SMS Enrollment failed to read certificate

• Question

• 

  

  0

  Sign in to vote

  Trying to configure certificates on SCCM 2012 (1606) and finding the except below in my CertMgr.Log. None of my clients are currently talking, and while I'm able to install new agents, they do not register. I followed the guides on technet, and went back through my steps with the guide from prajwaldesai.com, but I'm not finding the culprit. IIS has the intranet SSL cert configured and it shows a 'happy' encryption config when I test it via IE. Any thoughts?

  Log Excerpt:

  Updated the certificate in the database 3  $$<SMS_CERTIFICATE_MANAGER><01-30-2017 08:25:39.987+480><thread=6128 (0x17F0)>
  InitializeMPCertificate() - Successfully Handled signing cert (SysResUseID = 3) update or insert.  $$<SMS_CERTIFICATE_MANAGER><01-30-2017 08:25:39.994+480><thread=6128 (0x17F0)>
  servers will be polled in 82 seconds...  $$<SMS_CERTIFICATE_MANAGER><01-30-2017 08:25:40.003+480><thread=6128 (0x17F0)>
  Detected a change to the "F:\Program Files\Microsoft Configuration Manager\inboxes\certmgr.box" directory.  $$<SMS_CERTIFICATE_MANAGER><01-30-2017 08:25:41.728+480><thread=6128 (0x17F0)>
  ~Found notification file F:\Program Files\Microsoft Configuration Manager\inboxes\certmgr.box\21_sccmSvr.hiddenname.org.CMN  $$<SMS_CERTIFICATE_MANAGER><01-30-2017 08:25:41.735+480><thread=6128 (0x17F0)>
  CertManagerUtility::SwapCertificates for role (SMS Enrollment Web Site) on server (sccmSvr.hiddenname.org)  $$<SMS_CERTIFICATE_MANAGER><01-30-2017 08:25:41.747+480><thread=6128 (0x17F0)>
  Found intranet FQDN (sccmSvr.hiddenname.org) of server (sccmSvr.hiddenname.org).  $$<SMS_CERTIFICATE_MANAGER><01-30-2017 08:25:41.758+480><thread=6128 (0x17F0)>
  Failed to read certificate, will retry in 30 seconds.  $$<SMS_CERTIFICATE_MANAGER><01-30-2017 08:25:41.765+480><thread=6128 (0x17F0)>
  Failed to read certificate, will retry in 30 seconds.  $$<SMS_CERTIFICATE_MANAGER><01-30-2017 08:26:11.772+480><thread=6128 (0x17F0)>

  Monday, January 30, 2017 4:40 PM