Certificate Error installing Exchange 2013 CAS Role
Symptom
=====================================================================
When installing Exchange 2013 from PowerShell in my lab I ran into an issue and the server failed installing the Client Access Role.
Welcome to Microsoft Exchange Server 2013 Service Pack 1 Unattended Setup
Copying Files...
File copy complete. Setup will now collect additional information needed for installation.
Languages
Management tools
Mailbox role: Transport service
Mailbox role: Client Access service
Mailbox role: Unified Messaging service
Mailbox role: Mailbox service
Client Access role: Front End Transport service
Client Access role: Client Access Front End service
Performing Microsoft Exchange Server Prerequisite Check
Configuring Prerequisites COMPLETED
Prerequisite Analysis COMPLETED
Configuring Microsoft Exchange Server
Preparing Setup COMPLETED
Stopping Services COMPLETED
Copying Exchange Files COMPLETED
Language Files COMPLETED
Restoring Services COMPLETED
Language Configuration COMPLETED
Exchange Management Tools COMPLETED
Mailbox role: Transport service COMPLETED
Mailbox role: Client Access service FAILEDThe following error was generated when "$error.Clear();
Install-ExchangeCertificate –WebSiteName "Exchange Back End" -services "IIS, POP, IMAP" -DomainController $RoleDomainController -InstallInTrustedRootCAIfSelfSigned $true
if ($RoleIsDatacenter -ne $true -And $RoleIsPartnerHosted -ne $true)
{
Install-AuthCertificate -DomainController $RoleDomainController
}
" was run: "Could not grant Network Service access to the certificate with thumbprint 1C5101B4BE0AF6CBD6A39FD413436E2649B0124 because a cryptographic exception was thrown.".The Exchange Server setup operation didn't complete. More details can be found in ExchangeSetup.log located in the <SystemDrive>:ExchangeSetupLogs folder.
Cd "<Exchange Server installation path>\Scripts"
Since I was already in PowerShell I went ahead and added the Exchange Snap-In since the Exchange Management Tools were installed and checked for the thumbprint listed above
Windows PowerShell
Copyright (C) 2015 Microsoft Corporation. All rights reserved.
[PS] C:\PowerShell> Add-PSSnapin Microsoft.Exchange.Management.PowerShell.E2010
[PS] C:\PowerShell> Get-ExchangeCertificateThumbprint Services Subject
---------- -------- -------
0123456789ABCDEF0123456789ABCDEF01234567 ....S.. CN=ex02
ABCDEF0123456789ABCDEF01234567ABCDEF0123 ....S.. CN=Microsoft Exchange Server Auth Certificate
F0123456789ABCDEF0123456789ABCDEF0123456 ....... CN=WMSvc-EX02
As we can see it's not listed so I decided to look at all the certificates loaded on the server.
I then opened up MMC and added certificates for the local computer and see 4 certificates, however Exchange is only seeing 3. I am not sure where the certificate for the FQDN came from since the labs was just built today (8-10-14). The other three were supposed to be there after an Exchange Server install.
Workaround
=====================================================================
I backed up the certificate and removed it and then re-ran the installation and it resolved the issue.
Cause
=====================================================================
Unknown at this time. I have been able to reproduce the issue but I do not know why the certificate is there (possible lab image issue). Time to try to debug the issue.
Comments
- Anonymous
November 23, 2016
Does the same stupid issue on Exchange 2016 when installing on a DC, use the same fax as above