Installation of Client Access role fails on Windows 2012
I know Exchange 2010 (prior to SP3) is not fully supported on Win2012, but I read that it might just work.
I am getting the following error contstantly:
I tried the following which I found many times over:
Still, it keeps giving that error. What to do?
I am getting the following error contstantly:
[12/22/2012 15:21:22.0145] [2] Unexpected Error
[12/22/2012 15:21:22.0191] [2] Could not grant Network Service access to the certificate with thumbprint 5A442CC0A9ED647E03DE0C1BCFD7321AEDF2 96EF because a cryptographic exception was thrown.
[12/22/2012 15:21:22.0192] [2] Access is denied.
[12/22/2012 15:21:22.0194] [2] Ending processing.
[12/22/2012 15:21:22.0195] [1] The following 1 error(s) occurred during task execution:
[12/22/2012 15:21:22.0195] [1] 0. ErrorRecord: Could not grant Network Service access to the certificate with thumbprint 5A442CC0A9ED647E03DE0C1BCFD7321AEDF2 96EF because a cryptographic exception was thrown.
[12/22/2012 15:21:22.0196] [1] 0. ErrorRecord: Microsoft.Exchange.Management.System Configurat ionTasks.A ddAccessRu leCryptogr aphicExcep tion: Could not grant Network Service access to the certificate with thumbprint 5A442CC0A9ED647E03DE0C1BCF D7321AEDF2 96EF because a cryptographic exception was thrown. ---> System.Security.Cryptograp hy.Cryptog raphicExce ption: Access is denied.
at Microsoft.Exchange.Security.Cryptogr aphy.X509C ertificate s.TlsCerti ficateInfo .CAPIAddAc cessRule(X 509Certifi cate2 certificate, AccessRule rule)
at Microsoft.Exchange.Security.Cryptogr aphy.X509C ertificate s.TlsCerti ficateInfo .AddAccess Rule(X509C ertificate 2 certificate, AccessRule rule)
at Microsoft.Exchange.Management.System Configurat ionTasks.M anageExcha ngeCertifi cate.Enabl eForServic es(X509Cer tificate2 cert, AllowedServices services, Boolean requireSsl, ADSystemConfigurationSessi on dataSession, Server server, List`1 warningList, Boolean allowConfirmation, Boolean forceNetworkService)
--- End of inner exception stack trace ---
at Microsoft.Exchange.Management.System Configurat ionTasks.M anageExcha ngeCertifi cate.Enabl eForServic es(X509Cer tificate2 cert, AllowedServices services, Boolean requireSsl, ADSystemConfigurationSessi on dataSession, Server server, List`1 warningList, Boolean allowConfirmation, Boolean forceNetworkService)
at Microsoft.Exchange.Management.System Configurat ionTasks.I nstallExch angeCertif icate.Enab leForServi ces(X509Ce rtificate2 cert, AllowedServices services)
[12/22/2012 15:21:22.0196] [1] The following error was generated when "$error.Clear(); Install-ExchangeCertificate -services "IIS, POP, IMAP" -DomainController $RoleDomainController" was run: "Could not grant Network Service access to the certificate with thumbprint 5A442CC0A9ED647E03DE0C1BCF D7321AEDF2 96EF because a cryptographic exception was thrown.".
[12/22/2012 15:21:22.0196] [1] Could not grant Network Service access to the certificate with thumbprint 5A442CC0A9ED647E03DE0C1BCFD7321AEDF2 96EF because a cryptographic exception was thrown.
[12/22/2012 15:21:22.0196] [1] Access is denied.
I tried the following which I found many times over:
Fire up MMC, add the Local Computer Certificate store into the console, located the certificate for the computers DNS name when you first went to install Exchange 2010 Beta/RC, (It will be in the personal store if you are getting this error), move it into the Trusted Root Certification Authorities. Now you can install, enjoy :).
Still, it keeps giving that error. What to do?
Who is Participating?
Experts Exchange Solution brought to you by
Enjoy your complimentary solution view.
Get this solution by purchasing an Individual license!
Start your 7-day free trial.
I wear a lot of hats...
"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.
Wait.
For Service Pack 3.
Do you really think it's a GOOD idea to run a mail service in a known unsupported configuration? I don't know your organization, but all the organizations I've worked for/with find mail pretty critical these days - doing this doesn't just seem unwise... it seems HORRIBLY unwise.
If you need to install Exchange 2010, then use the downgrade rights from 2012 to install a 2008 R2 server and install Exchange 2010 on that.
For Service Pack 3.
Do you really think it's a GOOD idea to run a mail service in a known unsupported configuration? I don't know your organization, but all the organizations I've worked for/with find mail pretty critical these days - doing this doesn't just seem unwise... it seems HORRIBLY unwise.
If you need to install Exchange 2010, then use the downgrade rights from 2012 to install a 2008 R2 server and install Exchange 2010 on that.
I understand your point. I would prefer Exchange 2013 to be honest, but I want it all combined (for many reasons, which dont really matter at the time) on a remote-desktop-server. This setup (RDS+Exchange 2013) is not possible. It won't install.
So its either Exchange 2010 with Win2012, or Win2012 with RDS and Exchange 2013...
So its either Exchange 2010 with Win2012, or Win2012 with RDS and Exchange 2013...
What you want and what you can have are not always the same thing.
RDS should be deployed on its own server.
Exchange should be deployed on its own server.
You aren't going to get Exchange 2010 to run on Windows 2012, even if you can make it install. That is because Windows 2012 uses PowerShell 3.0 which will not run Exchange 2010 commandlets with the current release.
You are going to have to rethink what you want to do, because I don't think either of your options are possible.
Simon.
RDS should be deployed on its own server.
Exchange should be deployed on its own server.
You aren't going to get Exchange 2010 to run on Windows 2012, even if you can make it install. That is because Windows 2012 uses PowerShell 3.0 which will not run Exchange 2010 commandlets with the current release.
You are going to have to rethink what you want to do, because I don't think either of your options are possible.
Simon.
Experts Exchange Solution brought to you by
Your issues matter to us.
Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.
Start your 7-day free trialIt's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Exchange
From novice to tech pro — start learning today.
Experts Exchange Solution brought to you by
Enjoy your complimentary solution view.
Get this solution by purchasing an Individual license!
Start your 7-day free trial.
Deploy it on a supported OS and wait until the service pack is released.
Simon.