for this computer». Эта ошибка может иметь за собой массу различных причин, потому что 4005 — это generic code, означающий, что операция не может быть выполнена. Но если она встречается в самом начале до выбора task sequence для исполнения и сопровожается текстом ошибки «An error occurred while retrieving policy for this computer», то это происходит, когда клиент не может получить список task sequence с SCCM сервера. Причина тому — неправильное время, установленное на клиете или сетевая ошибка. Также, это может быть следствием того, что сертификат в загрузочном образе (boot image) и сертификат на Management point сервере SCCM отличаются.
Поясню механизм, как это работает. Ваш загрузочный образ должен содержать всю неободимую информацию для подключения к серверам SCCM (прописывается в конфигурационном файле MDT). Затем, при загрузке Windows PE исполняется необходимая последовательность команд, в частности подключение к Management Point, откуда клиент должен забрать список доступных Task sequences. В этот момент ко всему прочему проверяется время на клиенте и на сервере, если они отличаются, сервер ответит отказом. Равно как и в случае неподходящего сертификата.
В остальных случаях 0x80004005 просто означает неудачное выполнение операции. Чтобы узнать детали, что именно было не выполенно, необходимо изучать логи SCCM.
Как собирать логи SCCM / MDT
MDT создает следующие лог-файлы:
- BDD.log. Это файл-агрегатор, который содержит результаты основных шагов task sequence.
- dism.log — лог, создаваемый командой DISM, когда та используется для конфигурирования установленной Windows (в первую очередь при unattended установке драйверов)
- LiteTouch.log. Этот файл создается, если вы используете LTI деплойменты. По умолчанию располагается в %WINDIR%TEMPDeploymentLogs.
- NetSetup.LOG — файл содержит сетевую информация о добавлении компьютера в домен.
- Scriptname.log. Такие файлы создаются каждым MDT скриптом согласно его имени.
- SMSTS.log. Это главный файл. создаваемый самим секвенсором (исполнителем Task sequence). Этот файл описывает все шаги Task sequence, по окончании каждого шага выводит exit win32 code, с которым он завершился. По умолчанию, этот файл имеет размер 2 Мбайт. Если общий размер лога превышает этот размер, то создается второй, третий и т.д. файлы, начинающиеся на smsts*. Файл может располагаться в %TEMP%, %WINDIR%System32ccmlogs, or C:_SMSTaskSequence, or C:SMSTSLog в зависимости от типа установки (MDT, SCCM, с SCCM килентом или без) и от этапа, на котром сейчас находится установка ОС.
- Wizard.log. Мастер установки MDT создает этот файл.
- WPEinit.log. Этот файл создается Windows PE при его инициализации и полезен при траблшутинге самого Windows PE.
- zticonfigure.log — содержит информацию о конфигурировании кастомных настроек Windows, которые вы указали в конфигурации MDT (чаще всего это региональная локализация). Создается при ZTI деплойментах с SCCM.
- ztigroups.log — содержит информацию о добавлении групп в локальные администраторы на компьютере, если таковые были указаны в настройках MDT. Создается при ZTI деплойментах с SCCM.
В конце выполнения task sequence все логи копируются в папку, указанную в свойстве SLShare файле настроек MDT Customsettings.ini file. Если вы указали сетевой путь, то сетевой ресурс должен быть доступен для этого.
Дополнительно, сама Windows создает два полезных файла в папке C:WindowsPantherUnattendGC — setupact.log и setuperr.log. С помощью них вы можете найти ошибки во время конфигурирования Windows и добавления компьютера в домен.
