4. June 2013 07:26
During a ConfigMgr 2012 SP1 client deployment I had problems with one client on a Windows Server 2003.
It seemed like the client installed correctly but it would not communicate with the management point.
I looked in the log files and found the following:
ClientIDManagerStartup.logRegTask: Failed to get certificate. Error: 0x80004005CertificateMaintenance.log
CryptGenKey failed: 0x80070005
Failed to create certificate 80070005
CCMDOCertificateMaintenance() failed (0x80070005)
I could also notice that there were no SMS certificates in the local computer certificate store.
I asked Google for an answer to the problem and found several posts like this one suggesting to delete all files in the "C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys" folder and then restart the SMS Agent service. This solution had helped several people but in my case it did not work.
Instead the information here guided me to the solution.
When the SMS Agent host service was restarted it recreated a certificate (19c5cf9c7b5dc9de3e548adb70398402_6ee5afbf-3882-4a52-8ad4-1ef3db2563ee) in the above mentioned folder but it turned out that it had the wrong access permissions. I gave "System" full control to the file and restarted the SMS Agent Host service again and now the SMS certificates were created and the ConfigMgr client could communicate with the MP as it should.