techosi
asked on
Error assigning services with new certificate Exchange 2013
Hi,
When I try change services SMTP of certificate that will expire to new certificate done correctly, I not see the message of re-write certificate existing and I receive the follow error:
The Exchange Certificate operation has failed with an exception on server XXXXXXX. The error message is: Unknown error (0xe0434352)
+ CategoryInfo : InvalidOperation: (:) [Enable-ExchangeCertificat e], LocalizedException
+ FullyQualifiedErrorId : [Server=nameserver,Request Id=da203e5 e-a443-4da 8-be75-72b 5603ebe66, TimeStamp= 28/02/2017 10:40:06] [FailureCategory=Cmdlet-Lo calizedExc eption] 226FBD71,Microsoft.Exchang e.Manageme nt.SystemC onfigurati onTasks.En ableExchan geCertific ate
+ PSComputerName : server.domain.local
After, I can see the service SMTP assigned to the new certificate but isn´t correct.
The problem is that when expire the old certificate, the service down!
Any suggestion?
Thanks guys!
When I try change services SMTP of certificate that will expire to new certificate done correctly, I not see the message of re-write certificate existing and I receive the follow error:
The Exchange Certificate operation has failed with an exception on server XXXXXXX. The error message is: Unknown error (0xe0434352)
+ CategoryInfo : InvalidOperation: (:) [Enable-ExchangeCertificat
+ FullyQualifiedErrorId : [Server=nameserver,Request
+ PSComputerName : server.domain.local
After, I can see the service SMTP assigned to the new certificate but isn´t correct.
The problem is that when expire the old certificate, the service down!
Any suggestion?
Thanks guys!
Do you run the command in Exchange server?
ASKER
Yes, run as admin in the Exchange Server.
If the error occurs while running an elevated powershell there are 2 possible rights assignements wrong.
Domain admins are not members off the exchange admins in AD or
the Exchange Trusted Subsystem Exchange Security Group is not member of the local administrator groups on the exchange server.
Domain admins are not members off the exchange admins in AD or
the Exchange Trusted Subsystem Exchange Security Group is not member of the local administrator groups on the exchange server.
ASKER
This options are verified and correct. Thanks.
Youre welcome
ASKER
I have not explained well.
The reason is not for groups or permissions. The error continues.
The reason is not for groups or permissions. The error continues.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Start -> powershell -> run as administrator -> Get-ExchangeCertificates Yes,shows you certificate overview.
Start -> powershell -> run as administrator -> New-ExchangeCertificate
The Exchange Certificate operation has failed with an exception on server XXXXXXX. The error message is: Unknown error (0xe0434352)
+ CategoryInfo : InvalidOperation: (:) [Enable-ExchangeCertificat e], LocalizedException
+ FullyQualifiedErrorId : [Server=nameserver,Request Id=da203e5 e-a443-4da 8-be75-72b 5603ebe66, TimeStamp= 28/02/2017 10:40:06] [FailureCategory=Cmdlet-Lo calizedExc eption] 226FBD71,Microsoft.Exchang e.Manageme nt.SystemC onfigurati onTasks.En ableExchan geCertific ate
+ PSComputerName : server.domain.local
Start -> powershell -> run as administrator -> New-ExchangeCertificate
The Exchange Certificate operation has failed with an exception on server XXXXXXX. The error message is: Unknown error (0xe0434352)
+ CategoryInfo : InvalidOperation: (:) [Enable-ExchangeCertificat
+ FullyQualifiedErrorId : [Server=nameserver,Request
+ PSComputerName : server.domain.local
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Get is working, New isn´t working.
I´he delete broken and revoked and not solved the case.
I don´t know what to do with it.
Many thanks Patrick!
I´he delete broken and revoked and not solved the case.
I don´t know what to do with it.
Many thanks Patrick!
@techosi, what is your status?
ASKER
@Patrick, I´dont have solution yet.
I made the change manually to have service, but the error continues.
Thanks
I made the change manually to have service, but the error continues.
Thanks
Did you remove all faulthy certificates?
ASKER
I had to do it manually and also assign services to the new certificate manually in that way.
I can not execute the command New-certificate, I have the error yet.
I can not execute the command New-certificate, I have the error yet.
Yes you wrote this before but did you remove the faulthy certificates?
So run Get one more time and delete the ones like below example,
[PS] C:\>Remove-ExchangeCertificate -Thumbprint Xxxxxxxxxxxxxxxxxxxxx
ASKER
Yes
Nice! That mean that. Get-ExchangeCertificates Is only showing you valid certificates that are in use and you can explain them all. New- should than be working (Maybe it needs a server reboot)
This is a proven way to fix this issue. Seems like a language barrier makes this thread abandoned.
What happens if you run the following PS Get-ExchangeCertificate command AS ADMIN? Same error?