Configuration Manager 2012 install error: Failed to create machine certificate on server

I was attempting to install config manager in my lab but it kept failing at the "Generating public key and sql server certificate" step.

Obviously, looking around the web...I didn't find any solid resolution right off the bat.

Here's how I resolved my particular issue:

1. The logs from the config manager setup program had the following which ended up not being very useful:

• Failed to create machine certificate on server MySQLServer
• Failed to create SQL server certificate on server
• Failed to create SQL server certificate remotely

2. On the SQL server, I found folders under the root of the C drive created by config manager with an SMS prefix

3. These folders contained a srvboot.log file that was more helpful. It contained the following errors:

• Failed to grant access to user (MySQLServer account)
• Failed to grant permission to certificate.
• Failed to create machine self-signed certificate.

4. I look at the SQL servers certificate store (for the computer) and noticed there was a config manager cert. It had my sql server service acct listed under All Tasks/Manage Private keys. Deleting and removing the cert didn't fix the issue.

5. Next, I ran procmon on the sql server. Filtered on srvboot.exe and noticed that I got access denieds on a certain file in the c:\programdata\microsoft\crypto\rsa\machinekeys folder. Looking at the permissions, my sqlserver service account had Full control rights.

6. Hmm...so what gives.

7. My next step was to remove the particular file in the machinekeys folder AND the certificate that was created in the computer's certificate store and mysteriously the issue resolved itself.

8. Key learnings: Look at the logs (srvboot.log) on the sql server and see what procmon tells you.

Good luck.