Re: SMS 2003: advanced client won't start, CryptGenKey failed error

Hi David,

does that help you out:
http://www.microsoft.com/technet/prodtechnol/sms/sms2003/maintain/managepoint/management_point_4.mspx
Just search for "Failed to create certificate".

Torsten
Microsoft MVP - SMS

<dmcheng1@xxxxxxxxx> wrote in message
news:1144781742.718330.213710@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
Hello. I'm running SMS 2003 (no SP) on Windows 2003 (no SP) servers.
Our clients are Windows XP SP2 machines.

I'm still having problems with some machines where the Advanced Client
will not start. The errors in ccm.log are:

<![LOG[CryptGenKey failed: 0x80070057]LOG]!><time="11:08:28.606+300"
date="03-10-2005" component="CcmExec" context="" type="3" thread="2088"
file="ccmgencert.cpp:541">
<![LOG[Failed to create certificate
80070057]LOG]!><time="11:08:28.606+300" date="03-10-2005"
component="CcmExec" context="" type="3" thread="2088"
file="ccmgencert.cpp:619">
<![LOG[CCMDoCertificateMaintenance failed
(0x80070057).]LOG]!><time="11:08:28.606+300" date="03-10-2005"
component="CcmExec" context="" type="3" thread="2088"
file="ccmgencert.cpp:1253">
<![LOG[Phase 0 initialization failed
(0x80070057).]LOG]!><time="11:08:28.606+300" date="03-10-2005"
component="CcmExec" context="" type="3" thread="2088"
file="entrypoint.cpp:1741">
<![LOG[Service initialization failed
(0x80070057).]LOG]!><time="11:08:28.606+300" date="03-10-2005"
component="CcmExec" context="" type="3" thread="2088"
file="entrypoint.cpp:1778">

I've tried the obvious steps already: run ccmclean and ccmdelcert, set
the System permissions on the MachineKeys directory. I've run the
Certificates MMC plug-in but I don't see any SMS certificates in it.

This is occurring with different machines in different sites. However,
other machines are working fine.

Any ideas how to fix this? There don't seem to be any good answers for
this on the web.

David



.

Relevant Pages

  • Re: Need help badly!!! Please....
    ... systems that are XP 6 have been established as clients and assigned the site ... Why would my XP machines not have the same errors, but still not show up as ... DTSJob in state 'RetrievedData'. ... > ccmdelcert is what you need for the certificate error below. ...
    (microsoft.public.sms.admin)
  • Re: Problem with Certificate and Encryption
    ... the 'format' does not offer NTFS but if you use 'CONVERT ... Certificate, I have deleted it and had the system re-create new one. ... > Adding users is going to be a little complicated unless the machines are in> a domain and can guarantee that the users> will always use the same certificates. ... The encryption method seem to be> same ...
    (microsoft.public.windowsxp.security_admin)
  • Re: Problem with Certificate and Encryption
    ... All the machines are XP. ... The encryption method seem to be same ... > the certificate and that you are using the ... >> of Authenticity that comes from the originating PC's ...
    (microsoft.public.windowsxp.security_admin)
  • Re: creating PKI certificates without using a FQDN in the Name field
    ... The servers and PCs that are needing monitoring are all standalone. ... seen so far says that to create the certificate for the non-domain machines, ... How can you use and FQDN for a machine that is not ... as a URL to connect to, the browser will complain, and possibly prevent connection to the site unless the site gives back a certificate whose CN value is "www.example.com". ...
    (microsoft.public.security)
  • Re: IE6SP1 on Windows2000, SSL, client authentication, 403.7 and so on and so on.
    ... client certificate selection when no certificates or only one certificate ... My web application redirects user to custom SSO ... SSO requires client to authenticate with client certificate. ... On XP client machines with IE6SP2it does not happened. ...
    (microsoft.public.windows.inetexplorer.ie6.browser)