Расположение логов меняется в зависимости от того, какой тип установки вы используете (LTI, ZTI, с SCCM или без). Но в общем случае порядок их поиска таков:
- На стадии начала работы Windows PE до запуска task sequence логи находятся в X:windowstempsmstslog
- После запуска task sequence в Windows PE, во время форматирования диска и прочих сервисных операций Windows PE — в X:MININTSMSOSDOSDLOGS
- После форматирования диска и во время применения образа на диск — на локальном диске C: или D: (в зависимости от того, как вы форматировали диск): C:_SMSTaskSequenceLogs и C:SMSTSLog
- После установки SCCM клиента, если такая есть в вашем task sequence логи будут сохраняться в C:WindowsCCMLogs, потому что с этого момента SCCM клиент управляет установкой программ.
- В папке %WINDIR%TEMPDeploymentLogs будут храниться логи, если вы использовали LTI установку через MDT без SCCM.
Чем читать логи
Программой Cmtrace. Она вохдит в состав пакет System Center 2012 R2 Configuration Manager Toolkit в виде самостоятельной утилиты. Я рекомендую встроить ее в ваш загрузочный образ. Чтобы прочитать логи в Windows PE, нажмите F8, появится окно cmd, где вы можете или вызвать cmtrace или explorer.
[Посещений: 6 471, из них сегодня: 1]
Let’s see how you can FIX SCCM Task Sequence Error 0x80004005. You might encounter a prompt message An error occurred while retrieving policy for this computer during Operating System Deployment with SCCM Task Sequence.
The Task Sequence Error 0x80004005 is generic, and the solution could be different based on the details you get into logs.
We onboarded a new hardware model directly to the Configuration Manager with a MAC address in this scenario. We added a newly imported computer to a collection for deploying operating systems to the computer. After initiating the deployment, at the initial stage, it gets failed with the task sequence Error 0x80004005.
It’s always recommended to examine the SMSTS log for task sequence failure issues to help you get the inside about the failure prompt to troubleshoot the task sequence error 0x80004005. We have a lot of coverage related to OSD troubleshooting within HTMD community posts.
- FIX: SCCM Task sequence has failed with the error code 0x80070057
- Easily FIX SCCM Task Sequence Unable to find a volume Error Code 0x80070490
- Deploy Microsoft Edge WebView2 Using SCCM ConfigMgr
Issue Summary
This error appears at the initial stage when you have started the deployment. Task Sequence fails with the following error message –
An error occurred while retrieving policy for this computer (0x80004005). For more information, contact your system administrator or helpdesk operator.
In this scenario, Task Sequence terminated at the beginning. You will collect the logs at WinPE x:windowstempsmstslogsmsts.log. To get the command prompt window, you have to press F8 key.
More you can explore SCCM OSD Task Sequence Troubleshooting Steps by Step Ultimate Guide SMSTS.log. Here’s the highlight from the SMSTS.log –
- Error. Status code 404 – (Not Found)
- Decoding failed (0x8009310b). Assuming not encoded.
- BOM not found on policy reply
- Failed to download policy AP32080B-AP300A0E-6F6BCC28 (Code 0x80004005).
