Friday, 28 February 2014

ConfigMgr 2012 DP - The self signed certificate could not be created successfully

Back to ConfigMgr main menu 

I was working on a new customer deployment of ConfigMgr 2012 - single primary site server with Management Point and Distribution Point selected during the installation.

Everything looked normal and all component status were green. However I had an issue with software distribution. When I looked at the status of the deployment I saw that the deployment was "waiting for content".

That would suggest a problem with the DP. I looked at the properties and found this error.

It looks like the self-signed certificate for the DP was not created during the installation. I tried to apply the settings but got this error.

I couldn't quite figure this out. I restarted the server and logged in again. This time I noticed that icons that I had placed on the desktop had disappeared. I did a little digging and found that I had been logged on using a temporary profile - I was using an account provided by the customer.

When creating certificates full access to save to your profile is required. Once I realized the problem I was able to solve the user profile issue. The next time I logged on to the server I was able to create the certificate.


1 comment:

  1. I just ran into this myself, but wasn't in a temp profile. You can track this error with Mark Russinovich' Procmon tool from Microsoft--typically, this type of error shows up as an access denied or name collision somewhere in a Crypto folder (the user's or the machine's). We ran into this on a server where someone fixing another issue had deleted the machine's RSA\MachineKeys folder. In my case, deleting the problem key from my user's profile fixed things.

    My hunch is that my key was derived from the machine, so once the machine's keys were recreated, my key could no longer be decrypted.