When you generate a Cloud-enabled Management (CEM) agent package, you see the error "Failed to generate package" and "Object reference not set to an instance of an object".
The self-signed "Client Authentication" SSL certificate cached on the SMP server lost its reference to a corresponding private key. As a result the certificate was insolvent and could not be used for secure communications by the thumbprint referenced in the package builder UI.
The certificate’s thumbprint is saved to the registry string:
In cases where the corresponding private key is broken, the solution is to remove the broken key and load a previously exported backup (.PFX file) of the original certificate.
If a backup of the certificate does not exist then a new one will need to be generated. This will require that the new certificate be deployed to all existing clients and gateway machines.