- Distmgr.log shows lot of “Failed to decrypt cert PFX data” errors
- You have shared DP enabled
- You have the same numbers of errors than you have shared Distribution Points
- SCCM Distribution Point Failed decrypt cert PFX data
If you are not familiar with Share DP, here’s Microsoft definition :
During migration, you can share distribution points from a source hierarchy with the destination hierarchy. You can use shared distribution points to make content that you have migrated from a source hierarchy immediately available to clients in the destination hierarchy without having to recreate that content, and then distribute it to new distribution points in the destination hierarchy. When clients in the destination hierarchy request content that is deployed to distribution points that you have shared, the shared distribution points can be offered to the clients as valid content locations.
SCCM Distribution Point Failed decrypt cert PFX data Resolution
You can safely ignore these error. I’ve made some test on my side and the error will goes away when you reassign distribution point to your 2012 hierarchy.
After reassigning a distribution point you’ll see 1 error less in the log. At the end of your migration the error will be completely gone.
This error happens because your 2007 DP certificates are not “known” to 2012.
More : Technet discussion on the topic : Here