So we have included the SCOM 2012 R2 agent as part of the image that are used when commisioning/build new servers. The problem comes in when the server is build with a default name starting with “WIN-“. When this server is then up and running, the MMA agent starts up and obtains a certificate that is then stored in the Local Computer certificate store under “Operations Manager”. During the build process the server is then renamed to the company’s naming standard but the certificate is not updated. Events like below are then logged in the Operations Manager event log The Health Service has downloaded secure configuration for management group , and processing the configuration failed with error code Keyset does not exist(0x80090016). Fix: Simply delete the certificate and then bouncing the MMA service fixes the problem.
Screenshot of the certificate with the image build server name