<![LOG[Error. Status code 404 - (Not Found) returned]LOG]!><time="16:19:15.950-480" date="08-24-2021" component="TSMBootstrap" context="" type="0" thread="1612" file="libsmsmessaging.cpp:10121">
<![LOG[Found a secure policy.]LOG]!><time="16:19:15.950-480" date="08-24-2021" component="TSMBootstrap" context="" type="1" thread="1612" file="libsmsmessaging.cpp:5186">
<![LOG[Trying to decode policy.]LOG]!><time="16:19:15.950-480" date="08-24-2021" component="TSMBootstrap" context="" type="1" thread="1612" file="libsmsmessaging.cpp:5188">
<![LOG[CryptDecryptMessage ( &DecryptParams, pbEncrypted, nEncryptedSize, 0, &nPlainSize, 0 ), HRESULT=8009310b (..windes.cpp,451)]LOG]!><time="16:19:15.950-480" date="08-24-2021" component="TSMBootstrap" context="" type="0" thread="1612" file="windes.cpp:451">
<![LOG[Decoding failed (0x8009310b). Assuming not encoded.]LOG]!><time="16:19:15.950-480" date="08-24-2021" component="TSMBootstrap" context="" type="1" thread="1612" file="libsmsmessaging.cpp:5208">
<![LOG[BOM not found on policy reply]LOG]!><time="16:19:15.950-480" date="08-24-2021" component="TSMBootstrap" context="" type="2" thread="1612" file="libsmsmessaging.cpp:5351">
<![LOG[hr, HRESULT=80004005 (..libsmsmessaging.cpp,5373)]LOG]!><time="16:19:26.970-480" date="08-24-2021" component="TSMBootstrap" context="" type="0" thread="1612" file="libsmsmessaging.cpp:5373">
<![LOG[oPolicy.RequestPolicy((GetPolicyFlags() & POLICY_SECURE) != 0, (GetPolicyFlags() & POLICY_COMPRESS) != 0), HRESULT=80004005 (..tspolicy.cpp,2577)]LOG]!><time="16:19:26.970-480" date="08-24-2021" component="TSMBootstrap" context="" type="0" thread="1612" file="tspolicy.cpp:2577">
<![LOG[Failed to download policy AP32080B-AP300A0E-6F6BCC28 (Code 0x80004005).]LOG]!><time="16:19:26.970-480" date="08-24-2021" component="TSMBootstrap" context="" type="3" thread="1612" file="tspolicy.cpp:2577">
<![LOG[(*iTSPolicyAssignment)->GetObjects(pszClassName, aTSPolicyObjectArray ), HRESULT=80004005 (..tspolicy.cpp,1574)]LOG]!><time="16:19:26.970-480" date="08-24-2021" component="TSMBootstrap" context="" type="0" thread="1612" file="tspolicy.cpp:1574">
<![LOG[m_pPolicyManager->GetObjects( TS::Policy::TaskSequence::GetClassName(), TS::Policy::TaskSequence::GetPolicyCategory(), TS::Policy::TSPolicyAssignment::POLICY_TS_FOR_CD_AND_PXE, aTSPolicyObjectArray ), HRESULT=80004005 (tsmediawizardcontrol.cpp,1196)]LOG]!><time="16:19:26.970-480" date="08-24-2021" component="TSMBootstrap" context="" type="0" thread="1612" file="tsmediawizardcontrol.cpp:1196">
<![LOG[Failed to get all CCM_TaskSequence objects]LOG]!><time="16:19:26.970-480" date="08-24-2021" component="TSMBootstrap" context="" type="3" thread="1612" file="tsmediawizardcontrol.cpp:1196">
<![LOG[Exiting TSMediaWizardControl::GetPolicy.]LOG]!><time="16:19:26.970-480" date="08-24-2021" component="TSMBootstrap" context="" type="0" thread="1612" file="tsmediawizardcontrol.cpp:1455">
<![LOG[pWelcomePage->m_pTSMediaWizardControl->GetPolicy(), HRESULT=80004005 (tsmediawelcomepage.cpp,304)]LOG]!><time="16:19:26.970-480" date="08-24-2021" component="TSMBootstrap" context="" type="0" thread="1612" file="tsmediawelcomepage.cpp:304">
<![LOG[Setting wizard error: An error occurred while retrieving policy for this computer (0x80004005). For more information, contact your system administrator or helpdesk operator.]LOG]!><time="16:19:26.970-480" date="08-24-2021" component="TSMBootstrap" context="" type="0" thread="1432" file="tsmediawizardcontrol.cpp:1646">FIX – SCCM Task Sequence Error 0x80004005 Failed to run while retrieving policy
Let’s check the solution to fix this task sequence error 0x80004005 –
- Launch SCCM Console, Navigate to Assets and Compliance > Devices.
- Look for the device, Remove the device entry from the SCCM Console.
