SCOM R2: Not able to remove a MP when a profile is set

Sometimes a MP is not needed any more or has ended a test phase and needs to be removed. When one has NOT used the Default MP for storing overrides, this is easily done. First remove the MP containing the overrides related to that specific MP and then remove the related MP components one by one. However…

When the related MP needs additional permissions, these are set within OpsMgr configuring the Run As Configuration by first defining an Account, distributing it to a set of computers or a certain Class and then adding that same account to a Profile, related to that MP. 

When a Run As Configuration is set in SCOM R2 what actually happens is that a new MP is created or, when already in place because sometime a Run As Configuration has been set before, that very same MP is altered. The MP I talk about is the Microsoft.SystemCenter.SecureReferenceOverride MP:

And sometimes, when removing a MP which needed additional permissions, that MP can get in the way. One can get this error message when trying to remove the last component of a MP:
 

So one tends to think: ‘Lets clean up the related Profile and Account and be done with it’. However, this will not always work as expected.

Lets clean up the related profile of the MP to be removed:

As you can see, all is gone. No more accounts associated to the Profile related to the MP to be removed. Now lets try to remove the MP:

So it is time to edit the Microsoft.SystemCenter.SecureReferenceOverride MP manually. In this example I have taken the PKI Certificate Validation MP. Do not get me wrong since I really like this MP. It is only an example.

1. First check out the ID of the MP which generates the error about the Microsoft.SystemCenter.SecureReferenceOverride MP. Double click it and copy its ID:
    
   
   
2. Export the Microsoft.SystemCenter.SecureReferenceOverride MP. When done copy the export file (xml-file) to another place so there is ALWAYS a way back!!!
   
   
   
3. Open Notepad and drag the export file into it. Search for the ID (found in Step 1) of the related MP which generates the error (in this case SystemCenterCentral.Utilities.Certificates):
    
   When found remove the section which starts <Reference Alias=””>, found directly above the <ID> line. The end of the section is the FIRST </Reference> part, right after the <ID> line.
   
   
4. When removed it looks like this:
    
   (Every SCOM environment differs from the other one, so changes are huge that you will see something different here.)
   
   
5. Save it and export this MP into SCOM R2.
   
   
6. Now the MP which needs to be removed can be deleted without any error message.