I was getting this error in certificatemaintenance.log.
And, in other logs:
Attempting to refresh certificate information from AD LocationServices 04.10.2022 07:56:44 11280 (0x2C10)
Refreshed Certificate Information from AD LocationServices 04.10.2022 07:56:44 11280 (0x2C10)
Retrieved thumbprints from AD LocationServices 04.10.2022 07:56:44 11280 (0x2C10)
CCMVerifyMsgSignature failed. LocationServices 04.10.2022 07:56:44 11280 (0x2C10)
Failed to verify received message 0xc000a000 LocationServices 04.10.2022 07:56:44 11280 (0x2C10)
CCMVerify failed with 0xc000a000 LocationServices 04.10.2022 07:56:44 11280 (0x2C10)
Failed to verify message. Could not retrieve certificate from MPCERT. LocationServices 04.10.2022 07:56:44 11280 (0x2C10)
and
Key 'ConfigMgrMigrationKey' not found, 0x80090016. CertificateMaintenance 04-10-2022 09:01:10 3544 (0x0DD8)
History: After a MECM upgrade to 2203, my clients were showing errors in logs for missing certificate.
On the Configmgr app, the Client Certificate showed as : None
Sample figure
The environment was eHTTP. no PKI.
There were no errors in logs on the Primary server.
Solution:
After log of checks, found that AD publishing was removed, for 1 of the two forests.
Added it back, restarted smsexec.exe
This fixed the AD publishing, and it fixed the certificate errors on the client.