Note – Collect the SMBIOS GUID for a device under the Summary tab in SCCM Console. To get SMBIOS GUID in a machine, Open the command prompt, Run command: wmic csproduct get uuid
SMBIOS is the GUID stored in the device BIOS or UEFI. It’s unique to the device, and SCCM uses it to recognize imported computers. Collect the information as stated above. This time add a computer with the SMBIOS GUID information, import the computer with SMSBIOS GUID, and complete the wizard.
You should add a newly imported computer to a collection. This allows you to create advertisements for deploying operating systems to the computer immediately.
Once you are done with the above steps, Please wait to advertise the computer information. Restart the target machine and reinitiate the task sequence deployment. It should continue without any errors.
For PCs that do not successfully boot from PXE, the SMSPXE.log on the server hosting the PXE Service Point can be examined for the PC’s SMBIOS GUID. The line that contains this information will be something as follows:
MAC=<Mac_Address> SMBIOS GUID=<SMBIOS_GUID> > Device found in the database. MacCount=x GuidCount=y
To obtain the SMBIOS GUID from a PC having the problem, use one of the below methods:
At a command prompt, run the command:
wmic
When the promptwmic:rootcli>appears, type in the command:
csproduct get uuid
The SMBIOS GUID for the PC should be displayed. For Example – 4C4C4544-0032-5610-8037-C8C04P604A63
Let us know your experience with the error code and how you were able to fix it in the comment section.
About Author -> Jitesh has over 5 years of working experience in the IT Industry. He writes and shares his experiences related to Microsoft device management technologies and IT Infrastructure management. His primary focus area is Windows 10/11 Deployment solution with Configuration Manager, Microsoft Deployment Toolkit (MDT), and Microsoft Intune.
Resources
- OSD Known Issues Troubleshooting Guide |SCCM |ConfigMgr
- ConfigMgr OSD Troubleshooting Known Issues Guide Part 2 | SCCM
- FIX: SCCM Task Sequence Failed to load class properties 0x80041002 (2147749890)
- FIX: SCCM Task sequence has failed with the error code 0x800700A1
This post provides solution to SCCM task sequence error 0x80004005 while retrieving policy. Before you read further, I want to tell you that error 0x80004005 is a generic error. Which means there could be more than one solution for this error. Therefore you must examine the smsts.log file to find out the actual issue. In my case during the OSD the task sequence failed at the very initial step. This issue was observed on one of the VM’s. So here is the issue and it’s description.
Task Sequence fails with the following error message. An error occurred while retrieving policy for this computer (0x80004005). For more information, please contact your system administrator or helpdesk operator.
The smsts.log file reveals the following.
unknown host (gethostbyname failed).
sending with winhttp failed; 80072ee7.
Failed to get client identity (80072ee7).
Failed to request for client TSPxe.
SyncTimeWithMP() failed. 80072ee7.
Failed to get time information from MP: http://MPserverFQDN.
An error occurred while retrieving policy for this computer (0x80004005).
For more information, contact your system administrator or helpdesk operator.
RegOpenKeyExW is unsuccessful for SoftwareMicrosoftSMSTask Sequence.
GetTsRegValue() is unsuccessful. 0x80070002.
TS environment not initialized
Looking at the log file details, you could make out that there is a time sync issue. The error “SyncTimeWithMP() failed 80072ee7” should give you clear info that there is some issue with time synchronization. To resolve this issue one must check the clock in the BIOS of the affected machine. Ensure that the time in BIOS matches the time in the forest where the SCCM server is located. In other words ensure the time settings are same with both SCCM and PXE client. If not you will end up seeing the time sync errors. If you correct this, I bet the deployment should continue successfully in next try.
Prajwal Desai is a Microsoft MVP in Enterprise Mobility. He writes articles on SCCM, Intune, Windows 365, Azure, Windows Server, Windows 11, WordPress and other topics, with the goal of providing people with useful information.
