Jump to content


Win 8.1 "Failed to get certificate" since 2107 upgrade

Recommended Posts

Since upgrading to Endpoint Configuration Manager 2107, our Win 8.1 laptops have not been communicating with Config manager.
It looks like they upgraded to the new client, then stopped communicating.  We do not use PKI certificates and since the upgrade, I believe I've made the correct changes to use enhanced http.

The problem laptops show Client Certificate: None, rather than Self-Signed.

Some reading has led me to believe that this is something to do with a new feature of 2107 that states "When you update the site and clients to version 2107, the client stores its certificate from the site in a hardware-bound key storage provider (KSP). This KSP is typically the trusted platform module (TPM) at least version 2.0".

Examples of errors in client logs are -

Failed to get certificate. Error: 0x80004005

Failed to set ACL to key, 0x80090029

The primary key is not found from provider Microsoft Platform Crypto Provider

Does anyone have any idea how to fix this, so that clients speak to config manager again?
Some forum posts suggest using a reg key HKLM\Software\Microsoft\CCM\DWORD:UseSoftwareKSP=1, but I don't want to apply that without properly understanding the implications.

Share this post

Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.