Client Fails to Create Certificate
Problem Description:
Configuration Manager 2012 client does not create a Client certificate
CertificateMaintenance.log shows the following entries:
Crypt acquire context failed with 0x8009000f.
CCMDoCertificateMaintenance() failed (0x8009000f). Raising pending event: instance of CCM_ServiceHost_CertificateOperationsFailure {DateTime = “20130730192131.135000+000”; HRESULT = “0x8009000f”; ProcessID = 6024; ThreadID = 5512; };
CCMDoCertificateMaintenance() raised CCM_ServiceHost_CertificateOperationsFailure status event.
Cause:
Permissions are not correct on the 19c5cf key located in C:\Users\All Users\Microsoft\Crypto\RSA\MachineKey
Resolution:
On the management point server you perform the following steps
- Open Windows Explorer and navigate to C:\Users\All Users\Microsoft\Crypto\RSA\MachineKey
- Change security settings on the 19c5cf key to include local administrators
- Restart the SMS Agent Host service
- Verify that your client has created a self-signed certificate
Thank you for the article! It fixed my issue as a magic.