Upgrading Exchange 2010 from SP1 to SP3 on SBS2011 Standard

During the upgrade on the hub transport role it fails.

I now have a email server down so urgent help required.

I have tried the upgrade twice, the second time from command run as administrator

The error is

 Write-ExchangeSetupLog -Info "Creating SBS certificate";

          $thumbprint = [Microsoft.Win32.Registry]::GetValue("HKEY_LOCAL_MACHINE\Software\Microsoft

\SmallBusinessServer\Networking", "LeafCertThumbPrint", $null);

          if (![System.String]::IsNullOrEmpty($thumbprint))
          {
            Write-ExchangeSetupLog -Info "Enabling certificate with thumbprint: $thumbprint for SMTP

service";
            Enable-ExchangeCertificate -Thumbprint $thumbprint -Services SMTP;
           
            Write-ExchangeSetupLog -Info "Removing default Exchange Certificate";
            Get-ExchangeCertificate | where {$_.FriendlyName.ToString() -eq "Microsoft Exchange"} | Remove-

ExchangeCertificate;

            Write-ExchangeSetupLog -Info "Checking if default Exchange Certificate is removed";
            $certs = Get-ExchangeCertificate | where {$_.FriendlyName.ToString() -eq "Microsoft Exchange"};
            if ($certs)
            {
              Write-ExchangeSetupLog -Error "Failed to remove existing exchange certificate"
            }
          }
          else
          {
            Write-ExchangeSetupLog -Warning "Cannot find the SBS certificate";
          }
       
[11/21/2015 02:07:05.0268] [2] Creating SBS certificate
[11/21/2015 02:07:05.0272] [2] Enabling certificate with thumbprint:

81CABFA70957A4595B9C6AD96AFD86BA3B61B526 for SMTP service
[11/21/2015 02:07:05.0277] [2] Active Directory session settings for 'Enable-ExchangeCertificate' are: View

Entire Forest: 'True', Configuration Domain Controller: 'HCSERVER2011.har.lan', Preferred Global

Catalog: 'HCSERVER2011.har.lan', Preferred Domain Controllers: '{ HCSERVER2011.har.lan

}'
[11/21/2015 02:07:05.0278] [2] Beginning processing Enable-ExchangeCertificate -

Thumbprint:'81CABFA70957A4595B9C6AD96AFD86BA3B61B526' -Services:'SMTP'
[11/21/2015 02:07:05.0284] [2] Searching objects "HCSERVER2011.har.lan" of type "Server" under the

root "$null".
[11/21/2015 02:07:05.0290] [2] Previous operation run on domain controller 'HCSERVER2011.har.lan'.
[11/21/2015 02:07:05.0685] [2] Unexpected Error
[11/21/2015 02:07:05.0686] [2] The certificate with thumbprint

81CABFA70957A4595B9C6AD96AFD86BA3B61B526 was not found.
[11/21/2015 02:07:05.0686] [2] Ending processing Enable-ExchangeCertificate
[11/21/2015 02:07:05.0688] [2] Removing default Exchange Certificate
[11/21/2015 02:07:05.0692] [2] Active Directory session settings for 'Get-ExchangeCertificate' are: View

Entire Forest: 'True', Configuration Domain Controller: 'HCSERVER2011.har.lan', Preferred Global

Catalog: 'HCSERVER2011.har.lan', Preferred Domain Controllers: '{ HCSERVER2011.har.lan

}'
[11/21/2015 02:07:05.0692] [2] Beginning processing Get-ExchangeCertificate
[11/21/2015 02:07:05.0692] [2] Active Directory session settings for 'Remove-ExchangeCertificate' are: View

Entire Forest: 'True', Configuration Domain Controller: 'HCSERVER2011.har.lan', Preferred Global

Catalog: 'HCSERVER2011.har.lan', Preferred Domain Controllers: '{ HCSERVER2011.har.lan

}'
[11/21/2015 02:07:05.0692] [2] Beginning processing Remove-ExchangeCertificate
[11/21/2015 02:07:05.0698] [2] Searching objects "HCSERVER2011.har.lan" of type "Server" under the

root "$null".
[11/21/2015 02:07:05.0704] [2] Previous operation run on domain controller 'HCSERVER2011.har.lan'.
[11/21/2015 02:07:06.0279] [2] Ending processing Get-ExchangeCertificate
[11/21/2015 02:07:06.0279] [2] Ending processing Remove-ExchangeCertificate
[11/21/2015 02:07:06.0280] [2] Checking if default Exchange Certificate is removed
[11/21/2015 02:07:06.0281] [2] Active Directory session settings for 'Get-ExchangeCertificate' are: View

Entire Forest: 'True', Configuration Domain Controller: 'HCSERVER2011.har.lan', Preferred Global

Catalog: 'HCSERVER2011.har.lan', Preferred Domain Controllers: '{ HCSERVER2011.har.lan

}'
[11/21/2015 02:07:06.0281] [2] Beginning processing Get-ExchangeCertificate
[11/21/2015 02:07:06.0282] [2] Searching objects "HCSERVER2011.har.lan" of type "Server" under the

root "$null".
[11/21/2015 02:07:06.0288] [2] Previous operation run on domain controller 'HCSERVER2011.har.lan'.
[11/21/2015 02:07:06.0410] [2] Ending processing Get-ExchangeCertificate
[11/21/2015 02:07:06.0411] [1] The following 1 error(s) occurred during task execution:
[11/21/2015 02:07:06.0411] [1] 0.  ErrorRecord: The certificate with thumbprint

