PENDING SMS Role SSL Certificate expired

[Pivax88]

Hi,
I have an issue where the SMS Issuing certificate within SCCM expired a few years ago and is failing to auto-renew. If I select to renew it from the GUI the certmgr.log file gives me the below error:

• Failed to get connector certificate
• ProcessIssuingCert() - Failed to create the certificate (0x8009000f)

We are using eHTTP
There is no certificate in IIS or bonded to HTTPS, nor is there in the Personal Certificate Store of the server
What I have done so far:

1. Removed the eHTTP option, waited an hour and then added it again, same results as before and same errors
2. Manually created a new SMS Issuing certificate within the Personal Store and bonded that to HTTPS, this was still producing the same error and not showing up as an available SSL within the CM GUI so reverted those changes

The errors relating to certificates are also shown in SMS_REST_PROVIDER log:
ERROR: Service not healthy, Trust Failure, the underlying connection was closed, could not establish trust relationship for SSL/TLS secure channel

I don't see any issues with client communication at this stage

 

[Rom]

Hi Pivax88
We have the same certificate error.

SMS Issuing > Expaired

I'm also looking at how I can solve this. Apparently it is a license that should be renewed automatically.

How to renew a certificate in Configuration Manager - Microsoft Q&A

I am using Configuration Manager 2107. Does anyone know how to renew the certificate in the red frame below? For "SMS Issuing", right-click and press [Renew Certificate ], a new certificate has been created. For the other two…

learn.microsoft.com

SMS Issuing Certificate has expired - SCCM - Microsoft Q&A

Hi, SMS Issuing certificate has expired on 01/20/2022 but not yet renewing, I get below error code in ConfigMgr\Logs\CertMgr.log when trying to renew. Failed to create the certificate (0x8009000f) what shall I do?

learn.microsoft.com

 

[Pivax88]

Hi Pivax88
We have the same certificate error.

SMS Issuing > Expaired

I'm also looking at how I can solve this. Apparently it is a license that should be renewed automatically.

How to renew a certificate in Configuration Manager - Microsoft Q&A

I am using Configuration Manager 2107. Does anyone know how to renew the certificate in the red frame below? For "SMS Issuing", right-click and press [Renew Certificate ], a new certificate has been created. For the other two…

learn.microsoft.com

SMS Issuing Certificate has expired - SCCM - Microsoft Q&A

Hi, SMS Issuing certificate has expired on 01/20/2022 but not yet renewing, I get below error code in ConfigMgr\Logs\CertMgr.log when trying to renew. Failed to create the certificate (0x8009000f) what shall I do?

learn.microsoft.com

Hi Rom,
Yeah, I have tried so many things, I deleted the cert thumbprint from the Database and performed a CM site reset to see if it would renew the certificate, but that failed. I am having to go down the route of implementing HTTPS with PKI now as I have exhausted everything I can think of without just rebuilding MECM from scratch which I can't do as it has thousands of users and endpoints.