While attempting to initialize the PMUser and / or Helpdesk sites using the built-in certificate on a standalone (DMZ) server the following error is reported.
"Password Manager Service is not available"
The following error may also be reported in the verbose logs from the Standalone (DMZ) server.
"A call to SSPI failed, see inner exception."
When both the client and server have .NET Framework 4.6 or later installed TLS 1.2 is used for negotiation by default however TLS 1.1 is also required for the built-in certificate.
In order to enforce both TLS 1.1 & 1.2 on the standalone server
Verify that the user / helpdesk site(s) can initialize using the built-in certificate.