Repairing broken ConfigMgr PXE Component after Site Restore

I recently did a Site Restore of a ConfigMgr 1810 Site on to a new System using Configuration Manager Site Recovery. After finishing the restore, the PXE Component (new PXE Responder without WDS) seemed to be broken and new PXE-boot attempts ended up with the following lines in SMSPXE.log.

Failed to create certificate store from encoded certificate. Verify the provided Certificate was provisioned correctly. . An error occurred during encode or decode operation. (Error: 80092002; Source: Windows)

Failed to create certificate store from encoded certificate. Verify the provided Certificate was provisioned correctly. . An error occurred during encode or decode operation. (Error: 80092002; Source: Windows)

PXE::MP::GetMPListAndConnectionInfo failed; 0x80092002

PXE::MP::IsKnownMachine failed; 0x80092002

I quickly stumbled over the Knowledge Base Article called “ConfigMgr PXE does not work because a self-signed certificate is not created“. However, after performing all the listed steps, the error above remained.

What solved it for me, was regenerating the Distribution Point Certificate. For this to happen, you can adjust the expiration date of the self-signed Certificate to a newer date. In this case here, I changed the Year from 2115 to 2116.

You can verify the regeneration of the Certificate by opening the Certificates Node in the Administration Workspace. Here you find a new Distribution Point Certificate with the specified end date. The old Certificate should be blocked as seen below.

A new attempt to PXE boot worked on the first try without the previous errors in SMSPXE.log.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.