Symptoms
Unable to configure Parallels Mac Management MDM Link.
MDM Link configuration process ends with the error:
Unknown rpc error: code=3, category='MDM IPC Error'
In pmm_mdm_service.log there are the following entries:
02-28 13:26:28.499 I /MdmCore:1896:1c80/ Starting WebServer with SSL encryption {Subject: pmdm.test.com; Issuer SwissSign Server Gold CA 2014 - G22;}
02-28 13:26:28.499 W /Certs:1896:1c80/ CryptError: 0x80090014 (Invalid provider type specified.)
02-28 13:26:28.515 W /Certs:1896:1c80/ OpenSSL error
02-28 13:26:28.515 W /Certs:1896:1c80/ Error getting private key
In pmm_mdm_service_config.log there are the following entries:
02-28 13:25:48.827 I /pmm_mdm_service_config:5132:1654/ Finish checking the prereqs...
02-28 13:26:20.983 I /pmm_mdm_service_config:5132:1654/ Configuring MDM certificate...
02-28 13:26:24.374 D /CmProxyCfgUtils:5132:1654/ Existing access mask = 0x0, desired = 0x80000000, result = 0x0
02-28 13:26:24.374 I /pmm_mdm_service_config:5132:1654/ Configuring SSL certificate...
02-28 13:26:24.374 F /CmProxyCfgUtils:5132:1654/ Cannot get CSP handle: Invalid provider type specified.
However, Parallels MDM Server Configuration Wizard finishes fine.
Cause
The web server certificate that was specified in Parallels MDM Server Configuration Wizard is a Cryptographic New Generation (CNG) certificate.
Parallels MDM is using CryptoAPI and do not support CNG certificates.
In oder to check if the installed certificate indeed is a CNG certificate or not please open CMD as Administrator on the Parallels Mac Management MDM server and execute the following command:
certutil.exe –v –store my> certutil_my.txt
In the output file(certutil_my.txt) find the certificate in question and locate KeySpec and ProviderType attributes. If they are cert to 0, this is a CNG certificate.
Resolution
-
Convert the CNG certificate using the steps from the article.
- Reconfigure Parallels MDM Server Configuration Wizard using the converted certificate.
Was this article helpful?
Tell us how we can improve it.