This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(153.6, 89%, 24%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ETA%3C/text%3E%3C/svg%3E)
Running SCCM 1910, we have successfully deployed an OS many times over the course of a month. Now, all of the sudden, when PXE booting we are seeing a Waiting for approval message. All other troubleshooting aside, my last ditch effort was to remove deployment-related content from the Distribution Point, remove the PXE role, restart the DP, enable PXE, and distribute content. No change.
The log on the DP shows the DHCP request, the boot image request and send and basically just repeats this section over and over, incrementing the SMSTemp var file number:
<![LOG[Packet: Operation: 2 (reply), AdrType: 1, AdrLen: 6, HopCount: 0, TransactID: 0001e240, BootTime: 65535, Addr: 00:15:5d:0d:86:06:00:00:00:00:00:00:00:00:00:00, HostName: , BootFile: smsboot\AZ100005\x64\bootmgfw.efi, ClientIP: 10.1.21.25, HostIP: 0.0.0.0, ServerIP: 10.1.15.115, RelayIP: 0.0.0.0
Options:
53, 1, MsgType: 05, ack
54, 4, SvrID: 0a 01 0f 73
97, 17, UUID: 00 70 0f 2b f1 dc a7 f8 49 a4 f6 80 9d 4e d0 ac 3a
60, 9, ClassID: PXEClient
243, 38, '': 02 00 01 16 53 4d 53 54 65 6d 70 5c 30 30 30 30 30 30 30 30 31 35 2e 76 61 72 03 0a 41 5a 30 31 53 43 43 4d 44 50
252, 32, '': 53 4d 53 54 65 6d 70 5c 41 5a 31 30 30 30 30 35 2d 30 30 30 30 30 2d 30 30 30 30 30 2e 62 63 64]LOG]!><time="11:23:08.805+420" date="12-08-2020" component="SCCMPXE" context="" type="1" thread="836" file="pxeserver.cpp:288">
<![LOG[PXE: Sending reply to 10.1.21.25, PXE.]LOG]!><time="11:23:08.805+420" date="12-08-2020" component="SCCMPXE" context="" type="1" thread="836" file="pxeserver.cpp:48">
<![LOG[Packet: Operation: 1 (request), AdrType: 1, AdrLen: 6, HopCount: 0, TransactID: 0001e240, BootTime: 65535, Addr: 00:15:5d:0d:86:06:00:00:00:00:00:00:00:00:00:00, HostName: , BootFile: , ClientIP: 10.1.21.25, HostIP: 0.0.0.0, ServerIP: 10.1.15.115, RelayIP: 0.0.0.0
Options:
93, 2, Arch: 00 07
97, 17, UUID: 00 70 0f 2b f1 dc a7 f8 49 a4 f6 80 9d 4e d0 ac 3a
53, 1, MsgType: 03, request
60, 9, ClassID: PXEClient
55, 9, ParamRequestList: 3c 80 81 82 83 84 85 86 87
250, 21, Extension: 0c 01 01 0d 02 08 00 01 02 00 07 0e 01 01 05 04 00 00 00 00 ff]LOG]!><time="11:23:29.658+420" date="12-08-2020" component="SCCMPXE" context="" type="1" thread="8004" file="pxeserver.cpp:288">
<![LOG[PXE: Packet from 10.1.21.25 (PXE, 00:15:5D:18:16:06, 10.1.15.115).]LOG]!><time="11:23:29.658+420" date="12-08-2020" component="SCCMPXE" context="" type="1" thread="8004" file="pxeserver.cpp:479">
<![LOG[PXE: 00:15:5D:0D:86:06: Operation=1, MessageType=3, Architecture=7, Continuation=1]LOG]!><time="11:23:29.658+420" date="12-08-2020" component="SCCMPXE" context="" type="1" thread="1084" file="mp.cpp:37">
<![LOG[PXE: 00:15:5D:0D:86:06: Parsed a request (continuation) packet.]LOG]!><time="11:23:29.658+420" date="12-08-2020" component="SCCMPXE" context="" type="1" thread="1084" file="mp.cpp:37">
<![LOG[PXE: 00:15:5D:0D:86:06: F12B0F70-A7DC-49F8-A4F6-809D4ED0AC3A: Client is 64-bit, UEFI, WDS.]LOG]!><time="11:23:29.658+420" date="12-08-2020" component="SCCMPXE" context="" type="1" thread="1084" file="mp.cpp:37">
<![LOG[SSL, using authenticator in request.]LOG]!><time="11:23:29.673+420" date="12-08-2020" component="SCCMPXE" context="" type="1" thread="1084" file="libsmsmessaging.cpp:10159">
<![LOG[In SSL, but with no client cert.]LOG]!><time="11:23:29.673+420" date="12-08-2020" component="SCCMPXE" context="" type="1" thread="1084" file="libsmsmessaging.cpp:10180">
<![LOG[SSL, using authenticator in request.]LOG]!><time="11:23:29.720+420" date="12-08-2020" component="SCCMPXE" context="" type="1" thread="1084" file="libsmsmessaging.cpp:10159">
