SMS_EXECUTIVE service crashes when a SQL certificate can't be found

Applies to: System Center Configuration Manager (current branch - version 1602)System Center Configuration Manager (current branch - version 1606)

Symptoms


The SMS_EXECUTIVE service silently crashes when the SQL certificate can't be found in the certificate store. This issue occurs repeatedly and affects the current branch of Configuration Manager versions 1602 and later. The issue is fixed in Update 1610 for Configuration Manager.

Workaround


To work around this issue, use the following PowerShell cmdlet to create a self-signed certificate. Then, specify the provider to import the certificate into the local computer store of the System Center Configuration Manager server.

New-SelfSignedCertificate -Provider "Microsoft Enhanced RSA and AES Cryptographic Provider" -Subject "CN=AUCOLO-SCCM.contoso.com" -TextExtension @("2.5.29.37={text}1.3.6.1.5.5.7.3.1") -KeyAlgorithm RSA -KeyLength 2048 -DnsName "AUCOLO-SCCM.contoso.com" -CertStoreLocation "Cert:\LocalMachine\My" -NotAfter (Get-Date).AddMonths(120) -KeyExportPolicy "Exportable" 
certutil -csp "Microsoft Enhanced RSA and AES Cryptographic Provider" -importpfx Self-signed-new5.pfx-Provider "Microsoft Enhanced RSA and AES Cryptographic Provider" -Subject "CN=AUCOLO-SCCM.contoso.com" -TextExtension @("2.5.29.37={text}1.3.6.1.5.5.7.3.1") -KeyAlgorithm RSA -KeyLength 2048 -DnsName "AUCOLO-SCCM.contoso.com" -CertStoreLocation "Cert:\LocalMachine\My" -NotAfter (Get-Date).AddMonths(120) -KeyExportPolicy "Exportable"
certutil -csp "Microsoft Enhanced RSA and AES Cryptographic Provider" -importpfx Self-signed-new5.pfx
Replace the Subject and DnsName parameters with the right values in the cmdlet.

Note This cmdlet must be run on a Windows 10-based computer, as the parameters are supported only in Windows 10.