Recommended Posts

Hi Guys,

 

I'm trying to install MS Exchange Server 2016 on Server 2016 and keep getting the below error message on step 9 - Mailbox Role - Client Access Service;

 

  Quote

Error:
The following error was generated when "$error.Clear(); 
          Install-ExchangeCertificate -WebSiteName "Exchange Back End" -services "IIS, POP, IMAP" -DomainController $RoleDomainController -InstallInTrustedRootCAIfSelfSigned $true
          if ($RoleIsDatacenter -ne $true -And $RoleIsPartnerHosted -ne $true)
          {
            Install-AuthCertificate -DomainController $RoleDomainController
          }
        " was run: "Microsoft.Exchange.Management.SystemConfigurationTasks.AddAccessRuleCryptographicException: Could not grant Network Service access to the certificate with thumbprint 568C333312B617AB72450E4E1393C83175ABF45A because a cryptographic exception was thrown. ---> System.Security.Cryptography.CryptographicException: Access is denied.

   at Microsoft.Exchange.Security.Cryptography.X509Certificates.TlsCertificateInfo.CAPIAddAccessRule(X509Certificate2 certificate, AccessRule rule)
   at Microsoft.Exchange.Security.Cryptography.X509Certificates.TlsCertificateInfo.AddAccessRule(X509Certificate2 certificate, AccessRule rule)
   at Microsoft.Exchange.Management.SystemConfigurationTasks.ManageExchangeCertificate.EnableForServices(X509Certificate2 cert, AllowedServices services, String websiteName, Boolean requireSsl, ITopologyConfigurationSession dataSession, Server server, List`1 warningList, Boolean allowConfirmation, Boolean forceNetworkService)
   --- End of inner exception stack trace ---
   at Microsoft.Exchange.Configuration.Tasks.Task.ThrowError(Exception exception, ErrorCategory errorCategory, Object target, String helpUrl)
   at Microsoft.Exchange.Configuration.Tasks.Task.WriteError(Exception exception, ErrorCategory category, Object target)
   at Microsoft.Exchange.Management.SystemConfigurationTasks.InstallExchangeCertificate.EnableForServices(X509Certificate2 cert, AllowedServices services)
   at Microsoft.Exchange.Management.SystemConfigurationTasks.InstallExchangeCertificate.InternalProcessRecord()
   at Microsoft.Exchange.Configuration.Tasks.Task.<ProcessRecord>b__91_1
   at Microsoft.Exchange.Configuration.Tasks.Task.InvokeRetryableFunc(String funcName, Action func, Boolean terminatePipelineIfFailed)".

Expand  

Does anyone know how to resolve this error message please?

 

Cheers,

Wongle.

It looks like it is failing with the self signed cert.  

 

you could try uninstalling everything including iis, reboot, then try elevating the install.  

 

Make sure you update windows server fully prior to insalling exchange.  

 

Also exchange should be on its own server. Do not share with other installs, no AD server, no sql, etc...completely standalone.

This topic is now closed to further replies.