I am trying to remove the NAA account from my SCCM since we are fully HTTPS now, and theoretically the NAA account is not necessary anymore. However, the moment I remove the account, OSD fails on the "Apply Operating System Image" step.
Troubleshooting I have done so far:
- Verify that the OS package is NOT set to "access content directly from the DP" in the task sequence step options.
- OS image package is NOT set to "copy the content in this package to a package share on DPs" in data access tab.
- Task sequence DP deployment option is set to "Download content locally when needed by the running task sequence".
- Recreate client certificate for DP according to the PKI certificate requirements.
- Redistribute boot image to the DP after recreating client certificate.
- Verified that IIS cert is bound.
- Verified root cert is installed in SCCM primary site.
- DP and IIS certs are assigned to the DP server.
- Boot image has been recreated and distributed to DP.
- Windows Authentication IIS feature is installed and enabled on the DP.
- IIS Services are running on the DP, including ASP.Net state service.
In the smsts.log on the client I'm getting the errors in the attached pictures.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(169.60000000000002, 57.00000000000001%, 26%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EGC%3C/text%3E%3C/svg%3E)