Secondary Site stuck in a pending state with the error “Cannot find a public key for instruction \inboxes\despoolr.box\receive\somefile.ist coming from site XYZ, retry it later” in the despool.log

I certainly like the fact that I can setup a new secondary site right from the Configuration Manager console and that additionally I can choose to push the installation files to the new secondary site as part of that setup process.  Sometimes it even works.  However, more often than not I end up with a site stuck in a pending state.  Usually checking the despool.log on the primary site I see something similar to:

CPublicKeyLookup::CPublicKeyLookup("XYZ")
Cannot find a public key for instruction \inboxes\despoolr.box\receive\somefile.ist coming from site XYZ, retry it later

To correct this problem log on to the secondary site server, open a command prompt, and from the \Bin\i386\00000409\ folder run

preinst /keyforparent

This command will create a <XYZ>.CT4 file in the root of the drive. Copy the <XYZ>.CT4 file into the \inboxes\hman.box\ folder on the primary site. Wait a few minutes for the hierarchy manager to import the file (it will disappear from the folder) and the despooler to finish processing its backlog and everything should be back on track.

Likewise, you may also subsequently encounter a similar issue where the new secondary site doesn’t have a key for the primary site.  In that case the despool.log on the secondary site server should show similar errors to what we saw in the primary site’s despool.log. In this case log on to the primary site server and run

preinst /keyforchild

Copy the resulting CT5 file to \inboxes\hman.box\ on the child site and wait for the child site to import the CT5 file and complete processing just like you did for the primary site.