This fix has been in forum posts, and probably blog posts elsewhere as well. But it's one of those things I know I'm going to see the error again in the future, and I'll remember I used to know what the fix was... but don't recall it anymore. So before my brain forgets exactly what the fix was, I'm blogging it so I can find the answer in the future.
- Configmgr Client assigns to a sitecode fine.
- clientlocation.log shows it correctly found the managementpoint, and you know the management point is working fine for 99.9% of the rest of the clients; it's just this one that is failing.
- ClientIDManagerStartup.log repeats "Failed to find the certificate in the store".
- Uninstall/resinstall with RESETKEYINFORMATION=TRUE does not fix the issue.
Grant full ntfs security rights to SYSTEM to this folder, or if you are really paranoid, just the file that starts with "19c..." within this folder:
c:\documents and settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys
Then either just wait 10 minutes or so for the next certificate request within ClientIDManagerStartup.log, or restart SMS Agent Host to kick it into asking for a cert immediately.