Back to top button
Symptoms
Consider the following scenario:
-
You create a software package on a System Center Configuration Manager 2007 Service Pack 2 (SP2) site server.
-
The package includes files that contain extended ASCII characters in the file names.
-
You advertise a task sequence to deploy the package to a client computer.
-
You select the Download content locally when needed by running task sequence option on the Distribution Points tab of the advertisement properties.
In this scenario, the task sequence may fail together with the «80004005» error code. Additionally, the following error message is logged in the Smsts.log file on the client computer:
Hash Value failed or hash value is incorrect
Cause
This issue occurs because the extended ASCII characters in the file names are not downloaded or named correctly and because the file names differ from the original files names. Therefore, the hash mismatch error occurs.
Resolution
The hotfix for this issue is integrated into hotfix 2276865. To resolve this issue, install hotfix 2276865 on the affected System Center Configuration Manager 2007 SP2 site server.
2276865 The «Date modified» attribute for each file is changed after you deploy the files to a client computer by advertising a task sequence from a System Center Configuration Manager 2007 SP2 site server
Workaround
To work around this issue, use one of the following methods:
-
Rename these files to remove extended ASCII characters, re-create the package, and then deploy the package to the client computer again.
-
Select the Download all contents locally before starting task sequence option on the Distribution Points tab of the advertisement properties.
Status
Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the «Applies to» section.
More Information
For more information about software update terminology, click the following article number to view the article in the Microsoft Knowledge Base:
824684 Description of the standard terminology that is used to describe Microsoft software updates
Need more help?
Want more options?
Explore subscription benefits, browse training courses, learn how to secure your device, and more.
Communities help you ask and answer questions, give feedback, and hear from experts with rich knowledge.
check
Best Answer
Thank you all for your suggestions, In digging through them, I found that my VM that I used to build and capture the image was set to Legacy instead of EFI. I am going to rebuild the image capture VM with this setting corrected. I will report back with my findings.
Thank you again.
Was this post helpful?
thumb_up
thumb_down
View Best Answer in replies below
11 Replies
-
1) Check your Distribution Point self-signed certificate hasn’t expired:
Text
Administration > Distribution Points > Properties of DP
Check the expiration date. If it’s expired, simply create a new certificate and update all of your boot images to the DP.
2) BIOS date/time on the client. Ensure it’s correct.
If points 1 and 2 are OK, I’d try recreating the boot media just in case.
Was this post helpful?
thumb_up
thumb_down
-
Make sure you do not have an existing record of this computer in AD or already in SCCM. If so delete it and retry.
Was this post helpful?
thumb_up
thumb_down
-
Pastebin is blocked at my work. Can you attach the log as a .txt file?
Was this post helpful?
thumb_up
thumb_down
-
Looks like this line is the culprit:
Text
line 1063: <![LOG[Process completed with exit code 2147500037]LOG]!><time="20:55:03.324+480" date="03-17-2017" component="TSManager" context="" type="1" thread="1436" file="commandline.cpp:1124">
A quick google of that exit code: https://ardamis.com/2015/11/07/troubleshooting-sccm-2012-task-sequence-failures/ Opens a new window
What is this task sequence supposed to do?
My task sequences are limited to clean installs of Windows 10; and one that I got from TechNet to upgrade Win7 to Win10 when it first came out.
Was this post helpful?
thumb_up
thumb_down
-
First rule of SCCM: use CMTrace.exe to review your logs.
Second rule of SCCM: use CMTrace.exe to review your logs.
0x80004005 is the worst generic error code because it doesn’t actually mean anything. Whenever that pops up, you have to roll up your sleeves and prepare for a long day of investigating and testing.
First place I would look is to verify your disk partitioning task sequences.
EDIT: I didn’t realize that screen cap would be so awful. Here are the two lines that caught my eye that should start your investigation:
- System partition not set
- Unable to find the partition that contains the OS boot loaders. Please ensure the hard disks have been properly partitioned. Unspecified error (Error: 80004005; Source: Windows)
All the other errors that follow cascade from that initial failure.
