Client Fails to Create Certificate

August 5, 2013

Problem Description:

Configuration Manager 2012 client does not create a Client certificate

CertificateMaintenance.log shows the following entries:

Crypt acquire context failed with 0x8009000f.
CCMDoCertificateMaintenance() failed (0x8009000f). Raising pending event: instance of CCM_ServiceHost_CertificateOperationsFailure {DateTime = “20130730192131.135000+000”; HRESULT = “0x8009000f”; ProcessID = 6024; ThreadID = 5512; };
CCMDoCertificateMaintenance() raised CCM_ServiceHost_CertificateOperationsFailure status event.

Cause:

Permissions are not correct on the 19c5cf key located in C:\Users\All Users\Microsoft\Crypto\RSA\MachineKey

Resolution:

On the management point server you perform the following steps

Open Windows Explorer and navigate to C:\Users\All Users\Microsoft\Crypto\RSA\MachineKey
Change security settings on the 19c5cf key to include local administrators
Restart the SMS Agent Host service
Verify that your client has created a self-signed certificate

From → Configuration Manager 2012, System Center 2012

2 Comments

Hanson Cheng permalink

Thank you for the article! It fixed my issue as a magic.

Reply

Trackbacks & Pingbacks

SCCM Client Certificate None Issue – IT Reliable

Client Fails to Create Certificate

Problem Description:

Cause:

Resolution:

Trackbacks & Pingbacks

Leave a comment Cancel reply

Categories

Search

Archives

Twitter Updates

Client Fails to Create Certificate

Problem Description:

Cause:

Resolution:

Share this:

Related

Trackbacks & Pingbacks

Leave a comment Cancel reply

Categories

Search

Archives

Twitter Updates