I ran into this one while setting up a SCOM 2012 R2 Gateway server. When importing the .pfx using MOMCertImport.exe I received the following error:
The certificate is valid, but importing it to certificate store failed.
Error description: Catastrophic failure
Error code:8000FFFF
ImportPFXCertificate failed: Catastrophic failure
Error code: 8000FFFF
Turns out, this was a result of leaving the “Include all certificates in the certification path if possible” box checked when performing the certificate export. After re-exporting and unchecking that box, I was able to import the certificate without issue.
Shane Skriletz, PEI
To renew the certificate on the SCOM Management Server or Gateway server, follow the following steps:
Request a certificate from your certificate authority using the Operations Manager Template and install it on the SCOM Management Sever.
Check in the MMC console that the newly installed certificate has “Server Authentication” and “Client Authentication” by double clicking the certificate > Details > Enhanced Key Usage.
Export the generated certificate from the Certificates console and select “Yes, export the private key” on the first page of the wizard.
Save the certificate as .PFX file, and specify a password for it.
Remove the old imported certificates from System Center Operations Manager with the command “MOMCertImport.exe /Remove”.
Install the new certiicate with the following command line: “MOMCertImport.exe C:\cert.pfx /Password P@ssw0rd”.
Check if the registry value “HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Microsoft Operations Manager\3.0\MachineSettings\ChannelCertificateSerialNumber” of Serial Number matches that you see in the Properties page of the certificate (the string is in a reverse order).
Restart the System Center Operation Manager health services on the Management Server and/or Gateway Servers to see if the update is succeeded.