SCCM 2111 : SCCM Clients Key ‘ConfigMgrMigrationKey’ not found, 0x80090016.

Question

Team,

All SCCM clients having error “SCCM Clients Key ‘ConfigMgrMigrationKey’ not found, 0x80090016” in CertificateMaintenance.log and also in ClientLocation.log seeing error
Assigned Site is QD1
Assigning client to site ‘PS1’
Unable to verify sitecode ‘PS1’. Cannot continue site assignment.

However, PS1 is not our site code not sure from where it is trying to fetch. Please advice.

solved 0
SUMAN VADDIPARTHI 2022-02-24T10:38:28+05:30 5 Answers 3107 views Beginner
0

Answers ( 5 )

  2. HowToManage Devices
    0
    2022-02-24T17:51:55+05:30
    Reply

    0x80090016 Keyset doesn’t exist. I think this is because a chain of certificates does not exist?

    I hope you are using EHTTP?

    If eHttp then it’s worth looking at https://www.anoopcnair.com/enable-configmgr-enhanced-http-configuration/

    If it’s PKI, then you can try to check whether Root CA and intermediate certificates are in place on the client and MP.

    • SUMAN VADDIPARTHI
      0
      2022-02-24T18:19:41+05:30
      Reply

      Yes, recently we have enabled EHTTP. And in my primary SCCM server, the SMS Issuing certificate was there under Personal, Trusted Root Certification Authorities and SMS and the certificate shows OK. But when I check the same certificate in all our MP servers this SMS Issuing certificate was not present in all these mentioned areas ( Personal, TRCU & SMS ) and so can we copy them to these locations manually. Will there be any issues if we copy them manually?
      Also how these certificate be installed on all client devices. Please suggest.

    • SUMAN VADDIPARTHI
      0
      2022-02-25T03:58:45+05:30
      Reply

      After unchecking the PKI certificate to install ( as we are not using https ) it worked. Now the clients got self signed and seems to be working fine now. Thank You.

      Best answer
  4. SUMAN VADDIPARTHI
    0
    2022-02-24T12:14:30+05:30
    Reply

    I think Clients not getting self singed certs and I have verified the SMS Issuing certificate in all SCCM servers under Personal & SMS Cert folder. Except in SCCM server on remaining all MP servers the certificate showing as ” SMS Role SSL Certificate” Status The issuer of this certificate could not be found.

    So can we import the cert from SCCM server manually to all MP servers to make it active or OK? Please suggest.

Leave an answer

Sorry, you do not have permission to answer to this question .