2 found this helpful
thumb_up
thumb_down
-
Thank you all for your suggestions, In digging through them, I found that my VM that I used to build and capture the image was set to Legacy instead of EFI. I am going to rebuild the image capture VM with this setting corrected. I will report back with my findings.
Thank you again.
Was this post helpful?
thumb_up
thumb_down
-
Make sure you select the correct Image Index as well. That has burned me before.
Was this post helpful?
thumb_up
thumb_down
-
Jeremy9642 wrote:
Thank you all for your suggestions, In digging through them, I found that my VM that I used to build and capture the image was set to Legacy instead of EFI. I am going to rebuild the image capture VM with this setting corrected. I will report back with my findings.
Thank you again.
Boom. Disk partition type conflict in the TS.
Was this post helpful?
thumb_up
thumb_down
-
After rebuilding the image on a EFI VM the issue has been resolved.
Was this post helpful?
thumb_up
thumb_down
-
I changed the secure boot option to disabled, then change UEFI only to both and that resolved my issue.
Was this post helpful?
thumb_up
thumb_down
-
The fix for me was creating a default TS to «Deploy and existing image»… I then manually recreated all the partition settings in my custom TS, copying the default, and it worked like a charm!
Was this post helpful?
thumb_up
thumb_down
- Remove From My Forums
-
Question
-
Hi,
I have observed that many WES7 devices are not reporting to SCCM 2012 R2 and upon looking in the SCCM agent logs, I see that there are errors like «RegTask: Failed to get certificate. Error: 0x80004005» in ClientIDManagerStartup.log
Temporary fix is to delete «ProgramDataMicrosoftCryptoRSAMachineKeys19c5cf9c7b5dc9de3e548adb70398402*» , SMSCFG.ini, SMSTS.ini and restart the SCCM agent service, upon the agents tries to re-register in the server and again after a reboot
they are back with the «RegTask: Failed to get certificate. Error: 0x80004005»We have write-filters enabled and i have excluded ProgramDataMicrosoftCrypto for any key issues, but still they are not communicating.
Any suggestions are appreciated.
Sandeep Bondada
The MECM / SCCM task sequence may fail with following error:
An error occurred while retrieving policy for this computer (0x80004005). For more information, please contact your system administrator or helpdesk operator.
The error code 0x80004005 is a generic error code which means Access Denied. There may be number of reason behind this and you should analyze smsts.log to understand exact reason behind this error code.
Time Sync Issue
Error in smsts.log
SyncTimeWithMP() failed. 80072ee7.TSMBootstrap 25-4-2018 18:02:191501 (0x0580)
Failed to get time information from MP: MPServerName
If you see above errors in smsts.log then it can be related with time sync issue
Check the date and time on client machine BIOS. You can press F8 in Windows PE screen to open command prompt and validate the date and time from command line. In case of time issue, correct the time and retry the Task sequence.
DNS Issue
Error in smsts.log
unknown host (gethostbyname failed)
sending with winhttp failed; 80072ee7
Failed to get client identity (80072ee7)
The above error indicates DNS related issues. You can launch command prompt by pressing F8 and validate the following things.
- Check if an IP address has been assigned to machine by DHCP server.
- Check if you can ping Management Point using Management Point server FQDN.
If you have used Dynamic media while creating the USB boot disk then try Site-based media and select the management point client reporting to.
Self-Signed certificate has expired
The above issue also happen due to expired self signed certificates. Follow the below steps to check self-signed certificate expiry date.
- Open Configuration Manager console
- Navigate to AdministrationOverviewSite ConfigurationServers and Site System Roles
- Select the Site System in top right pane
- Right click on Distribution Point in bottom right pane and select Properties
- In the Distribution Point Properties windows, go to Communication tab and validate Self-signed certificate date.
