Unable to access the private key for new certificate. The system account must have modify permissions to the Crpto\RSA folder

In the event viewer, you see messages from the Communications Agent service similar to:

SPIComService451 (8.0.7958.27371):
An internal application error has occurred.

Error Number: 1025
Unable to access the private key for the new certificate. The system account must have modify permissions to the Crypto\RSA folder. For 2008 R2, the RSA folder is in the hidden folder c:\ProgramData\Microsoft\Crypto\RSA.
System.NullReferenceException: Object reference not set to an instance of an object.

Error StackTrace: at SPILicenseLib4.CertificateCreator.CreateSelfSignCertificate()

Error source: at SPICommonLib4.SPICommon.SPI_DebugNotify()
at SPIComService451.SPICommonSource.SPI_AssertNotify()
at SPIComService451.SPIComService.OnStart()
at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback()

Resolution

This message indicates that the built-in SYSTEM account does not have modify permissions to the Crypto\RSA folder which prevents the Communications Agent service from being able to generate it's certificate. Check the permissions on C:\ProgramData\Microsoft\Crypto\RSA and ensure the SYSTEM account has a minimum of Modify permissions. By default, the account has Full Control on most operating systems.