SCCM 2012 R2 Content Validation Error 0x80092002

After uplifting our current 2012 R2 environment to new hardware I started noticing errors in the smsdpmon.log file on distribution points.

Failed to create certificate store from encoded certificate..
An error occurred during encode or decode operation. (Error: 80092002; Source: Windows)
Failed to initialize DP monitoring object. Error code: 0x80092002

I started researching this and wasn’t able to find any solutions other than reinstalling the DP’s.  Easier said than done…  I set out to find a solution.  I checked for a component in the registry SMS_Distribution_Point_Monitoring, no such component.  I then noticed the registry key HKLM\Software\Microsoft\SMS\DP\Identity\IdentityCert which appears to be the string representation of the DP’s certificate.  This got me poking around the SCCM console.  Unless you are using PKI, every distribution point under Administration\Distribution Points has a self-signed certificate.

If you change the properties for the self-signed certificate SCCM will immediately block the old certificate, issue a new certificate and place it in the DP’s SMS certificate store.  Once that’s done the certificate error goes away and content validation processes normally.

I suspect that you can probably view the current certificate via the SCCM console, export it to a file and then import it into the DP’s SMS certificate store but haven’t been able to test that yet as it’s a lot easier just issuing a new certificate.

Leave a Reply