Unable to configure Paralells Mac Management MDM Link

0 users found this article helpful


Unable to configure Parallels Mac Management MDM Link.

MDM Link configuration process ends with the error:

    Unknown rpc error: code=3, category='MDM IPC Error'  

In pmm_mdm_service.log there are the following entries:

02-28 13:26:28.499 I /MdmCore:1896:1c80/ Starting WebServer with SSL encryption {Subject:     pmdm.test.com; Issuer SwissSign Server Gold CA 2014 - G22;}
02-28 13:26:28.499 W /Certs:1896:1c80/ CryptError: 0x80090014 (Invalid provider type specified.)
02-28 13:26:28.515 W /Certs:1896:1c80/ OpenSSL error
02-28 13:26:28.515 W /Certs:1896:1c80/ Error getting private key

In pmm_mdm_service_config.log there are the following entries:

02-28 13:25:48.827 I /pmm_mdm_service_config:5132:1654/ Finish checking the prereqs...
02-28 13:26:20.983 I /pmm_mdm_service_config:5132:1654/ Configuring MDM certificate...
02-28 13:26:24.374 D /CmProxyCfgUtils:5132:1654/ Existing access mask = 0x0, desired = 0x80000000, result = 0x0
02-28 13:26:24.374 I /pmm_mdm_service_config:5132:1654/ Configuring SSL certificate...
02-28 13:26:24.374 F /CmProxyCfgUtils:5132:1654/ Cannot get CSP handle: Invalid provider type specified.

However, Parallels MDM Server Configuration Wizard finishes fine.


The web server certificate that was specified in Parallels MDM Server Configuration Wizard is a Cryptographic New Generation (CNG) certificate.

Parallels MDM is using CryptoAPI and do not support CNG certificates.

In oder to check if the installed certificate indeed is a CNG certificate or not please open CMD as Administrator on the Parallels Mac Management MDM server and execute the following command:

certutil.exe –v –store my> certutil_my.txt

In the output file(certutil_my.txt) find the certificate in question and locate KeySpec and ProviderType attributes. If they are cert to 0, this is a CNG certificate.



  1. Convert the CNG certificate using the steps from the article.

  2. Reconfigure Parallels MDM Server Configuration Wizard using the converted certificate.

Was this article helpful?

Tell us how we can improve it.