To resolve this, under the PXE settings for Distrobution Point:
Go to User Device Affinity. Then select the option:
"Allow user device affinity with automatic approval"
This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
Running SCCM 1910, we have successfully deployed an OS many times over the course of a month. Now, all of the sudden, when PXE booting we are seeing a Waiting for approval message. All other troubleshooting aside, my last ditch effort was to remove deployment-related content from the Distribution Point, remove the PXE role, restart the DP, enable PXE, and distribute content. No change.
The log on the DP shows the DHCP request, the boot image request and send and basically just repeats this section over and over, incrementing the SMSTemp var file number:
<![LOG[Packet: Operation: 2 (reply), AdrType: 1, AdrLen: 6, HopCount: 0, TransactID: 0001e240, BootTime: 65535, Addr: 00:15:5d:0d:86:06:00:00:00:00:00:00:00:00:00:00, HostName: , BootFile: smsboot\AZ100005\x64\bootmgfw.efi, ClientIP: 10.1.21.25, HostIP: 0.0.0.0, ServerIP: 10.1.15.115, RelayIP: 0.0.0.0
Options:
53, 1, MsgType: 05, ack
54, 4, SvrID: 0a 01 0f 73
97, 17, UUID: 00 70 0f 2b f1 dc a7 f8 49 a4 f6 80 9d 4e d0 ac 3a
60, 9, ClassID: PXEClient
243, 38, '': 02 00 01 16 53 4d 53 54 65 6d 70 5c 30 30 30 30 30 30 30 30 31 35 2e 76 61 72 03 0a 41 5a 30 31 53 43 43 4d 44 50
252, 32, '': 53 4d 53 54 65 6d 70 5c 41 5a 31 30 30 30 30 35 2d 30 30 30 30 30 2d 30 30 30 30 30 2e 62 63 64]LOG]!><time="11:23:08.805+420" date="12-08-2020" component="SCCMPXE" context="" type="1" thread="836" file="pxeserver.cpp:288">
<![LOG[PXE: Sending reply to 10.1.21.25, PXE.]LOG]!><time="11:23:08.805+420" date="12-08-2020" component="SCCMPXE" context="" type="1" thread="836" file="pxeserver.cpp:48">
<![LOG[Packet: Operation: 1 (request), AdrType: 1, AdrLen: 6, HopCount: 0, TransactID: 0001e240, BootTime: 65535, Addr: 00:15:5d:0d:86:06:00:00:00:00:00:00:00:00:00:00, HostName: , BootFile: , ClientIP: 10.1.21.25, HostIP: 0.0.0.0, ServerIP: 10.1.15.115, RelayIP: 0.0.0.0
Options:
93, 2, Arch: 00 07
97, 17, UUID: 00 70 0f 2b f1 dc a7 f8 49 a4 f6 80 9d 4e d0 ac 3a
53, 1, MsgType: 03, request
60, 9, ClassID: PXEClient
55, 9, ParamRequestList: 3c 80 81 82 83 84 85 86 87
250, 21, Extension: 0c 01 01 0d 02 08 00 01 02 00 07 0e 01 01 05 04 00 00 00 00 ff]LOG]!><time="11:23:29.658+420" date="12-08-2020" component="SCCMPXE" context="" type="1" thread="8004" file="pxeserver.cpp:288">
<![LOG[PXE: Packet from 10.1.21.25 (PXE, 00:15:5D:18:16:06, 10.1.15.115).]LOG]!><time="11:23:29.658+420" date="12-08-2020" component="SCCMPXE" context="" type="1" thread="8004" file="pxeserver.cpp:479">
<![LOG[PXE: 00:15:5D:0D:86:06: Operation=1, MessageType=3, Architecture=7, Continuation=1]LOG]!><time="11:23:29.658+420" date="12-08-2020" component="SCCMPXE" context="" type="1" thread="1084" file="mp.cpp:37">
<![LOG[PXE: 00:15:5D:0D:86:06: Parsed a request (continuation) packet.]LOG]!><time="11:23:29.658+420" date="12-08-2020" component="SCCMPXE" context="" type="1" thread="1084" file="mp.cpp:37">
<![LOG[PXE: 00:15:5D:0D:86:06: F12B0F70-A7DC-49F8-A4F6-809D4ED0AC3A: Client is 64-bit, UEFI, WDS.]LOG]!><time="11:23:29.658+420" date="12-08-2020" component="SCCMPXE" context="" type="1" thread="1084" file="mp.cpp:37">
<![LOG[SSL, using authenticator in request.]LOG]!><time="11:23:29.673+420" date="12-08-2020" component="SCCMPXE" context="" type="1" thread="1084" file="libsmsmessaging.cpp:10159">
<![LOG[In SSL, but with no client cert.]LOG]!><time="11:23:29.673+420" date="12-08-2020" component="SCCMPXE" context="" type="1" thread="1084" file="libsmsmessaging.cpp:10180">
<![LOG[SSL, using authenticator in request.]LOG]!><time="11:23:29.720+420" date="12-08-2020" component="SCCMPXE" context="" type="1" thread="1084" file="libsmsmessaging.cpp:10159">
<![LOG[In SSL, but with no client cert.]LOG]!><time="11:23:29.720+420" date="12-08-2020" component="SCCMPXE" context="" type="1" thread="1084" file="libsmsmessaging.cpp:10180">
<![LOG[Client Boot Get ID Info reply: <ClientIDReply><Identification Unknown="0" DuplicateSMBIOS="0" DuplicateMACAddress="0" ItemKey="0" ServerName=""><Machine><ClientID/><NetbiosName/></Machine></Identification><ClientIDInfo ItemKey="0" ClientID="" DuplicateSMBIOS="0" DuplicateMACAddress="0" MatchType="0"/></ClientIDReply>
]LOG]!><time="11:23:29.751+420" date="12-08-2020" component="SCCMPXE" context="" type="1" thread="1084" file="libsmsmessaging.cpp:7738">
<![LOG[PXE: 00:15:5D:0D:86:06: System records:]LOG]!><time="11:23:29.751+420" date="12-08-2020" component="SCCMPXE" context="" type="1" thread="1084" file="mp.cpp:37">
