I know Exchange 2010 (prior to SP3) is not fully supported on Win2012, but I read that it might just work.
I am getting the following error contstantly:
[12/22/2012 15:21:22.0145] [2] Unexpected Error
[12/22/2012 15:21:22.0191] [2] Could not grant Network Service access to the certificate with thumbprint 5A442CC0A9ED647E03DE0C1BCFD7321AEDF296EF because a cryptographic exception was thrown.
[12/22/2012 15:21:22.0192] [2] Access is denied.
[12/22/2012 15:21:22.0194] [2] Ending processing.
[12/22/2012 15:21:22.0195] [1] The following 1 error(s) occurred during task execution:
[12/22/2012 15:21:22.0195] [1] 0. ErrorRecord: Could not grant Network Service access to the certificate with thumbprint 5A442CC0A9ED647E03DE0C1BCFD7321AEDF296EF because a cryptographic exception was thrown.
[12/22/2012 15:21:22.0196] [1] 0. ErrorRecord: Microsoft.Exchange.Management.SystemConfigurationTasks.AddAccessRuleCryptographicException: Could not grant Network Service access to the certificate with thumbprint 5A442CC0A9ED647E03DE0C1BCFD7321AEDF296EF because a cryptographic exception was thrown. ---> System.Security.Cryptography.CryptographicException: Access is denied.
at Microsoft.Exchange.Security.Cryptography.X509Certificates.TlsCertificateInfo.CAPIAddAccessRule(X509Certificate2 certificate, AccessRule rule)
at Microsoft.Exchange.Security.Cryptography.X509Certificates.TlsCertificateInfo.AddAccessRule(X509Certificate2 certificate, AccessRule rule)
at Microsoft.Exchange.Management.SystemConfigurationTasks.ManageExchangeCertificate.EnableForServices(X509Certificate2 cert, AllowedServices services, Boolean requireSsl, ADSystemConfigurationSession dataSession, Server server, List`1 warningList, Boolean allowConfirmation, Boolean forceNetworkService)
--- End of inner exception stack trace ---
at Microsoft.Exchange.Management.SystemConfigurationTasks.ManageExchangeCertificate.EnableForServices(X509Certificate2 cert, AllowedServices services, Boolean requireSsl, ADSystemConfigurationSession dataSession, Server server, List`1 warningList, Boolean allowConfirmation, Boolean forceNetworkService)
at Microsoft.Exchange.Management.SystemConfigurationTasks.InstallExchangeCertificate.EnableForServices(X509Certificate2 cert, AllowedServices services)
[12/22/2012 15:21:22.0196] [1] The following error was generated when "$error.Clear(); Install-ExchangeCertificate -services "IIS, POP, IMAP" -DomainController $RoleDomainController" was run: "Could not grant Network Service access to the certificate with thumbprint 5A442CC0A9ED647E03DE0C1BCFD7321AEDF296EF because a cryptographic exception was thrown.".
[12/22/2012 15:21:22.0196] [1] Could not grant Network Service access to the certificate with thumbprint 5A442CC0A9ED647E03DE0C1BCFD7321AEDF296EF because a cryptographic exception was thrown.
[12/22/2012 15:21:22.0196] [1] Access is denied.
I tried the following which I found many times over:
Fire up MMC, add the Local Computer Certificate store into the console, located the certificate for the computers DNS name when you first went to install Exchange 2010 Beta/RC, (It will be in the personal store if you are getting this error), move it into the Trusted Root Certification Authorities. Now you can install, enjoy :).
Still, it keeps giving that error. What to do?
Deploy it on a supported OS and wait until the service pack is released.
Simon.