Is your scheduler account configured to use an account that is in the managementsuite group on your core server? If not I would start by changing that.
Well this is interesting. I tried your suggestion Ty, as I had not put that particular service account into the management group and tried again. It still didn't post a cert, same error.
So I decided to attempt to create a cert on my local PC, just to see if it even worked with the brokerconfig.exe gui and everything. Put in a user with correct access and it just timed out with, "failed to retrieve certificate".
And I thought this machine had the cert from a long time ago, but apparently not, it listed as "the client certificate is not present. press send to retrieve a certificate".
So apparently I haven't been passing out certs?... Looks like its time to contact support probably.
in your certs folder on your clients do you have a bunch of .0 files. If you delete\move all of them except for the one that is in the ldlogon dir on the core server does it work. Assuming you have the proper cert posted to your GW.
I tried that by cleaning up the certs and no dice.
I also went through the troubleshooting guide for the management gateway in general and everything as far as communication and testing worked out.
The only thing I can think of, well a question rather, is how does the client go to get the certificate? Does it go to the outside address of the management gateway and pull it from there? If it does, that would make sense as to why its failing as we happen to have all internal loop-backs blocked internally.
I just ran into this same issue. I was able to resolve it by restarting the mangement gateway service on the core. I am now able to push out broker certs without issue.