PENDING Deployments fail (Sending with winhttp failed , Task Sequence Failed on Windows and ConfigMgr Setup)

[DismayedMoose]

Hello everyone,

We are suffering for over a month and a half a couple of errors that randomly renders our deployments impossible.
It all started after upgrading SCCM from 2207 to 2309 and then 2403.
Since then the following errors happen at random on our different worksites and at different times during the deployments :
Sending with winhttp failed (0x80072EE7) and Task Sequence Failed on Windows and ConfigMgr Setup (0x80004005).

We tried the following :

• Redistributed the boot image content using the WinPE source, including the latest drivers (only network and storage)
• Temporarily removed the Network component (WinPE-Dot3Svc) from the boot image and redistributed the boot image
• Increased the storage capacity of all the SCCM servers
• Restart all the SCCM servers
• Checked MP/Site, DPs and clients logs
• Checked that the SSL parameter is set to IGNORE on SMS_DP_SMSPKG$ IIS folders
• Fixed NTFS and Share rights on our data folder (site and system machines accounts had disappeared)
• Repackaged the Configuration Manager Client
• Temporarily disabled the worksite/mp's firewall and antivirus
• Ensured that the spawning tree port fast was enable on switches ports used during the deployments
• Checked Ip Helpers were set as DHCP servers are in different Vlans
• Temporary increased our DHCP lease to 4h
• Checked DHCP logs
• Checked internal and data centers firewalls (allowed port 500 but no changes)
• Deleted all drivers and made and redistributed the bare minimum drivers for tree models
• Performed a Content Library cleanup and redistributed necessary content
• Redistributed all the task sequence dependencies
• Checked that certificates are up to date in SCCM and Certificate Manager
• Looked into the Communication Security site system settings
  We are using 'HTTPS or EHTTP' - Checked Use PKI client certificateAnd checked Clients check the certificate revocation without any Root CA specified

Please find attached anonymized smsts.log for more details on the 0x80072EE7 error.

Is this a problem to use EHTTP without Root CA?

And is there anything stated above we should triple check or anything we haven't tried yet that comes to mind?

Regards,

 

[DismayedMoose]

Anyone?

 

[DismayedMoose]

We have set Windows and ConfigMgr Setup step to Bypass to focus on the Sending with Winhttp Failed error and discovered something interesting :
Virtual Machines installations made from Vmware infrastructure even though using the exact same VLAN never have the Sending with Winhttp Failed error.

 

[izanagi76]

Hi @DismayedMoose,
I'm experiencing the exact same random issue you described (about 30% failure rate on our side). I'm using the same SCCM configuration (version 2403), and the error occurs at the same TS step.

Were you finally able to find a solution ?

I'd really appreciate your feedback.

Thanks a lot for your help

Iz.

 

[Stanley Road]

Your TS says Failed to select MP
During install bring up the cmd prompt and see if you can pint the MP either by netbios or fqdn

 

[DismayedMoose]

Hello,
We found a solution : add the latest Realtek driver to our boot image and inside the driver sub task sequence.