In SCCM 2012 R2 SP1 CU2 hierarchy, we started facing an odd issue and that is Task Sequence Boot Media creation was failing with error code 0x800b0108. We were able to reproduce the issue in different SCCM 2012 primary servers in the environment. Microsoft CSS engineer mentioned that might be a known issue. This problem occurs if you have a greater number amount of Global Accounts in the SCCM console. He also mentioned that if the following query returns a value greater than 31000 and then we may have known issues with TS/Boot Media creation. Before using the query mentioned below please change the “site_code” with your SCCM 2012 primary server or CAS server site code. The query was returning us 36619 columns and this was way above the recommended value.
The error while creating Task Sequence Media
Media creation failed with error message: 'A certificate is missing or has an empty value for an important field, such as a subject or issuer name.'Refer to CreateTsMedia.log file to find more details.
select DATALENGTH (SMS_SCI_SiteDefinition.Props),SMS_SCI_SiteDefinition.Props from vSMS_SC_SiteDefinition_SDK AS SMS_SCI_SiteDefinition where SMS_SCI_SiteDefinition.SiteCode = 'SITE_CODE' AND SMS_SCI_SiteDefinition.ItemName = 'Site Definition'
On Create Task Sequence Media wizard select “Boot Media” – Creates media used to deploy OS using ConfigMgr infrastructure.
On the next page “Select how media finds a management point” select Dynamic media The Media contacts a SCCM 2012 MP which redirects the client to a different management point based on the client in the boundaries.
On the following page “Specify the media type” on SCCM Create Task Sequence Media Wizard, specify file name and path location of ISO file will be written.
On this page “Select the security settings of the media“:- we can enable unknown computer support, Protect media with a password, create self-signed media certificate and Set User Device affinity.
On the next two pages on this wizard, you can specify the boot media file, DP and MP details. When you have any customization requirement, you can perform customization this page.
The task sequence media creation wizard fails straight in the completion screen with following error “The Create Task Media Wizard completed with errors“. More details Media creation failed with error message: ‘A certificate is missing or has an empty value for an important field, such as a subject or issuer name.’Refer to CreateTsMedia.log file to find more details.
More details of the error is available in the following log file C:\Program Files\Microsoft Configuration Manager\AdminConsole\AdminUILog\CreateTsMedia.log
Could not find the trusted root key of site MH0 in WMI CreateTsMedia 1/12/2016 8:01:52 AM 24732 (0x609C) MediaGenerator::~MediaGenerator() CreateTsMedia 1/12/2016 8:01:52 AM 24732 (0x609C) Failed to create media generator (0x800b0108) CreateTsMedia 1/12/2016 8:01:52 AM 24732 (0x609C) CreateTsMedia failed with error 0x800b0108, details='' CreateTsMedia 1/12/2016 8:01:52 AM 24732 (0x609C) Media creation process that was started from Admin Console completed. CreateTsMedia 1/12/2016 8:01:52 AM 12676 (0x3184) CreateMedia.exe finished with error code 800b0108 CreateTsMedia 1/12/2016 8:01:52 AM 12676 (0x3184)
So what was the solution for this issue. We removed/cleaned up the accounts from SCCM 2012 console “\Administration\Overview\Security\Accounts“
After the clean up of accounts, the SQL query mentioned in the starting of the post returned 30391 columns and that is fine as per the Microsoft. So this resolved the TS Media creation issue.
We reduced and removed loads of accounts from SCCM 2012 console to get to the above value 30391. However, we still get following errors in SMSProv.log and the TS boot media creation still fails.
SQL MESSAGE: - String data, right truncation 05.02.2016 16:30:10 10040 (0x2738) Results returned : 1 of 2 05.02.2016 16:30:10 10040 (0x2738) Removing Handle 25421000 from async call map 05.02.2016 16:30:10 10040 (0x2738)
CSS engineer confirmed that this is known issue with SCCM 2012 R2 SP1 CU2 and this is fixed in SCCM current branch version (1511)? Still question mark…I have not tested this in 1511 or 1602. The workaround for this issue is to reduce the number of global accounts used in SCCM 2012.
Another possibility is to look for Tombstoned Accounts in you SCCM environment and try to remove those ! Sample SQL query to find the Tomb Stoned accounts in SCCM 2012 environment.
SELECT * from ActiveDirectoryForests where Tombstoned = ‘1’