[SCCM] SCCMNativeModeReadiness - Client is not ready

Hi All,

quick post to share my experience..

i'm finishing one native mode/ibcm project and I came across the following issue today when running the SCCMNativeModeReadiness

Initializing ModeReadiness tool.       ModeReadiness         10/14/2010 9:57:21 AM       2680 (0x0A78)

Setting default logging component for process.     ModeReadiness         10/14/2010 9:57:21 AM       2680 (0x0A78)

The 'Certificate Store' is empty in the registry, using default store name 'MY'.  ModeReadiness         10/14/2010 9:57:21 AM    2680 (0x0A78)

Failed to load default certificate selection criteria. (0x80004005) ModeReadiness         10/14/2010 9:57:21 AM          2680 (0x0A78)

ModeReadiness initializiation succeeded.     ModeReadiness         10/14/2010 9:57:21 AM       2680 (0x0A78)

Client SSL is enabled. The current state is 0x127.  ModeReadiness         10/14/2010 9:57:21 AM       2680 (0x0A78)

Certificate issued to 'FQDN' doesn't have private key.     ModeReadiness         10/14/2010 9:57:34 AM          2680 (0x0A78)

Client is NOT ready for native mode.     ModeReadiness         10/14/2010 9:57:34 AM       2680 (0x0A78)

Sending state message.       ModeReadiness         10/14/2010 9:57:34 AM       2680 (0x0A78) 

Looking at the log lines, it's easy to think that the certificate doesn't have private key...but when i open the MMC, I found that the certificate has it:

 to fix the issue,I had to:

- Deleted all certificates from machine using MMC
- revoked all certificates issued to the computer
- Stopped the Crypto Service
- Stopped the Cryptographic Services (net stop CryptSvc)
- Renamed the folders under the Crypto Folder (C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto)
- Rebooted machine
- All the machine is domain member, it got a new certificate by the autoenrollment