81CABFA70957A4595B9C6AD96AFD86BA3B61B526 was not found.
[11/21/2015 02:07:06.0411] [1] 0.  ErrorRecord: System.InvalidOperationException: The certificate with

thumbprint 81CABFA70957A4595B9C6AD96AFD86BA3B61B526 was not found.
[11/21/2015 02:07:06.0412] [1] The following error was generated when "$error.Clear();
         

Write-ExchangeSetupLog -Info "Creating SBS certificate";

          $thumbprint =

[Microsoft.Win32.Registry]::GetValue("HKEY_LOCAL_MACHINE\Software\Microsoft\SmallBusinessServer\Networking",

"LeafCertThumbPrint", $null);

          if (![System.String]::IsNullOrEmpty($thumbprint))
          {
         

  Write-ExchangeSetupLog -Info "Enabling certificate with thumbprint: $thumbprint for SMTP service";
         

   Enable-ExchangeCertificate -Thumbprint $thumbprint -Services SMTP;
           
            Write-

ExchangeSetupLog -Info "Removing default Exchange Certificate";
            Get-ExchangeCertificate | where

{$_.FriendlyName.ToString() -eq "Microsoft Exchange"} | Remove-ExchangeCertificate;

            Write-

ExchangeSetupLog -Info "Checking if default Exchange Certificate is removed";
            $certs = Get-

ExchangeCertificate | where {$_.FriendlyName.ToString() -eq "Microsoft Exchange"};
            if ($certs)
   

        {
              Write-ExchangeSetupLog -Error "Failed to remove existing exchange certificate"
       

    }
          }
          else
          {
            Write-ExchangeSetupLog -Warning "Cannot find the SBS

certificate";
          }
        " was run: "The certificate with thumbprint

81CABFA70957A4595B9C6AD96AFD86BA3B61B526 was not found.".
[11/21/2015 02:07:06.0412] [1] The certificate with thumbprint

81CABFA70957A4595B9C6AD96AFD86BA3B61B526 was not found.
[11/21/2015 02:07:06.0412] [1] [ERROR-REFERENCE]

Id=SbsBridgeHeadComponent___6464a0ee0fd04f6b893a3c81d7eb3f26 Component=EXCHANGE14:\Current\Release\Shared

\Datacenter\Setup\SBS
[11/21/2015 02:07:06.0413] [1] Setup is stopping now because of one or more critical errors.
[11/21/2015 02:07:06.0413] [1] Finished executing component tasks.
[11/21/2015 02:07:06.0471] [1] Ending processing Install-BridgeheadRole
DavidAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

systechadminConsultantCommented:
Once you create the certfificate, go to IIS, and see the certificate there, you might need to install the certificate in the Personal Store.
First export the certificate in .pfx format and then import it.

Start the MMC.exe process.
Click File, click Add/Remove Snap-in, and then click Certificates.
On the Certificates snap-in screen, click Add, and then select My user account. Click Finish, and then click OK.
Expand Console Root, expand Certificates - Current User, expand Personal, and then expand Certificates.
Import the certificate, once it is done, them try to enable the certificate.
0
DavidAuthor Commented:
Hi there, i havent created any certificates. This error appear on attempting to upgrade to SP3. So i assume the certificates would already be there
0
HariomExchange ExpertsCommented:
Try following steps :-

1) Try to run the update from the command prompt (Run it as administrator)

http://www.experts-exchange.com/Software/Server_Software/Email_Servers/Exchange/Q_28351604.html

2) When installing SP3 of Exchange 2010 on a SBS 2011 machine the installation might fail on the mailbox role.
Clear the value inside the following key.
HKEY_LOCAL_MACHINE/Software/Microsoft/SmallBusinesServer/Networking/LeafCertThumbprint
Do not delete the entire key since its needed.
Rerun the setup and it will, if nothing else is wrong complete successfully.

Refrecence :-

https://social.technet.microsoft.com/Forums/windows/en-US/85607d12-cabb-42b9-9335-3e0883555260/failure-installing-sp3-on-exchange-2010
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Ultimate Tool Kit for Technology Solution Provider

Broken down into practical pointers and step-by-step instructions, the IT Service Excellence Tool Kit delivers expert advice for technology solution providers. Get your free copy now.

HariomExchange ExpertsCommented:
If above steps fails then you need to reset your certificate using following article :-

https://jefferyland.wordpress.com/2012/01/16/problems-installing-exchange-2010-service-pack-2-on-sbs-2011/
0
DavidAuthor Commented:
you beat me to it.

i found this article https://exchangemaster.wordpress.com/2014/05/27/exchange-2010-sp3-installation-fails-on-sbs-2011/

which pointed me to doing as you said and delete the data inside the LeafCertThumbprint key

its completed on 1 server, just another client who had the same issue im running it aswell. Fingers crossed and Thanks
0
HariomExchange ExpertsCommented:
Thanks for the info and points.
0
DavidAuthor Commented:
provided links to articles
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Exchange

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.