Thanks for reading, My SCCM site is in a lab and is Windows Server 2008R2 with SCCM 2007R2, the site's been up and running and it installs clients,inventories and distributes software, the next thing I wanted to do was deploy OS, so I installed MDT etc. and things were going well, I had a few PXE error's which I resolved and then...errors in WinPE [TSMESSAGING] AsyncCallback(): WINHTTP_CALLBACK_STATUS_SECURE_FAILURE Encountered TSPxe 28/04/2011 18:12:21 1132 (0x046C) [TSMESSAGING] : dwStatusInformationLength is 4 TSPxe 28/04/2011 18:12:21 1132 (0x046C) [TSMESSAGING] : *lpvStatusInformation is 0x9 TSPxe 28/04/2011 18:12:21 1132 (0x046C) [TSMESSAGING] : WINHTTP_CALLBACK_STATUS_FLAG_CERT_REV_FAILED is set TSPxe 28/04/2011 18:12:21 1132 (0x046C) [TSMESSAGING] : WINHTTP_CALLBACK_STATUS_FLAG_INVALID_CA is set TSPxe 28/04/2011 18:12:21 1132 (0x046C) [TSMESSAGING] AsyncCallback(): ----------------------------------------------------------------- TSPxe 28/04/2011 18:12:21 1132 (0x046C) So i figured that I had a problem with the certificates and I have followed the instructions from http://certcollection.org/forum/topic/96626-how-to-create-a-certificate-for-a-pxe-service-point-in-sccm-2007/ and it goes well until I "run certreq –new ConfigMgrPXECertificate.inf ConfigMgrPXECertificate.req" and I get an Certificate Request Processor error.It says The string contains an invalid x500 name attribute key,oid, value or delimiter.0x80092023 (-2146885597)ConfigMgrPXECertificate.inf[NewRequest] Subject ="CN" I have followed the instructions and copied\paste the inputs and I seem unable to progress any further, any ideas? or is there another way to register these certificates in Server 2008r2, I have spent hours trying to get this to work :( Simon Diaz

any reason you are not using the self-signed cert? Are you runing in native mode?Michael Petersen http://blog.coretech.dk/mip/

why don't you just enroll being logged in on your sccm server to get this certificate, then export cert with it's private key and then import in PXE Service Point?

I have amended the link http://www.opsvault.com/how-to-create-a-certificate-for-a-pxe-service-point-in-sccm-2007/ the site is running in native mode, I can't enroll the certificate when logged into the server because it is requesting a value for the subject name Instructions I have followed to get to this point: http://www.opsvault.com/how-to-create-a-certificate-for-a-pxe-service-point-in-sccm-2007/ 3. Configure Properties of New Template a. General Tab i. Template display name: ConfigMgr PXE Certificate ii. Template name: ConfigMgrPXECertificate b. Request Handling Tab i. Check Allow Private Key to be exported c. Subject Name Tab i. Select Supply in the request d. Issuance Requirement Tab i. Check CA certificate manager approval I have followed these instructions and then 4. Enable Certificate Template to Issue a. Next, go back to the Certificate Authority Management console, b. This time, instead of selecting Manage on the Certificate Template, select New à Certificate Template to Issue c. Then select the new certificate template, which is ConfigMgr PXE Certificate With the certificate template created and available, the next thing we need to do is to request the certificate from the CA server. Here are the steps, 1. Request the ConfigMgr PXE Service Point certificate a. Open Notepad (or any text editor) and copy and paste the following text into the file: [NewRequest] Subject = “CN=ConfigMgr PXE Certificate” MachineKeySet = True Exportable = True [RequestAttributes] CertificateTemplate = ConfigMgrPXECertificate b. Save the file as ConfigMgrPXECertificate.inf c. Open a command window in the certificates folder that you created, type the following command, and then press Enter: certreq –new ConfigMgrPXECertificate.inf ConfigMgrPXECertificate.req This is when i get the error: Certificate Request Processor error.It says The string contains an invalid x500 name attribute key,oid, value or delimiter.0x80092023 (-2146885597)ConfigMgrPXECertificate.inf[NewRequest] Subject ="CN" I wondered if anyone else had seen this or could say where I was going wrong, many thanksSimon Diaz

This is the way I did it: http://social.technet.microsoft.com/Forums/en-US/configmgrosd/thread/65be54a6-c77a-4936-afeb-2c30e43857fc Unfortunatelly the first picture in your post is not available. You can supply the subject name during enrollment.

Thanks Very much Hannah, I was setting the name type wrong, followed your instructions and my task sequences are now running,much appreciatedmany thanks