Working at a client troubleshooting some weird ConfigMgr (not SCCM) client agent issues. Basically, there are a handful of systems, all laptops, that just dropped out of ConfigMgr. Reviewing the ExecMgr log shows that the last activity was the installation of Outlook 2010 via an advertisement that completed successfully requiring a reboot. After that, nada.
After reviewing a few logs, I came upon this in ClientIDManagerStartup.log repeating over and over:
RegTask: Failed to get certificate. Error: 0x80004005
Failed to find the certificate in the store, retry 1.
Failed to find the certificate in the store, retry 2.
Failed to find the certificate in the store, retry 3.
Failed to find the certificate in the store, retry 4.
Failed to find the certificate in the store, retry 5.
Already refreshed within the last 10 minutes, Sleeping for the next 9 minutes before reattempt.
This looked like a certificate issue so I opened up the certificate store using MMC. And something else strange: only one SMS certificate in the SMS store. I deleted this one and only SMS certificate and restarted the client agent. Same result.
Next step was to examine the actual file containing the certificates from the file system. Based on some research and this thread (http://social.technet.microsoft.com/Forums/en/configmgrsetup/thread/f5fd16e0-ca2a-40b0-9989-ee15da21f423), the file (on XP) is located at C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSAMachineKeys and is always called 19c5cf9c7b5dc9de3e548adb70398402_50e417e0-e461-474b-96e2-077b80325612.sys. I checked permission as described in the forum thread, but those appeared correct. So I decided to delete the file and restart the agent. And like magic, all was right with the world again … at least for this agent. 10 to 20 more to go.
I have no idea what caused these certificates to become corrupted. One thing I did notice on all these systems was “Malwarebytes” so malware is a high probability. Another possibility is user “intervention” as these were all laptops that had just finished installing Outlook 2010.
