Certificate [Thumbprint SOME THUMBPRINT] issued to 'CLientMachineName' doesn't have private key or caller doesn't have access to private key.
Hi, We are trying to get a client to communicate with the primary Config Manager Site System(MP/DP).
We have a Config Manager Client Template that was setup using this guide.
http://technet.microsoft.com/en-us/library/gg682023.aspx
We have a Client Cert on the primary site system server (primary config manager server) based on this template and it meets the requirements specified in this document
http://technet.microsoft.com/en-us/library/gg699362.aspx
Enhanced Key Usage value must contain
Client Authentication (1.3.6.1.5.5.7.3.2).
Client computers must have a unique value in the Subject Name field or in the Subject Alternative Name field.
SHA-1and SHA-2 hash algorithms are supported.
Maximum supported key length is 2048 bits.
The Cert that we generated for the client meets the same requirements and shows the exact same template id but has a different subject name and alternate name (which is the clients machine name).
With this setup, we still get the following error
Certificate [Thumbprint SOME THUMBPRINT] issued to 'CLientMachineName' doesn't have private key or caller doesn't have access to private key.
Both the site system and client have the same trusted root cert installed.
What are we missing or what can we check? Does the cert check process only need the client certs on both the site system and the client to be from the same template?
Here is a snippet of the clientidmanagerstartup.log
<![LOG[HTTPS is enforced for Client. The current state is 63.]LOG]!><time="15:02:32.057+300" date="03-12-2014" component="ClientIDManagerStartup" context="" type="1" thread="716" file="ccmutillib.cpp:395">
<![LOG[Begin searching client certificates based on Certificate Issuers]LOG]!><time="15:02:32.058+300" date="03-12-2014" component="ClientIDManagerStartup" context="" type="1" thread="716"
file="ccmcert.cpp:3833">
<![LOG[Certificate Issuer 1 [CN=THE_NAME_OFTHE_CA; DC=DOMAIN; DC=LOCAL]]LOG]!><time="15:02:32.058+300" date="03-12-2014" component="ClientIDManagerStartup" context="" type="1" thread="716"
file="ccmcert.cpp:3849">
<![LOG[Based on Certificate Issuer 'THE_NAME_OFTHE_CA' found Certificate [Thumbprint SOMETHUMBPRINT_1] issued to 'CLIENTMACHINENAME']LOG]!><time="15:02:32.082+300" date="03-12-2014" component="ClientIDManagerStartup"
context="" type="1" thread="716" file="ccmcert.cpp:3931">
<![LOG[Begin validation of Certificate [Thumbprint SOMETHUMBPRINT_1] issued to 'CLIENTMACHINENAME']LOG]!><time="15:02:32.082+300" date="03-12-2014" component="ClientIDManagerStartup" context="" type="1"
thread="716" file="ccmcert.cpp:1245">
<![LOG[Completed validation of Certificate [Thumbprint SOMETHUMBPRINT_1] issued to 'CLIENTMACHINENAME']LOG]!><time="15:02:32.085+300" date="03-12-2014" component="ClientIDManagerStartup" context="" type="1"
thread="716" file="ccmcert.cpp:1386">
<![LOG[Completed searching client certificates based on Certificate Issuers]LOG]!><time="15:02:32.085+300" date="03-12-2014" component="ClientIDManagerStartup" context="" type="1" thread="716"
file="ccmcert.cpp:3992">
<![LOG[Begin to select client certificate]LOG]!><time="15:02:32.085+300" date="03-12-2014" component="ClientIDManagerStartup" context="" type="1" thread="716" file="ccmcert.cpp:4073">
<![LOG[Begin validation of Certificate [Thumbprint SOMETHUMBPRINT_1] issued to 'CLIENTMACHINENAME']LOG]!><time="15:02:32.085+300" date="03-12-2014" component="ClientIDManagerStartup" context="" type="1"
thread="716" file="ccmcert.cpp:1245">
<![LOG[Certificate [Thumbprint SOMETHUMBPRINT_1] issued to 'CLIENTMACHINENAME' doesn't have private key or caller doesn't have access to private key.]LOG]!><time="15:02:32.086+300" date="03-12-2014" component="ClientIDManagerStartup"
context="" type="2" thread="716" file="ccmcert.cpp:1372">
<![LOG[Completed validation of Certificate [Thumbprint SOMETHUMBPRINT_1] issued to 'CLIENTMACHINENAME']LOG]!><time="15:02:32.086+300" date="03-12-2014" component="ClientIDManagerStartup" context="" type="1"
thread="716" file="ccmcert.cpp:1386">
<![LOG[Raising event:
instance of CCM_ServiceHost_CertRetrieval_Status
ClientID = "GUID:GUID";
DateTime = "20140312200232.090000+000";
HRESULT = "0x87d00283";
ProcessID = 6380;
ThreadID = 716;
]LOG]!><time="15:02:32.090+300" date="03-12-2014" component="ClientIDManagerStartup" context="" type="1" thread="716" file="event.cpp:706">
<![LOG[Failed to submit event to the Status Agent. Attempting to create pending event.]LOG]!><time="15:02:32.092+300" date="03-12-2014" component="ClientIDManagerStartup" context="" type="2" thread="716"
file="event.cpp:728">
<![LOG[Raising pending event:
instance of CCM_ServiceHost_CertRetrieval_Status
ClientID = "GUID:GUID";
DateTime = "20140312200232.090000+000";
HRESULT = "0x87d00283";
ProcessID = 6380;
ThreadID = 716;
]LOG]!><time="15:02:32.092+300" date="03-12-2014" component="ClientIDManagerStartup" context="" type="1" thread="716" file="event.cpp:761">
<![LOG[Unable to find PKI Certificate matching SCCM certificate selection criteria. 0x87d00283]
Thanks Lance
Hi,
It seems that there are something wrong with you PKI system.
