After the App Control server certificate was updated:

• The web console becomes unavailable
• All agents become disconnected

ServerLog.bt9 shows the following or similar error:

B9IPDaemon: Failed to acquire credentials (version 4), error (-2146893043): The credentials supplied to the package were not recognized.
B9IPDaemon: Failed to acquire credentials (version 5), error (-2146893043): The credentials supplied to the package were not recognized.

App Control Server: All Supported Versions

This is a permission error accessing the private key of the server certificate.

SEC_E_UNKNOWN_CREDENTIALS

Certificate error: -2146893043, Hex code: 0x8009030D
The system found the certificate, but it cannot access the private key needed to use it. 

1. Try exporting and re-importing the certificate to the Trusted People Store:
   1. Have a copy of the PFX file
   2. Open the Local Machine Certificate Manager (certlm.msc)
   3. Navigate to the Trusted People > Certificates > All tasks > Export > Yes, Export the Private Key > Save it as a .PFX file
   4. Trusted People > Certificates > Import Certificate > point to the .PFX file
2. Validate service account permissions to the private key:
   1. Open the Local Machine Certificate Manager (certlm.msc)
   2. Navigate to Personal > Certificates > Import Certificate > point to the .PFX file
   3. Right-click the certificate > All tasks > Manage Private keys > verify that the Service Account has READ permissions
   4. Right-click the certificate > All tasks > Export > Yes, Export the Private Key > Save it as a .PFX file
   5. Navigate to Trusted People > Certificates > Import Certificate > point to the newly created .PFX file
3. Verify that the service account has permissions to the following locations:
   1. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\Services
   2. C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys
4. If possible, restart the server system.
5. If the issue persists, create a Support ticket.