SCOM Gateway Server Event ID 20077 ‘…no private key was included with the certificate…’
Issue
For a complex environment I had to create Certificate Signing Request files (CSR�s) using this method, section Request OpsMgr Certificate. So far so good. The certificates created on those CRS�s worked as expected, except for the SCOM Gateway Server.
Somehow, there was NO private key, and therefore SCOM didn�t load this certificate, throwing Event ID 20077:
And indeed, in the Certificate snap-in there was NO private key attached to this certificate:
(Please mind: the golden key is missing in the certificate icon, depicting the private key.)
And:
(Normally located at the yellow question mark there should be a line of text about the private key.)
Fix
One of the fixes is to create a NEW certificate, based on a new CSR. But before doing that one might try to repair the store first, based on this posting.
Results
So based on that posting I ran the RepairStore command using the thumbprint of the �broken� certificate. The feedback I got was good:
Time to refresh the certificate MMC, and YES it worked:
(Please mind: the golden key is �back� in the certificate icon, depicting the private key.)
And:
(Yes, the line of text about the private key is �back�.)
Let�s bounce the Health Service and see whether the certificate is REALLY okay now:
And YES we�re in business. After this the SCOM Gateway Server connected properly to the SCOM MS servers and all was okay again.
Recap
Whenever SCOM can�t load the certificate because the private key is missing, try to fix it first before creating a new certificate. It saves you a lot of time.
A BIG thanks to�
SSL Support Desk for their posting which helped me to solve this issue. Awesome!