invalid client

[chris]

My FHIR app has been "migrated" such that it can be used in our lower - MOCK environment.  I have created a sandbox account in  https://sandboxcernercentral.com

I see the account in https://sandboxcernercentral.com/system-accounts/ and have attempted to obtain a token using client_credentials flow per
https://fhir.cerner.com/authorization/#requesting-authorization-on-behalf-of-a-system
and am getting a

{"error":"invalid_client","error_uri":"https://authorization.sandboxcerner.com/errors/urn%3Acerner%3Aerror%3Aauthorization-server%3Aoauth2%3Atoken%3Aterminated-client/instances/55931852-386b-47f0-879e-96b3b0df2a71?client=<myclientid>&tenant=<mytenant>"}

 I am using the base64 of accountID :secret of this new system account to create my basic auth header for the token request and POSTing to

https://authorization.sandboxcerner.com/tenants/<mytenant>/protocols/oauth2/profiles/smart-v1/token

to get a token. 

This same flow works against
https://authorization.cerner.com/tenants/ec2458f2-1e24-41c8-b71b-0e701af7583d/protocols/oauth2/profiles/smart-v1/token

Using the https://cernercentral.com/system-accounts/ system account I created and the public tenant. 

Based on the examples I’m seeing this should work.  I have verified that my accountID and secret are correct and that they are being base64'd properly. – assume something isn’t right with client/tenant registration?