Exchange 2013 SSL Certificate Installation Issue

Environment
2 x Exchange 2013 CAS Servers (for Office 365 migration endpoint)
1 x Windows Server 2012 - Network Load Balancing Role Installed

Goal
Install one SSL on all three servers mentioned above, including load balancing on Windows Server 2012.

Question
We purchased an SSL cert from GoDaddy, the CSR was generated from the Exchange Admin Center on one of the two Exchange 2013 Hybrid servers. We received two files after purchasing,

  1.     a17582956295961d.crt
  2.     gd-g2_iis_intermediates.p7b

---------------------------------------------------------------------------------

I have followed the steps per GoDaddys Help 'INSTALLING AN SSL CERTIFICATE IN MICROSOFT EXCHANGE SERVER 2013'
https://www.godaddy.com/help/installing-an-ssl-certificate-in-microsoft-exchange-server-2013-4774

To Install an Intermediate Certificate in Microsoft Exchange Server 2013
Installed successfully via MMC > Certificates importing the gd-g2_iis_intermediates.p7b

To Install an SSL Certificate in Microsoft Exchange Server 2013
Attempted via Exchange Admin Center > Servers > Certificates > Import Certificate (\\server\folder\a17582956295961d.crt)  - procedure fails with the following...  


error
A special Rpc error occurs on server CAS01: Cannot import certificate. A certificate with the thumbprint 720845FA0CEDC54FABA1234D891410DD845DD457 already exists.


Let me add that I have run these commands in hope that they would at least show the thumbprint or certificate on the server, but I do not find them.


Get-ExchangeCertificate -Server CAS01 | FL
Get-ExchangeCertificate -Server CAS02 | FL
Get-ExchangeCertificate 720845FA0CEDC54FABA1234D891410DD845DD457 | Format-List *


---------------------------------------------------------------------------------

I believe the Server with the Network Load Balancer role was successfully installed, the Intermediate Certificate anyways... how can I check before going live? This was installed via MMC > Certificates importing the gd-g2_iis_intermediates.p7b method successfully.

---------------------------------------------------------------------------------

Can anyone suggest detailed ideas on fixing the  error mentioned above?

Thanks in advance.
Christian HansUndecided... Asked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Christian HansUndecided... Author Commented:
Not sure if this add to the issue:

Results from running
Get-ExchangeServer | Get-ExchangeCertificate | FL | Export-Csv C:\Certificate\Get-ExchangeCertificates.csv


A special Rpc error occurs on server MBXSVR01: The certificate with thumbprint CAS05 was not found.
    + CategoryInfo          : NotSpecified: (:) [Get-ExchangeCertificate], InvalidOperationException
    + FullyQualifiedErrorId : [Server=CAS05,RequestId=9c36ddsd-1233-44fa-ade7-80461e32796a,TimeStamp=7/23/2015 2:44
   :11 PM] [FailureCategory=Cmdlet-InvalidOperationException] CC21EFEA,Microsoft.Exchange.Management.SystemConfigurat
  ionTasks.GetExchangeCertificate
    + PSComputerName        : CAS01.domainname.local
Simon Butler (Sembee)ConsultantCommented:
I would generate a new SSL request within Exchange and then do a rekey through GoDaddy. It is important that you do a NEW SSL request, not a renewal or anything.

Simon.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Christian HansUndecided... Author Commented:
Thanks for your suggestion Simon. Shouldn't I be able to locate the certificate and remove it? Using the MMC and the Thumbprint perhaps?
Simon Butler (Sembee)ConsultantCommented:
You should be able to, but the error would suggest something has gone wrong.
Therefore a rekey will give you a new certificate with a new thumbprint which will work correctly. Exchange has already rejected the one you have now.

Simon.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Exchange

From novice to tech pro — start learning today.