Let’s see how to fix the error failed to create SQL Always On certificate ConfigMgr 2103. Microsoft released a new out-of-band hotfix KB10216365 for SCCM 2103. This KB is to fix unable to move site database to SQL Always On availability group.
SCCM 2103 known issues and fixes are documented in the previous post. The prerequisite for out-of-band hotfix KB10216365 is the update rollup for Configuration Manager 2103.
Out of band hotfix won’t be available in the SCCM console until you download and install the Update Registration Tool to import hotfixes to Configuration Manager.
Issue Fix SCCM Failed to Create SQL Always On Certificate Error
Modifying SQL Server configuration for moving the site database to an availability group fails after upgrading to SCCM CB version 2103. You can see the following error in the ConfigMgrSetup.log file on the affected SCCM site server.
Not able to decrypt using key stored in operating system.
Successfully refreshed the encrypted site master key from database.
ERROR: Failed to retrieve SQL Server certificate.
ERROR: Failed to create SQL Always On certificate.
Download
You can download the out-of-band update registration tool for KB10216365. You can download KB10216365 out of the band update registration tool (CM2103-KB10216365.ConfigMgr.Update.exe).
Install CM2103-KB10216365.ConfigMgr.Update.exe from the SCCM server to make the KB10216365 available.
Fix: Failed to Create SQL Always On Certificate Error
Let’s install KB10216365 to fix failed to create SQL Always On certificate error. You can install the out-of-band KB from the updates and services node. You will need to click on the check for updates button to make the KB available.
NOTE! – There is no client component update with KB10216365.
Summary of the updated package installation – Install Update Package Configuration Manager 2103 Hotfix (KB10216365) Prerequisite warnings will be ignored.
- Right-click on the hotfix and select the Install Update package to start the installation.
- Click on NEXT to continue.
- Install Update Package Configuration Manager 2103 Hotfix (KB10216365).
- Select Prerequisite warnings will be ignored.
- Click on Next, Next, and Next to finish the wizard.
Secondary Server Update – Fix SCCM Failed to Create SQL Always On Certificate Error
You will need to manually update a secondary site from the SCCM admin console by selecting Administration > Site Configuration > Sites > Recover Secondary Site.
The latest Configuration Manager 2103 (full version) is 5.00.9049.1037 (of course – after the installation KB10216365).
Resources
Author
Anoop C Nair is Microsoft MVP! He is a Device Management Admin with more than 20 years of experience (calculation done in 2021) in IT. He is Blogger, Speaker, and Local User Group HTMD Community leader. His main focus is on Device Management technologies like SCCM 2012, Current Branch, and Intune. He writes about ConfigMgr, Windows 11, Windows 10, Azure AD, Microsoft Intune, Windows 365, AVD, etc.