We help IT Professionals succeed at work.

Server 2008 R2 with Exchange 2010 : Certificate Install Error

jdfuller
jdfuller asked
on
I have a clean Server 2008 R2 with Exchange 2010 going on it.  Everything hunky dory in pre-requisites but when installed it fails on Network Services, bad thumbprint.   See below dump...

=============
Management Tools
Completed

Elapsed Time: 00:00:09


Hub Transport Role
Completed

Elapsed Time: 00:04:21


Client Access Role
Failed

Error:
The following error was generated when "$error.Clear(); Install-ExchangeCertificate -services "IIS, POP, IMAP" -DomainController $RoleDomainController" was run: "Could not grant Network Service access to the certificate with thumbprint 50BBE9D6844D16E636E33A78389D2EFFDB584672 because a cryptographic exception was thrown.".

Could not grant Network Service access to the certificate with thumbprint 50BBE9D6844D16E636E33A78389D2EFFDB584672 because a cryptographic exception was thrown.

Access is denied.


Elapsed Time: 00:01:40


Mailbox Role
Cancelled




Finalizing Setup
Cancelled



Comment
Watch Question

Solutions Architect
Commented:
on the server you are trying to install exchange on

start -> mmc

file -> add remove snap-ins -> certificates -> computer certificate / local computer

expand personal -> certificates

you should find there a certificate with the name of your server move it to the trusted root CA and try installing again

Author

Commented:
Bingo!  Akhater...

Answer from a TechNet posting - here for reference because I didn't find an answer on EE and in case someone else has this issue.  Key here is to use the Local Computer Account during snap-in construction.

Thank you for this post!  I can confirm as well that this indeed works!  I have a new 2008 R2 server (DC) running Exchange 2010, and this is what helped me get past that horrid error.  For me, the key was to look through my certificates until I found the one that had the thumbprint code that matched what was in the error message, and then move that certificate to the Trusted Root Certification Authorities folder.
--------------------------------------------------------------------------------
MCSE, MCSA, CCNA, A+

Author

Commented:
FAST!!  Thanks.  I used the answer I found on TechNet but right after the install completed I saw Akhater's answer.  Nice reponse time - you get the jellybeans, dude!
AkhaterSolutions Architect

Commented:
Glad to know it worked and thanks for the points

Commented:
Thanks. Well done....

Commented:
Hi Akhtar, I did try the above,
i found 3 certificate in local i have removed the (servername) to trusted .. and then tried to install it .. but failed.