Trying to build some Windows servers today I kept getting met with errors whilst the device attempted to download policy at the point where I can choose a Task Sequence for my build.
The errors were:
‘reply has no message header marker’
‘Failed to get client identity (80004005)’
‘Failed to read client identity (Code 0x80004005)’ and
‘Failed to get client identity.’
I’ve seen these errors before and normally they relate to the time and date being out on the devices BIOS. Since these devices were XenServer VM’s there was no option to modify the date & time since XenCenter controls this. I checked the time and date at the command prompt and this reported back fine.
Checking the site’s Component Status I could see warnings in the SMS_MP_CONTROL_MANAGER for one of the MP’s
and the error appeared as:
So a certificate I am using has expired. I’m using boot media so it seemed more than likely that the certificate from that had expired.
In Configmgr you can check the certificates under the Administrator>Security>Certificates node.
Sure enough I had a certificate that had expired a few days ago
Time to re-create the boot media and, if necessary, set the expiration date far into the future.
Problem solved.
SCCMentor - Paul Winstanley 
Thanks for sharing:)
Saved my skin this one! thanks for the post.
Thank you, thank you, thank you for posting this! This fixed my problem after about 8 hours of stress trying different things.
Thanks Chris. Glad to be of assistance