Error code: 0x80090014 meaning “Invalid provider type specified.”
Hence to confirm if you’re hitting into the issue where the certificate can’t be ACLed by the SF runtime due to the fact that the certificate being generated with an unsupported provider, then please try the following command in PowerShell by logging into the node, from which the error is thrown.
certutil -store my
This will dump all the certificates with its details from ‘my’ store, you can now look for your concerned certificate with the help of the thumbprint and check what provider the certificate has:
If you see the provider of the certificate contains something like below, then this is indeed a CNG certificate issued with a Key Storage Provider.
Provider = Microsoft Software Key Storage Provider
Hence, you might be using a self-signed certificate which was generated without any providers specified, had used a CNG provider instead. If this is the case, then you may need to create another certificate with a supported provider that you can associate with this cluster using following command: