Symptoms :

  • Distmgr.log shows lot of “Failed to decrypt cert PFX data” errors
  • You have shared DP enabled
  • You have the same numbers of errors than you have shared Distribution Points
  • SCCM Distribution Point Failed decrypt cert PFX data
Failed to decrypt cert PFX data

If you are not familiar with Share DP, here’s Microsoft definition :

During migration, you can share distribution points from a source hierarchy with the destination hierarchy. You can use shared distribution points to make content that you have migrated from a source hierarchy immediately available to clients in the destination hierarchy without having to recreate that content, and then distribute it to new distribution points in the destination hierarchy. When clients in the destination hierarchy request content that is deployed to distribution points that you have shared, the shared distribution points can be offered to the clients as valid content locations.

SCCM Distribution Point Failed decrypt cert PFX data Resolution

You can safely ignore these error. I’ve made some test on my side and the error will goes away when you reassign distribution point to your 2012 hierarchy.

After reassigning a distribution point you’ll see 1 error less in the log. At the end of your migration the error will be completely gone.

This error happens because your 2007 DP certificates are not “known” to 2012.

More : Technet discussion on the topic : Here

Comments (2)

F7f7f7; border: 1Px solid

08.10.2019 AT 09:05 AM
This article is truly a nice one itt assists nnew the web people, who are wishing in favor of blogging.


09.12.2018 AT 06:35 PM
Good stuff....saved a scare 🙂