I am trying to copy the three FIM CM service account certificates from the first node and onto the second node of my FIM CM cluster. The service accounts are agent, enragent, kragent and the private keys for their certificates are protected by a Thales HSM.
I have successfully imported the certificates for all three of these accounts. I have successfully re-associated the private key for agent and kragent (using certutil -f -user -repairstore my "cert serial number").
However, when I try this command for the enragent certificate if get the following error:
-------------------------------------------
No key provider information
Cannot find the certificate and private key for decryption
Certutil: -repairstore command FAILED: 0x80090010 (-2146893808)
Certutil: Access denied
---------------------------------------------
When I run certutil -verify my "enragent cert serial number", on the first node it verifies successfully (so we know there is not a problem with the cert or key_mscapi files).
I have re-exported and imported the certificate from the first node
I have re-copied the key_mscapi files from the first node
Unfortunately, repairstore still fails on the second node (I suspect it can't find the key material file(s) even though it has worked successfully for the other two certificates).
Can anyone help please ?