I've solved my provisioning issue. However, during that time, I've accumulated 60 half-provisioned machines. I say half way because for the most part, they
were half way into the process, in that they created the AD Objects, but the SCCM Client is not recognizing that they fully provisioned. So it looks like my 3rd party certificate was still good in that my OOB MP was able to connect using the OTP and start the provisioning process. Once it got to the point to generate the provisioning cert for the MEBx, the process died because the authentication chain was broken.
Now, here comes the $64,000 question. What is the best way to remediate this? Should I send an unprovision program using the tool to reset the MEBx and force provisioning a second time? Or this there a better way to do this? Thanks for your help.