We've been using an ACDS for several years to push certs to our devices now but in the last couple of weeks we're getting an error: "unable to decrypt profile".

I can see the the ADCS server is receiving the request from Jamf Pro, the CA is creating the cert and we're getting a 200 response back on IIS when I look at the ADCS server but the ceritificate isn't added under the devices -> certificates and it fails to push out saying failed to decrypt profile.

The Jamf server logs show the below:

2024-09-23 19:33:01,274 [error] [Pki-Pool-31] [ertificatePayloadInjector] - Failed to get pending PKI payload certificate
com.jamfsoftware.jss.core.service.certapi.CertificateRequestServiceException: Request has failed with status INTERNAL_ERROR. Initiate another request in the future.
at com.jamfsoftware.jss.objects.pki.adcs.AdcsCertificatePayloadInjector.retrieveCertificate(AdcsCertificatePayloadInjector.java:151) ~[classes/:?]
at com.jamfsoftware.jss.objects.pki.adcs.AdcsCertificatePayloadInjector.getPendingCertificateFor(AdcsCertificatePayloadInjector.java:97) ~[classes/:?]
at com.jamfsoftware.jss.objects.pki.adcs.AdcsCertificatePayloadInjector.getCertificateFor(AdcsCertificatePayloadInjector.java:75) ~[classes/:?]
at com.jamfsoftware.jss.objects.pki.payload.PKICertificateInjectorService.getPkiPayloadCertificate(PKICertificateInjectorService.java:279) ~[classes/:?]
at com.jamfsoftware.jss.objects.pki.payload.PKICertificateInjectorService.issueAndBindCertificate(PKICertificateInjectorService.java:253) ~[classes/:?]
at com.jamfsoftware.jss.objects.pki.payload.PKICertificateInjectorService.lambda$issueCertificate$6(PKICertificateInjectorService.java:223) ~[classes/:?]
at org.springframework.security.concurrent.DelegatingSecurityContextRunnable(DelegatingSecurityContextRunnable.java:94) ~[spring-security-core-6.3.0.jar:6.3.0]
at org.springframework.scheduling.support.DelegatingErrorHandlingRunnable(DelegatingErrorHandlingRunnable.java:54) ~[spring-context-6.1.9.jar:6.1.9]
at java.base/java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:572) ~[?:?]
at java.base/java.util.concurrent.FutureTask(FutureTask.java:317) ~[?:?]
at java.base/java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask(ScheduledThreadPoolExecutor.java:304) ~[?:?]
at java.base/java.util.concurrent.ThreadPoolExecutorWorker(ThreadPoolExecutor.java:1144) ~[?:?]
at java.base/java.util.concurrent.ThreadPoolExecutor$Worker(ThreadPoolExecutor.java:642) ~[?:?]
at java.base/java.lang.Thread(Thread.java:1583) [?:?]
Caused by: com.jamfsoftware.pki.adcs.exception.AdcsConnectorCertificateNotIssuedException: INTERNAL_ERROR: System.NullReferenceException - Object reference not set to an instance of an object.
at com.jamfsoftware.pki.adcs.AdcsConnectorClientImpl.retrieveCertificate(AdcsConnectorClientImpl.java:146) ~[adcs-connector-client-11.9.1-t1726060704.jar:?]
at com.jamfsoftware.jss.objects.pki.adcs.AdcsCertificatePayloadInjector.retrieveCertificate(AdcsCertificatePayloadInjector.java:146) ~[classes/:?]
... 13 more
2024-09-23 19:33:01,274 [error] [Pki-Pool-31] [ertificateInjectorService] - Certificate issuer returned no certificate for command 7a90ba97-7968-4c4a-b7bc-efa557680997 and payload A69C6131-40C2-4804-B46B-5E1CA15F169E

Has anyone seen this before?

Thanks.