<![LOG[In SSL, but with no client cert.]LOG]!><time="11:23:29.720+420" date="12-08-2020" component="SCCMPXE" context="" type="1" thread="1084" file="libsmsmessaging.cpp:10180">
<![LOG[Client Boot Get ID Info reply: <ClientIDReply><Identification Unknown="0" DuplicateSMBIOS="0" DuplicateMACAddress="0" ItemKey="0" ServerName=""><Machine><ClientID/><NetbiosName/></Machine></Identification><ClientIDInfo ItemKey="0" ClientID="" DuplicateSMBIOS="0" DuplicateMACAddress="0" MatchType="0"/></ClientIDReply>
]LOG]!><time="11:23:29.751+420" date="12-08-2020" component="SCCMPXE" context="" type="1" thread="1084" file="libsmsmessaging.cpp:7738">
<![LOG[PXE: 00:15:5D:0D:86:06: System records:]LOG]!><time="11:23:29.751+420" date="12-08-2020" component="SCCMPXE" context="" type="1" thread="1084" file="mp.cpp:37">
<![LOG[PXE: 00:15:5D:0D:86:06: 0, , SMBIOS ID is NOT a match, MAC Address is NOT a match.]LOG]!><time="11:23:29.751+420" date="12-08-2020" component="SCCMPXE" context="" type="1" thread="1084" file="mp.cpp:37">
<![LOG[PXE: 00:15:5D:0D:86:06: No valid system records.]LOG]!><time="11:23:29.751+420" date="12-08-2020" component="SCCMPXE" context="" type="1" thread="1084" file="mp.cpp:37">
<![LOG[PXE: 00:15:5D:0D:86:06: Client machine is UNKNOWN.]LOG]!><time="11:23:29.751+420" date="12-08-2020" component="SCCMPXE" context="" type="1" thread="1084" file="mp.cpp:37">
<![LOG[SSL, using authenticator in request.]LOG]!><time="11:23:29.783+420" date="12-08-2020" component="SCCMPXE" context="" type="1" thread="1084" file="libsmsmessaging.cpp:10159">
<![LOG[In SSL, but with no client cert.]LOG]!><time="11:23:29.783+420" date="12-08-2020" component="SCCMPXE" context="" type="1" thread="1084" file="libsmsmessaging.cpp:10180">
<![LOG[SSL, using authenticator in request.]LOG]!><time="11:23:29.814+420" date="12-08-2020" component="SCCMPXE" context="" type="1" thread="1084" file="libsmsmessaging.cpp:10159">
<![LOG[In SSL, but with no client cert.]LOG]!><time="11:23:29.814+420" date="12-08-2020" component="SCCMPXE" context="" type="1" thread="1084" file="libsmsmessaging.cpp:10180">
<![LOG[Client Boot TS reply: <ClientIDReply><Identification Unknown="0" DuplicateSMBIOS="0" DuplicateMACAddress="0" ItemKey="2046820353" ServerName=""><Machine><ClientID/><NetbiosName/></Machine></Identification><TSInfo DeploymentID="AZ120016" PkgID="AZ1000A3" BootImageID="AZ100005" Architecture="9" Required="0" AlreadyRun="0" ForPXE="1" Disabled="0" PackageAvailable="1" FutureAvailability="0" Expired="0" UEFIArchitectureMismatch="0" ArchitectureMismatch="0"/></ClientIDReply>
]LOG]!><time="11:23:29.845+420" date="12-08-2020" component="SCCMPXE" context="" type="1" thread="1084" file="libsmsmessaging.cpp:7884">
<![LOG[PXE: 00:15:5D:0D:86:06: Task Sequence deployment(s) to unknown machines:]LOG]!><time="11:23:29.845+420" date="12-08-2020" component="SCCMPXE" context="" type="1" thread="1084" file="mp.cpp:37">
<![LOG[PXE: 00:15:5D:0D:86:06: AZ120016, AZ100005, 64-bit, optional, is valid.]LOG]!><time="11:23:29.845+420" date="12-08-2020" component="SCCMPXE" context="" type="1" thread="1084" file="mp.cpp:37">
<![LOG[PXE: 00:15:5D:0D:86:06: Using Task Sequence deployment AZ120016.]LOG]!><time="11:23:29.845+420" date="12-08-2020" component="SCCMPXE" context="" type="1" thread="1084" file="mp.cpp:37">
<![LOG[Saving Media Variables to "SMSTemp\0000000016.var"]LOG]!><time="11:23:29.845+420" date="12-08-2020" component="SCCMPXE" context="" type="1" thread="1084" file="tsremovablemedia.cpp:186">
Hi,
I am installing 20H2 version.
Today got same message.
Was testing windows 10 Task Sequence deployment, and, before going to PXE boot - I deleted computer record from both - AD and SCCM.
