If you happen to get Event ID 20069 “The specified certificate could not be loaded because the KeySpec must be AT_KEYEXCHANGE” which has happened to me recently and made me spent quite a lot of time to find a reason what was going wrong.

Most of the troubleshooting articles that you will find (although they are not many) will refer to the wrong type of the certificate being used and lead to regenerate¬†it following the certain steps. However, with Microsoft monitoring agent and “AT_KEYEXCHANGE” error might be complete a different thing, which had also been in my case. I had exact same type of certificates working on other server but not on a specific one. Read more →