After securing a customer’s internal SCCM communication using HTTPS and explaining the requirements to secure all of their remaining distribution points, their SCCM admin working on OSD said he is unable to perform a build.
The behaviour exhibited was he could select a task sequence and it would start however as soon as the first package needed to be downloaded it failed with an 0x80070002 error.
Looking through the SMSTS showed the cause of the issue. The key error is the SMSTS is actually not even in red “Error. Received 0x80072efd from WinHttpSendRequest.” Followed by: socket ‘connect’ failed; 8007274d
This was repeated three times as expected as it first tries to download using HTTPS then HTTP and finally SMB.
The troubleshooting steps I performed were the following:
Checking in ConfigMgr that the distribution point had been configured with the certificate and it had.
Opening the certificate store on the distribution point in question and selecting Computer Account > Personal > Certificates. This showed the correct Server Authentication certificate was present.
Checking IIS showed that the default website had no binding for https protocol at all.
Add a new binding and select HTTPS.
Then select an SSL certificate and providing you have correctly issued/installed the server authentication certificate then it should appear in the dropdown to select.
You can confirm it’s the correct certificate by select the View button.
Apply the changes and perform and IISRESET and the task sequence for deployment is now working from the local distribution point.