In order to create an agent, you need agent certificates during the installation process. If the agents have failures with the listed certificates, such as the private key not being exportable, then the following error is seen when clicking Generate Agent:
"Unable to access client certificate, or failed to read its private key"
This error is caused by either certificate permissions issues, or much more likely, the certificate was imported into the Private certificates store without the two certificates, the Client and Server certificate respectively, having their private key marked as exportable.
The Agent Packager needs the private key to be able to be exported so the agent can properly validate itself to the server; without this, the packager cannot generate an agent.
Go to Run and type MMC in Windows;
Select File Add/Remove Snap-In and select Certificates
Click Add>Computer Account>Next>Finish>OK
Expand Certificates, you should see something like below: