Trying to build some Windows servers today I kept getting met with errors whilst the device attempted to download policy at the point where I can choose a Task Sequence for my build. 

The errors were:

‘reply has no message header marker’

‘Failed to get client identity (80004005)’

‘Failed to read client identity (Code 0x80004005)’ and

‘Failed to get client identity.’

I’ve seen these errors before and normally they relate to the time and date being out on the devices BIOS. Since these devices were XenServer VM’s there was no option to modify the date & time since XenCenter controls this. I checked the time and date at the command prompt and this reported back fine.

Checking the site’s Component Status I could see warnings in the SMS_MP_CONTROL_MANAGER for one of the MP’s

ExCert-001

and the error appeared as:

ExCert-002

So a certificate I am using has expired. I’m using boot media so it seemed more than likely that the certificate from that had expired.

In Configmgr you can check the certificates under the Administrator>Security>Certificates node.

Sure enough I had a certificate that had expired a few days ago

ExCert-003

Time to re-create the boot media and, if necessary, set the expiration date far into the future.

Problem solved. 

Advertisements