Here are some steps for your reference.
SCCM 2012: Part II – Certificate Configuration
http://gabrielbeaver.me/2012/08/sccm-2012-part-ii-certificate-configuration/
Note: Microsoft provides third-party contact information to help you find technical support. This contact information may change without notice. Microsoft does not guarantee the accuracy of this third-party contact information.
We
are trying to better understand customer views on social support experience, so your participation in this
interview project would be greatly appreciated if you have time.
Thanks for helping make community forums a great place.
Similar Messages
-
I am having some serious issues with firefox to the point of choosing another search engine. I can't print anything because it is stuck on fax and won't let me change it to my printer when i do try to select my printer it jumps right back to fax. The drop down menus do not work on any of the sites I go to. For example when purchasing clothes and you have to choose a size from a drop down menu I can't do it when I click on the drop down menu it doesn't work at all. I don't have a virus I ran my virus protector and no viruses are present. I don't have any suspicious issues going on with my computer so there has to be something in Firefox that is causing my issues. I tried internet explorer and I don't have any issues there. I hope you can help me because I love Firefox and would really like to continue to use it.
Lots of issues there, main one getting fcpx going again, try deleting the preferences using the utility deveoped by these guys.
http://www.digitalrebellion.com
Try deleting your render files and re-rendering the project.
Start with these and let us know how you go.
Tony -
HT6147 I was expecting fix for some other issues in this update.
In this Update I was expecting a Celular data and iTunes WiFi Sync fix.
Issue on the Celular Data option is that after deactivatinh Cel-Data on some apps as soon as we leave that screen it turns back on.
Many threads are started upon this issue. Click Here
Issue on iTunes WiFi sync is pretty much simple, it doesn't work at all.
Tried all tips that can be found Here and still doesn't work.
I hope that soon there's gonna be an update for these issues too.1. You take screenshot by long pressing power and volume down button (booth at same time) in ICS, thats how google has made it.
2. What beautiful lockscreen are you talking about? Sony has kept the lockscreen same because thats the lock screen many users are used to.
3. Yes music player is same. I have an Arc S, the music player is same. The music player with equalizer is in Xperia S not in Arc S.
4. Google never said any such things. You can see the recently opened apps by LONG PRESSING THE HOME BUTTON and can close them by Swiping it off the screen.
5. Once again Google didnt say any such thing. If you want to change transision effects and stuff use Apex Launcher instead of Sony's launcher. You can get Apex launcher for free from Play Store.
Hope i helped. If you have any question ask i'll try to help. -
Safari 2.0.1 causing some unwanted issues
hey there Apple users...I've been having that spinning beach ball cursor alot lately, especially on some detailed web pages. I am a myspace freak and on some pages the beach ball cursor spins and spins and I have to force quit Safari. Another issue is that when I visit a site and there's content that requires Window's Media Player to view it the WMP file loads but Safari redirects me back to my previous page, whats up with that? I was hoping that this new version of Safari would solve these issues, but it doesn't look like its doing that.
Anyone have any advice on what to do? Or should I just switch to another browser?Try going to your user>library>preferences folder and drag com.safari.plist to the trash. Take note before of your logins and passwords--you will need to reenter them after.
It solved my Windows Media Player problem, and it beats reinstalling the system or switching browsers--that is, if it works for you.
Good luck-- -
My iphone 4s has some serious issues. After clicking some youtube link, my photos, settings icon, app store icon and safari icon and many more apps have been deleted. My iphone is useless since last 4 weeks. I cant do anything without these missing apps. please help.
