Certificate errors when connecting Gateway Server or non-domain Agent to System Center Operations Manager 2007 R2

This was a bit of an odd one. I was adding a Gateway Server to a newly rebuilt SCOM 2007 R2 Root Management Server when I kept encountering this error:

The certificate specified in the registry at HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Microsoft Operations Manager\3.0\Machine Settings cannot be used for authentication.  The error is The credentials supplied to the package were not recognized(0x8009030D).

I followed the Microsoft install and setup guides exactly, and it’s not my first time either – but I’d never seen that one before.

It turns out that it’s a quirk with Certificate Services and how you request your certificate. I used the Certificate Services website on my Server 2003 Enterprise Root Certificate Authority to request the correct certificate, based on the OperationsManager template I created. Crucially, there wasn’t the option to import the certificate to the Machine/Personal certificate store – it went into the User/Personal. This meant that when it came to exporting and then re-importing the certificate, the private key was not correct.

Requesting the certificate through the MMC Certificates Snap-in and restarting the Health Service resolves the issue.