when it is a certificate problem , first thing is to check client log and mainly "CertificateMaintenance.log" file
As you can see, there is not a lot of logs on this computer
open now CertificateMaintenance.log
We can see a lot of error
Creating Signing Certificate...
Failed to create certificate 8009000f
CCMDoCertificateMaintenance() failed (0x8009000f).
Raising pending event:
instance of CCM_ServiceHost_CertificateOperationsFailure
{
DateTime = "20180622091556.352000+000";
HRESULT = "0x8009000f";
ProcessID = 7796;
ThreadID = 2276;
};
CCMDoCertificateMaintenance() raised CCM_ServiceHost_CertificateOperationsFailure status event.
I know that there is a lot articles about this problem. I will not reinvent the wheel, so internet search find me fastly the same problem: https://teknikewl.wordpress.com/2013/08/05/client-fails-to-create-certificate/ or http://www.itreliable.com/wp/sccm-client-certificate-none-issue/
I already resolved this problem but this time I do an explanation for everyone
As screenshot show there is a difference between normal MachineKeys permissions below
and permissions on computer with certificate problems. Everyone and Administrators are applies to "this folder only" but user MYUSER has "This folder,subfolders and files"
Problem is you SHOULD have rights for SYSTEM as below to permit local system to read certificate file
No comments:
Post a Comment