If it was just my router then my own network would kick in wouldn't it?
No. Not even sure what you mean by that. The phone is trying to access particular IP addresses on the internet, which don't exist on "my own network."
plus all my internet items at home running on my wifi are doing fine
No again. The fact that your router works with other devices doesn't mean it's compatible with the iPhone. Did you even try restarting and updating the router as suggested? -
I updated automatically some security issues in my computer (I don't remember which) and now my gmail will start opening until it reaches 75% and it will not go on opening.
I can open it Internet explorer but not in Mozila fireworksClear the cache and the cookies from sites that cause problems.
"Clear the Cache":
*Tools > Options > Advanced > Network > Cached Web Content: "Clear Now"
"Remove Cookies" from sites causing problems:
*Tools > Options > Privacy > Cookies: "Show Cookies"
Start Firefox in <u>[[Safe Mode|Safe Mode]]</u> to check if one of the extensions or if hardware acceleration is causing the problem (switch to the DEFAULT theme: Firefox/Tools > Add-ons > Appearance/Themes).
*Don't make any changes on the Safe mode start window.
*https://support.mozilla.org/kb/Safe+Mode
*https://support.mozilla.org/kb/Troubleshooting+extensions+and+themes -
I uninstalled itunes to fix some ipod issues, and now I tried to reinstall it but it says that it's already installed. When I went to find the "icon" I can"t find it. When i looked in the download files I saw the downloads, but not the actual itunes "app". Please help thanks!
How did you uninstall it and what were your IPOD issues - that may help clarify the problem.
-
I have the ipad retina display version - I have a BIG issue with this when out and about, that only about 50% of the time will it see my HTC mobile WiFi hotspot - rebooting either, or both devices doesn't cure the problem it drives me MAD!!!!
The HTC hotspot works fine with everything else I connect to it.
Also - ipad will not connect to my HTC via bluetooth. Again, I can connect to everything else with my HTC other than my ipad.
I have to say this is my first venture into Apple products and I have always wanted to get away from my windows based laptop to get a MacBook, the problems I have had (flash player etc) & continue to have (as above) are putting me right off swapping over. I HATE technology that doesn't work and my ipad has been hard work!I stated my ipad as being an ipad2, but I now think it is a 3??? It was new Jan this year and is the 64gb retina display version.
I really would like to get to the bottom on this problem wit mobile hotspots as it is sitting on my desk next to me now and I cannot get it to connect to my HTC mobile hotspot!!!! It might be taking a flying lesson soon at this rate!!! Grrrrrrr........... -
Our software vendor tells to use FF 3.5.1. because of some printer issues with their web based program. How safe is it to work with FF 3.5.1 in 2012?
Thanks for the reply. I'll have a look at your solution.
-
I have been having a issue with getting the colors on my monitor to match the colors fro my print lab. I now have the monitor calibrated to match the prints but when I open elements it doesn't use the same colors. If i have it use the calibrated profile by changing the color management settings, the color picker no longer shows true white or black. How do I get elements 12 to honor the new calibrated settings?
Ok so I've done what you said and this is what it's come back ....
I don't know that these are the errors , but they're the things which don't look right ...
Throughout the shut down there is a recurring line ;
It says ;
Com.apple.launchd 1 0x100600e70.anonymous.unmount 301 PID still valid
Then there are 2 more which I think are related ;
Com.apple.securityd 29 PID job has I overstayed its welcome , forcing removal.
Then the same with fseventd 48 and diskarbitrationd 13
Oh and on Launchd1 : System : stray anonymous job at shut down : PID 301 PPID13 PGID 13 unmount...
Then the last process says "about to call: reboot (RB_AUTOBOOT).
Continuing...
And stops ...
Hope this means something to you ... Thanks again for your help so far :-) -
Had some wifi issues while downloading an album. First 3 tracks... sound stops way early but continues the count. How can I tell iTunes to redo the first 3? Any way to just fix it?
Hey davma1
All you need to delete the songs then go through the process of downloading the past purchase again.
Deleting files from the iTunes library and your computer
http://support.apple.com/kb/ht3842
Downloading past purchases from the App Store, iBookstore, and iTunes Store
http://support.apple.com/kb/HT2519
Thanks for using Apple Support Communities.
Regards,
-Norm G. -
I had recently purchased a iphone 5s with OS version 7.1.2 in Oman and had to move to India.I am facing some hardware issues with the earphone slot. When i plug in the earphone there is lot of disturbance heard. Can i get it repaired in India under international warranty?
No. The iPhone warranty is not international. You will need to have warranty service done in Oman.