Related Posts:
- MECM OSD Task Sequence Failed with Error 0x80072EE7
- SCCM Software Distribution Troubleshooting
- MECM OSD – PXE Troubleshooting
- PXE-E99: Unexpected network error – SCCM OSD
Below are the locations the log file will be in depending on what stage the TS is at:
During OS Deployment
Before your hard drive is formatted and partitioned
X:windowstempsmstslog
After your hard drive is partitioned formatted
X:smstslog and then is in C:_SMSTaskSequencelogssmstslog
Within Windows
Within Windows before the SCCM agent is installed:
C:_SMSTaskSequencelogssmstslog
Within Windows after the SCCM agent installed:
C:windowssystem32ccmlogssmstslog
When the Task Sequence completes on a x86
C:windowssystem32ccmlogs
For x64 Systems
C:windowsSysWOW64ccmlogs
You will need to enable your boot.wim with f8 support to retrieve the log if it bombs out before apply OS stage so that you can bring up the command prompt and copy the log to a share on the network.
Skip to content
SCCM client failed to install due to “RegTask: Failed to get certificate. Error: 0x80004005”
I have been struggling with a sccm client installation case. The Configuration Manager client show incomplete content on General and Actions tabs.
In the beginning, I thought it was related to the communication between the client and the management point. But the following two links return good results:
http://<MP-SERVER>/sms_mp/.sms_aut?mplist
http://<MP-SERVER>/sms_mp/.sms_aut?mpcert
Then I looked into the ClientIDManagerStartup.log and found the repeated exceptions as below:
RegTask: Failed to get certificate. Error: 0x80004005 11172 (0x2BA4)
RegTask: Failed to get certificate. Error: 0x80004005 11172 (0x2BA4)
RegTask: Failed to get certificate. Error: 0x80004005 11172 (0x2BA4)
RegTask: Failed to get certificate. Error: 0x80004005 11172 (0x2BA4)
CertificateMaintenance.log shows also:
Creating Signing Certificate… 10004 (0x2714)
Crypt acquire context failed with 0x8009000f. 10004 (0x2714)
Failed to create certificate 8009000f 10004 (0x2714)
CCMDoCertificateMaintenance() failed (0x8009000f). 10004 (0x2714)
Raising pending event:
instance of CCM_ServiceHost_CertificateOperationsFailure
{
DateTime = “20200520031245.725000+000”;
HRESULT = “0x8009000f”;
ProcessID = 8808;
ThreadID = 10004;
};
10004 (0x2714)
CCMDoCertificateMaintenance() raised CCM_ServiceHost_CertificateOperationsFailure status event. 10004 (0x2714)
This led me to thinking of another phenomenon of its empty sms certificates in Local ComputerSMS node.
All these clues give me a vague implication that it could be related to the certificate permission. So, as a test I deleted the C:WindowsSMSCFG.INI, launched process monitor and then restarted cccmexec, and found the following:
Okay, that’s somewhat clear now – The C:ProgramDataMicrosoftCryptoRSAMachineKeys195c… file is not accessible by local System account. Thus, I carried out the following steps to fix it:
- Stop ccmexec service: Stop-Service ccmexec
- Delete C:WindowsSMSCFG.ini
- Right click C:ProgramDataMicrosoftCryptoRSAMachineKeys195c….. key file whose name start with 19, go to Security and add System account and grant it Full Control permission
- Restart ccmexec service: Start-Service ccmexec
Finally, SCCM client gest back to normal.
References
- https://sukhdeepsinghblog.com/2018/12/06/sccm-client-failure-errorfailed-to-download-client-files-by-bits-error-0x800704dd/#respond
- https://kirannavuri.blogspot.com/2016/12/clientidmanagerstartuplog-error-regtask.html
- http://www.mssccm.com/uncategorized/sccm-client-registration-failed-regtask-failed-to-get-certificate-error-0x80004005/