This time I was working with a customer on a System Center Configuration Manager Update. The error message was: “MP has rejected the request because CD(SMSID = blablabla) certificate has expired. For a few minutes I had an idea that this could be a broken client (long day), this lead me into the SCCM database for troubleshooting.
ClientAuth.log showed error:
Client ‘cbc4f875-1194-401f-b979-890454806b5a’ is unknown or has an invalid key registered in the database.
Status Message Warning (SMS_MP_Control_Manager):
The ”ClientKeyData” Table in the SCCM database contains information, about internal SCCM certificates like PXE but also self-signed client certificates.
I ran this SQL Query: “select SMSID,ValidUntil,AgentType from dbo.ClientKeyData” this returned the SMSID alerted in the Status Message. I also noticed that AgentType was set to 1, this seems to be 1 if it’s related to SCCM servers or roles.
This lead me into the SCCM certificates, I found that one of the PXE certificates on a DP had expired. Easy fix but a backwards way to find out. Therefore, if you ever see this warning I recommend you to check the certificates node in the monitoring tab in SCCM first.