Solution for The certificate specified in the registry at HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Microsoft Operations Manager\3.0\Machine Settings cannot be used for authentication. The error is The credentials supplied to the package were not recognized(0x8009030D)

 

Certificates. Fairly easy to setup if you do it from scratch, but if something fails at some point, it can be a little tricky to troubleshoot. Today, I had one of the moments. At a customer we had a running OpsMgr environment with three gateway servers in the DMZ and some agents also in the DMZ, everything running smooth for a couple of months. Now, all of a sudden, no gateway servers could authenticate. We had changed nothing, we could telnet, the certificates weren’t expired etc. Weird!

 

On the management server I then noticed this error:

Source: OpsMgr Connector

Type: Error

Event ID: 21036

The certificate specified in the registry at HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Microsoft Operations Manager\3.0\Machine Settings cannot be used for authentication. The error is The credentials supplied to the package were not recognized(0x8009030D).

 

I went to HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Microsoft Operations Manager\3.0\Machine Settings and confirmed the ChannelCertificateSerialNumber matched the SerialNumber of the certificate. I also ran MOMCertimport.exe on all servers to confirm they all still had the server certificate.

Resolution:

The only thing I didn’t do was re-importing the management server certificate, so I went to my management server and executed:

MOMCertImport.exe OM01.hq.com.pfx

In a matter of seconds all gateway servers started communicating with the management server! Honestly, im not sure why this was necessary as it wasn’t expired and it was still registrered in MOMCertImport.

 

Happy re-MOMCertImport-ing!

By | 2013-02-19T12:25:53+00:00 February 19th, 2013|Operations Manager (SCOM)|4 Comments

About the Author:

Michael Skov
Yet another guy loving the System Center products. My primary focus is on Operations Manager, which i have worked with for some years now - still loving it.Certifications:Microsoft Certified Solution Expert Private Cloud (MCSE)Microsoft Certified Solutions Associate Windows Server 2008 (MCSA)Microsoft Certified Technology Specialist Windows Server 2008 R2, Server Virtualization

4 Comments

  1. prabhu February 22, 2013 at 6:19 - Reply

    Hi,

    I am facing similar issue and this resolution doesn’t work.

    Regards,
    Prabhu

  2. Michael Skov
    Michael Skov February 22, 2013 at 9:32 - Reply

    Hi Prabhu
    Did you run the MOMCertImport with the server certificate already exported? If so, try exporting the server certificate from the mmc and reimport it.

    Regards
    Michael

  3. Daniel March 24, 2015 at 13:17 - Reply

    Hi,

    thanks for this post. Initially this didn’t work, but i reimported the certificate in the mmc and then ran the command. After a few seconds the gateway server appeared in SCOM!

    thanks!

  4. Gautam January 27, 2016 at 11:51 - Reply

    Hi Michael,

    Nice one. I had this issue today on one of the workgroup agent. How ever as this was a production environment i just re ran the MOMCERTIMPORT.EXE only on the agent and it dint help.

    I could not do it on the management server as it was a production server and many critical things were getting monitored.

    What i did to solve this issues.

    1. On the Agent i saw that Some one deleted the Root certificate of my CA which issued the SCOM Cert, So i got that imported
    back.

    2. I went to HKEY_LOCAL_MACHINESOFTWAREMicrosoftMicrosoft Operations Manager3.0Machine Settings, I deleted the folder Machine Settings its self and re-installed the agent.

    3. I deleted the client cert from the personal store, Re-ran momcertimport.exe Mycert.pfx, then entered the password.

    Post doing the above 3 it started reporting back healthy.

Leave A Comment