Seems, there is some delay needed for SCCM, if you delete PC record and trying to redeploy it with the same computer name. My colleague just recommended to wait a bit and try again and it worked.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(300.8, 45%, 39%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EAK%3C/text%3E%3C/svg%3E)
To resolve this, under the PXE settings for Distrobution Point:
Go to User Device Affinity. Then select the option:
"Allow user device affinity with automatic approval"
Thank you for posting in Microsoft Q&A forum.
Could we know if we make some changes before getting this approval message? For example, did we enable SSL authentication?
Have a nice day!
If the response is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.
There were no changes made to the config or any of the content. It just stopped working a few days after the last working deployment.
Thank for the reply.
Have we tried the following actions for a second time? Someone meet a similar problem and tried these actions and it has been resolved.
Here is the case link for us to refer to:
https://learn.microsoft.com/en-us/answers/questions/181727/sccm-current-branch-remove-wds.html
Have a good day!
Yes, I have tried those steps and others multiple times. No change in behavior.
From the description, "In SSL, but with no client cert." Have we chosen use HTTPS option? If we choose it, the server must have a valid PKI web server certificate. Generally speaking, our DP has two certificates. When communicating with the client to be deployed, this client will obtain the certificate from our DP. Another certificate is used for site server and MP.
Have a good day!
If the response is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.
HTTPS is in use and there is a valid PKI certificate installed on the DP. Since the deployment is to a blank unknown computer there is no client certificate installed.
Thank you for the reply.
The certificate that we installed on our DP is used to communicate with MP, when we have an environment with HTTPS only, the client must have a valid certificate for the client to communicate with the site and for the deployment to continue. Our unknown clients should have the PKI certificate when we import the certificate in the DP property.
They are fresh machines with no OS on them, how would they have a certificate? Beyond that, this worked just fine for many deployments before suddenly requiring approval. I'm just not clear how the HTTPS configuration is causing this behavior.
I have reviewed this case again. The phenomenon is really strange, and i did a lot of researches in my lab, unfortunately, it is normally in my lab. As we mentioned that it was suddenly required approval, as the forum cannot perform the test due to limited resource, i will try the best to deliver this information to the product team to see if they have some additional comments, but not guaranteed. once there is a reply, i will get back to you at the first time. thank you for your kind understanding.
To get better support, I suggest you call Professional Support Services so that a dedicate engineer will help us solve this issue in a more efficient way. Thank you for your understanding.
To obtain the phone numbers for specific technology request please take a look at the web site listed below.
https://support.microsoft.com/en-us/help/13948/global-customer-service-phone-numbers
Thank you very much for your kind understanding.
Thank you for your help.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(96, 45%, 19%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EGF%3C/text%3E%3C/svg%3E)
I am also running into this issue.