CMG "failed to decrypt app secret key" message

Copper Contributor

UPDATE 04/01/21:  After working with MS Support on these errors they said: "

This error may affect the sync with Intune via the tenant attach feature, apart from that everything would work as it is supposed to be. With tenant attach you can manage the SCCM client machines from the Endpoint manager console if this is something we don’t use then I think it’s safe to ignore this for now."  We are trying to leverage Intune for the onboarding of devices for simpler deployment of Defender ATP so for us this will need to be fixed.  If we do manage to fix it I'll edit this post again with the resolution.  Thanks!


I don't necessarily see anything broken here... looking more for somebody to confirm my thought that this particular log error can be safely ignored.  I see this in both the CMGatewayNotificationWorker.log and the Status messages for SMS_SERVICE_CONNECTOR...   

Failed to execute worker "CMGatewayNotificationWorker" with error "Failed to decrypt app secret key: Decryption failed with 0". See CMGatewayNotificationWorker.log for further details. 

Logs it about every 60 mins.   However, clients are getting content, the Connection Analyzer shows all green marks.   And the CMG connection point server shows "connected".   Looking at other non-critical entries in the SMS_SERVICE_CONNECTOR status messenges it appears that other "workers" are decrypting the secret key just fine as they start and finish their cycles without incident.   I'm thinking for certain things this is expected or normal depending on how things are configured. 

Anybody know what this means, especially whether it's safe to ignore or should i keep digging?

Thanks in advance!

1 Reply
We had the same thing. We had to delete the application and then redo it. Make sure the person signing in for the application has Global Admin