The private key does not match the public key extracted from the corresponding trusted publishing domain server licensor ...

The private key does not match the public key extracted from the corresponding trusted publishing domain server licensor certificate. Make sure that the Active Directory Rights Management Services (AD RMS) service account has access to the private key store.  If the cluster key is centrally managed by AD RMS, ensure that the AD RMS configuration database is available on the network. If the cluster key is stored in a hardware-based cryptographic storage provider, verify that the cluster key has been imported into the AD RMS cluster. Re-import the trusted publishing domain.

Parameter Reference
Context: %1
RequestId: %2
%3
%4

The private key associated with the specified certificate cannot be authorized. The private key authorization was either ... The private key could not be read from the database or the registry. You must be logged on with an account that is a member ... The private key could not be updated in the database or in the registry. You must be logged on with an account that is a ... The private key data is not consistent. If you are using a hardware security module (HSM), private bytes must be null; otherwise, ... The private key does not match the public key extracted from the corresponding trusted publishing domain server licensor ... The private key is invalid in the file of imported trusted publishing domain. Try to export the certificate file from the ... The private key module cannot perform a requested operation because the default key identity is unknown. Verify the configuration ... The private key module encountered a mismatch between the CSP type and the persisted private key information. The configuration ... The private key module expects a single issued principal in the server licensor certificate of a domain licensor certificate. ...