A few days back I had a problem with a few opsmgr agents that did not want to start after installation. It turned out a registry key was missing. You can find that post here: scom agent not starting after installation.
This time I encountered a few agents that first had this problem and a few seconds later ran into the next problem. They were unable to publish their public key to the management group.
It is an error 7005 with the following text:
The Health Service was unable to publish its public key to management group [mgmtgroup] and will be unable to receive secure messages until this key is published. Attempts to publish the key will continue.
In my case a 21023 and 7009 event were listed in the eventlog and these come back every three minutes.
As long as the agent can not publish its public key it will not communicate with the SCOM management server.
So I first tried to repair the agent from the scom gui, but that did not work.
It turned out that there were two more keys missing in the registry.
In the following location there should be two keys with a long coded name (string of about 30 characters):
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\HealthService\Parameters\Management Groups\mymgmtgroup\SSDB\References\some long string
If it is not there you can pick it up from another machine in the same management group and merge it. Afterwards restart your healthservice (System Center Management).
Immediately after you start the SCOM agent you should see an event 7006 with a description like the following:
The Health Service has published the public key [ long string here ] used to send it secure messages to management group [mgmtgroup]. This message only indicates that the key is scheduled for delivery, not that delivery has been confirmed.
And you will be in business!
Bob Cornelissen