-
Some minor issues we are facing in converting the 6i application to 10g ,
Regarding 10g froms i need support in resolving following issues:-
1. Direct print to default printer
In some of our applications user do not want to see the print preview and prefer direct print in 6i we were doing this by defining Desitination in report paramenters
2. Open each form in new window
We open each new form using OPEN_FORM() builtin, but all forms open in same MDI window, how using open form we can open the forms in new window
3. Maintaining source code in windows and linux
Initaially our developers test the forms under windows 10g AS environment but when the same form in uploaded on Linux machine they need to make some changes like " replacing all \ with /, converting all paths to lower case etc
how we can write the same code for linux and windows
These are some minor issues we are facing in converting the 6i application to 10g environment ...1) We don't do direct printing. We print everything to PDF files in a user's network mapped drive. They print or preview as required.
2) We overcame this problem by using Java WebStart
[http://groundside.com/blog/JanCarlin.php?title=forms_and_java_web_start&more=1&c=1&tb=1&pb=1]
It frees Forms from being browser based and looks more like a 'real' application.
3) We use FormsAPI Master [Link to ORCL-Toolbox|http://www.orcl-toolbox.com/] to automatically convert from Windows to Unix. Our script converts uppercase to lowercase for icons, menus, library attachments, etc. We only do this once - unless new libraries have been attached in the wrong case. For things like '\' to '/' , Windows is quite happy to accept '/' as a delimiter. "cd C:\temp" is the same as "cd c:/temp". However, there are obvious differences between Windows and Unix. If there is any interaction between the Form and the operating system, then we do all our testing in the Unix environment - leaving Windows as a "does the screen layout look OK" environment. -
When using 6.0 beta and 7.0 beta on my MacBookPro, I am (too) frequently asked for my master password. This doesn't occur in other programs. Do I have some evil code in my Firefox program?
Why I'm asked for my Master Password seems troublesome.Hello Matt, fellow archaeologist :)
Security updates are essential on any and all software, specially your browser. Mozilla is working to streamline the updating process as much as possible, but you shouldn't neglect your own security for a few seconds of "wasted" time.
I hope you do the best for yourself. -
I'm having some Audio Issues involving my headphone jack (air and pro)?
Ok, so, this is pretty weird.
I have had two macbooks thus far (a 2011 macbook pro and a mid 2013 macbook air)
I replaced my pro in 2013 due to a separate issue.
Anyway, I have been consistently having an issue where any type of headphones I put into my computer eventually begin to lose sound in the left earphone - but still work fine on other devices.
I.e, I'll get a new set of headphones, use them for a week, and a week later, no sound will come from the left port - but only when using my air. It is most definitely not the headphones.
It's not the output balance - when I set the balance all the way to the left, no sound comes out, and the problem continually reoccurs with every new set of headphones I get - on TWO different computers.
The same issue happened on my pro, and happens in my air.
Am I like, inserting the headphone jack in "too roughly" or something? What's going on?some headphone jacks arent the exact right length and the contacts miss
1. diff headphones and same
2. diff. audio , from Itunes, online etc, and still same
3. youve checked balances.
4. RESET NVRAM
Resetting NVRAM / PRAM
Shut down your Mac.
Locate the following keys on the keyboard: Command (⌘), Option, P, and R. You will need to hold these keys down simultaneously in step 4.
Turn on the computer.
Press and hold the Command-Option-P-R keys before the gray screen appears.
Hold the keys down until the computer restarts and you hear the startup sound for the second time.
Release the keys.
5. If same contact Apple for appt for in shop diagnostics, hardware fault
Maybe you are looking for
-
My Wifi on my iPod touch does not work.
It says that I have entered the right password as the lock symbol doesn't appear after I type it in. Then it say's "Invalid Argument" or sometimes it appears like it is getting into the internet and then the words "Cannot Connect to....". How do I co
-
If you add music videos to Up Next playlist, then go to look at the album cover playing screen, then go to add another song from different playlist, you no longer can see Up Next, just go to full screen mode button. Using remote app iPhone 5 to play
-
Gurus , not sure if any one has worked on the SRM 7.0 box.If you go to SPRO -->Supplier Relationship Management->Analytics they have lots of BW reporting templates available there. On the help it says that we can configure the BW templates from SRM 7
-
Two company codes under one controlling Area
In this client, we have two company codes under one controlling Area Will there be any authorisation issues (ie getting the information of other company code date) in Co reports (z reports, standard reports, report painter)? Any thoughts on this is h
-
Meeting Place 8.5.2 FTP backup option missing
Hi All, I have a customer who has meeting place ver 8.5.2 installed BUT the FTP option for the backup is not avalable. Can anyone confirm if this is a licensing issue or a system setting OR failing that is there a decent SSH/RSYNC client they can use