“Signature check failed” error during OSD after moving SCCM to new hardware
Maybe the easiest way to create a complete backup of a SCCM site is to use some sort of disk imaging software.
This way you are certain that all drive letters, folder structures, accounts and so on are correctly restored if the need to do a complete restore of the site becomes necessary.
I had the opportunity to test a scenario where I restored a image of a Single Site - Primary Site Server to different, but identical hardware, and ran into some “interesting” issues.
The first one was no surprise, the SCCM server looked weird after the first boot up after the image had been applied. Collections and other items were missing from the console, so a Site restore using the ConfigMgr Site Repair Wizard was the next thing I figured had to be done.
The other issue was also as expected: I was unable to assign the IP and Nic name I wanted to the network cards and got a message that they were already assigned to other cards, so without any further investigation, I opened a elevated command prompt and entered “Set devmgr_show_nonpresent_devices=1″ and then “Start devmgmt.msc” to open the device manager. In the device manager i selected “View” and “Show hidden devices”.
The remains from the nic’s in the original hardware are listed in a “grayed out” view. All these can safely be deleted.
After this was taken care of I could configure my “new” nic’s with the necessary information needed to acces the domain.
I could now run the ConfigMgr Site Repair Wizard.
Running though the steps is pretty straight forward, but if you are going to run this on a system you have installed manually from scratch on new hardware- make sure you manually copy and backup the srvacct folder located at the root level of the ConfigMgr 2007 install location, to a location where it can be later restored, before you run the Site Repair Wizard.
If you are using a restored disk image of the original OS and SCCM, thankfully this is not relevant.
After this I gave it about 30 minutes before I started looking around, and lo and behold -All looked fine 
That was until I started deploying servers with the SCCM task sequences.
The machines would boot up on the task sequence boot media, but rather rapidly fail and trow this message in the smsts.log:
signature verification failed TSMBootstrap
ipCertContext != listpServerCertContext.end(), HRESULT=80004005
(e:\nts_sms_fre\sms\framework\osdmessaging\libsmsmessaging.cpp,2476)
TSMBootstrap
signature check failed: <signature> TSMBootstrap
DoRequest (sReply, true), HRESULT=80004005
(e:\nts_sms_fre\sms\framework\osdmessaging\libsmsmessaging.cpp,5010)
TSMBootstrap
Failed to get client identity (80004005) TSMBootstrap
So what is all this about then? More
