Error when importing SSL certificate to Exchange 2013 (from one exported from Exchange 2010)

Hello,

I'm following this document for a Microsoft Exchange 2010 to Exchange 2013 migration.  

I have exported the SSL certificate from Exchange 2010 server.  After importing into the Exchange 2013 server, I am prompted to select the servers to which I want to.  After I have selected both the CAS and MBX server I receive an error:

error
The Exchange Certificate operation has failed with an exception on the server CTC-MAIL-CAS.  The error message is: Access is denied.

Any suggestions would be welcome.

Thanks in advance.

Regards,
Real-Timer
realtimerAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

David Paris VicenteSystems and Comunications  Administrator Commented:
Hi Real,

Did you defined a password when you exported the certificate?

When you export the Certificate it asks you to define a password. This password should also be used when you try to import the certificate.

Probably this is your issue.

Can you told us how did you exported the certificate?

Regards,

D.
realtimerAuthor Commented:
I entered the password both when exporting the certificate and when trying to import it.

Thanks.
David Paris VicenteSystems and Comunications  Administrator Commented:
Ok.

Thank you for your prompt feedback.

Can you check if you have the necessary permissions for the new Exchange, that you belong to domain admins and Exchange admin?

Are you able to install the certificate as you would do it normally without Exchange?
Is the Domain admin group added to the local administrators Group?


Regards,
D.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Determine the Perfect Price for Your IT Services

Do you wonder if your IT business is truly profitable or if you should raise your prices? Learn how to calculate your overhead burden with our free interactive tool and use it to determine the right price for your IT services. Download your free eBook now!

realtimerAuthor Commented:
Yessir - I'm logged in with the Administrator credentials.  Thanks again for your response.
David Paris VicenteSystems and Comunications  Administrator Commented:
The CAS and Mailbox roles are in the same server or in different servers?

I didn't understand in your previous reply, if you are able to install/import through mmc>Certificate>Local Computer>Personal store.

Regards.
D.
David Paris VicenteSystems and Comunications  Administrator Commented:
Just one thought can you check the security permissions in this directory "C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA folder" and check if the administrators and exchange administrators have full permissions for all folders and subfolders.

Regards,
D.
realtimerAuthor Commented:
Ended up calling and working with Microsoft.  Found that issue was:

"We added Exchange Trusted Subsystem Exchange Security Group to local administrator groups."

There seemed to be lots more that Microsoft seems to have done, but that is what MS insists was the issue.  How a clean install did not add the required permissions is beyond me.

Thanks,
Real-Time
realtimerAuthor Commented:
Ended up calling and working with Microsoft.  Found that issue was:

"We added Exchange Trusted Subsystem Exchange Security Group to local administrator groups."

There seemed to be lots more that Microsoft seems to have done, but that is what MS insists was the issue.  How a clean install did not add the required permissions is beyond me.

Thanks,
Real-Time
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Exchange

From novice to tech pro — start learning today.