<![LOG[PXE: 00:15:5D:0D:86:06: 0, , SMBIOS ID is NOT a match, MAC Address is NOT a match.]LOG]!><time="11:23:29.751+420" date="12-08-2020" component="SCCMPXE" context="" type="1" thread="1084" file="mp.cpp:37">
<![LOG[PXE: 00:15:5D:0D:86:06: No valid system records.]LOG]!><time="11:23:29.751+420" date="12-08-2020" component="SCCMPXE" context="" type="1" thread="1084" file="mp.cpp:37">
<![LOG[PXE: 00:15:5D:0D:86:06: Client machine is UNKNOWN.]LOG]!><time="11:23:29.751+420" date="12-08-2020" component="SCCMPXE" context="" type="1" thread="1084" file="mp.cpp:37">
<![LOG[SSL, using authenticator in request.]LOG]!><time="11:23:29.783+420" date="12-08-2020" component="SCCMPXE" context="" type="1" thread="1084" file="libsmsmessaging.cpp:10159">
<![LOG[In SSL, but with no client cert.]LOG]!><time="11:23:29.783+420" date="12-08-2020" component="SCCMPXE" context="" type="1" thread="1084" file="libsmsmessaging.cpp:10180">
<![LOG[SSL, using authenticator in request.]LOG]!><time="11:23:29.814+420" date="12-08-2020" component="SCCMPXE" context="" type="1" thread="1084" file="libsmsmessaging.cpp:10159">
<![LOG[In SSL, but with no client cert.]LOG]!><time="11:23:29.814+420" date="12-08-2020" component="SCCMPXE" context="" type="1" thread="1084" file="libsmsmessaging.cpp:10180">
<![LOG[Client Boot TS reply: <ClientIDReply><Identification Unknown="0" DuplicateSMBIOS="0" DuplicateMACAddress="0" ItemKey="2046820353" ServerName=""><Machine><ClientID/><NetbiosName/></Machine></Identification><TSInfo DeploymentID="AZ120016" PkgID="AZ1000A3" BootImageID="AZ100005" Architecture="9" Required="0" AlreadyRun="0" ForPXE="1" Disabled="0" PackageAvailable="1" FutureAvailability="0" Expired="0" UEFIArchitectureMismatch="0" ArchitectureMismatch="0"/></ClientIDReply>
]LOG]!><time="11:23:29.845+420" date="12-08-2020" component="SCCMPXE" context="" type="1" thread="1084" file="libsmsmessaging.cpp:7884">
<![LOG[PXE: 00:15:5D:0D:86:06: Task Sequence deployment(s) to unknown machines:]LOG]!><time="11:23:29.845+420" date="12-08-2020" component="SCCMPXE" context="" type="1" thread="1084" file="mp.cpp:37">
<![LOG[PXE: 00:15:5D:0D:86:06: AZ120016, AZ100005, 64-bit, optional, is valid.]LOG]!><time="11:23:29.845+420" date="12-08-2020" component="SCCMPXE" context="" type="1" thread="1084" file="mp.cpp:37">
<![LOG[PXE: 00:15:5D:0D:86:06: Using Task Sequence deployment AZ120016.]LOG]!><time="11:23:29.845+420" date="12-08-2020" component="SCCMPXE" context="" type="1" thread="1084" file="mp.cpp:37">
<![LOG[Saving Media Variables to "SMSTemp\0000000016.var"]LOG]!><time="11:23:29.845+420" date="12-08-2020" component="SCCMPXE" context="" type="1" thread="1084" file="tsremovablemedia.cpp:186">
To resolve this, under the PXE settings for Distrobution Point:
Go to User Device Affinity. Then select the option:
"Allow user device affinity with automatic approval"
Thank you for posting in Microsoft Q&A forum.
Could we know if we make some changes before getting this approval message? For example, did we enable SSL authentication?
Have a nice day!
If the response is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.
From the description, "In SSL, but with no client cert." Have we chosen use HTTPS option? If we choose it, the server must have a valid PKI web server certificate. Generally speaking, our DP has two certificates. When communicating with the client to be deployed, this client will obtain the certificate from our DP. Another certificate is used for site server and MP.
Have a good day!
If the response is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.
I have reviewed this case again. The phenomenon is really strange, and i did a lot of researches in my lab, unfortunately, it is normally in my lab. As we mentioned that it was suddenly required approval, as the forum cannot perform the test due to limited resource, i will try the best to deliver this information to the product team to see if they have some additional comments, but not guaranteed. once there is a reply, i will get back to you at the first time. thank you for your kind understanding.
To get better support, I suggest you call Professional Support Services so that a dedicate engineer will help us solve this issue in a more efficient way. Thank you for your understanding.
To obtain the phone numbers for specific technology request please take a look at the web site listed below.
https://support.microsoft.com/en-us/help/13948/global-customer-service-phone-numbers
Thank you very much for your kind understanding.
I am also running into this issue.