"Sending with winhttp failed; 80072f8f" error in Smsts.log during OS deployment by using bootable or prestaged media

Applies to: Microsoft Endpoint Configuration Manager (current branch)System Center Configuration Manager (current branch - version 1906)System Center Configuration Manager (current branch - version 1902)

Symptoms


You create bootable media or prestaged media in Configuration Manager. When the media is used to start the destination computer, the Task Sequence Wizard gets stuck at the Retrieving policy for this computer step for about 90 seconds, then returns the following error message:

The following error messages are logged in X:\Windows\Temp\SMSTSLog\smsts.log on the computer when the task sequence engine first tries to contact the management point to sync the time information:

After the initial error, the task sequence engine tries an additional four times to contact the management point, and experiences an increasing pause between each attempt. However, all attempts fail and return the same error messages before some final error messages are returned, as follows:

  • If the media is configured as dynamic media, the following final error messages are logged in Smsts.log:
     
  • If the media is configured as site-based, the following final error messages are logged in Smsts.log:

The following detail information applies to error 80072F8F:

Cause


This issue occurs if the following conditions are true:

  • You use PKI in your Configuration Manager environment.
  • You create the bootable media or prestaged media at the central administration site.
  • You configure your management points to use HTTPS.

If you use PKI in your Configuration Manager environment, the root certificate authority (CA) is specified at the primary site but not at the central administration site. Because the central administration site doesn't have the root CA information, the created media doesn't contain the root CA information. Therefore, requests that are sent to an HTTPS-enabled management point fail without the root CA information.

Resolution


To fix the issue, create the bootable media or prestaged media at a primary site instead of at the central administration site.

More information


For media that will be used across multiple sites, configure the media as dynamic media. You can create dynamic media at any site. You are not limited to creating it at the central administration site.

Author:
Writer: luche
Tech Reviewer:
Editor: v-jesits