SYMPTOMS: When PXE booting a system you see a 'permission denied' error. If you lookup the iPXE error URL ( you will see that it's caused by the Certificate expiring


WORKAROUND 1 - Disable HTTPS mode for the 2PXE Server

This workaround can be performed using current versions of 2PXE

In order to continue using the 2PXE service, two components need to be reconfigured.

1. HTTPS mode must be disabled on the 2PXE server. This is a simple Configuration file edit.

<add key="HttpHostNameBindings" value="https://*"/>

Replace with

<add key="HttpHostNameBindings" value="http://*"/>

2. The Distribution Point from where Boot Images are downloaded should be configured for Anonymous Access

This can be configured within MEMCM - Administration >> Distribution Points - Navigate to the DP you use for 2PXE, and on the 'Communication' tab, select HTTP and 'Allow clients to connect anonymously'

IMPORTANT: This change is only required for the DP hosting the Boot Images for download via 2PXE - there is no need to change any other MEMCM configuration (i.e. HTTP/HTTPS mode etc.)



IMPORTANT: Please note that this workaround requires an updated version of the iPXE WinPE Client which can be downloaded from here >>

Copy the updated iPXEWinPEClient.exe files to \Program Files\2Pint Software\2PXE\Boot\x86 and x64, then restart the 2PXE service. No need to restart the server.


WORKAROUND 2 - Disable Secure Boot on the target client systems

This workaround requires a new installation of 2PXE which can be obtained by emailing us at 

If you want to continue using HTTPS mode with 2PXE, install the latest 2PXE server (version 2.9)

Unfortunately, this version does NOT support Secure Boot mode. Secure Boot should be turned off prior to PXE booting the system.

It can then be enabled from within the Task Sequence if required. More information on how to achieve this to follow.


thanks for your patience - the 2Pint Team