locked
Exchange Server CU23 CAS Server Upgrade Fail with Below mentioned error RRS feed

 > 

  • Question

  • Question
    Sign in to vote
    0
    Sign in to vote

    Error:
    The following error was generated when "$error.Clear();
              Install-ExchangeCertificate -services "IIS, POP, IMAP" -DomainController $RoleDomainController
              if ($RoleIsDatacenter -ne $true -And $RoleIsPartnerHosted -ne $true)
              {
              Install-AuthCertificate -DomainController $RoleDomainController
              }
            " was run: "Microsoft.Exchange.Management.SystemConfigurationTasks.AddAccessRuleCryptographicException: Could not grant Network Service access to the certificate with thumbprint 31596249314B0A6DC7E13E00FAB6765DADA18639 because a cryptographic exception was thrown. ---> System.Security.Cryptography.CryptographicException: Access is denied.

       at Microsoft.Exchange.Security.Cryptography.X509Certificates.TlsCertificateInfo.CAPIAddAccessRule(X509Certificate2 certificate, AccessRule rule)
       at Microsoft.Exchange.Security.Cryptography.X509Certificates.TlsCertificateInfo.AddAccessRule(X509Certificate2 certificate, AccessRule rule)
       at Microsoft.Exchange.Management.SystemConfigurationTasks.ManageExchangeCertificate.EnableForServices(X509Certificate2 cert, AllowedServices services, String websiteName, Boolean requireSsl, ITopologyConfigurationSession dataSession, Server server, List`1 warningList, Boolean allowConfirmation, Boolean forceNetworkService)
       --- End of inner exception stack trace ---
       at Microsoft.Exchange.Configuration.Tasks.Task.ThrowError(Exception exception, ErrorCategory errorCategory, Object target, String helpUrl)
       at Microsoft.Exchange.Configuration.Tasks.Task.WriteError(Exception exception, ErrorCategory category, Object target)
       at Microsoft.Exchange.Management.SystemConfigurationTasks.InstallExchangeCertificate.EnableForServices(X509Certificate2 cert, AllowedServices services)
       at Microsoft.Exchange.Management.SystemConfigurationTasks.InstallExchangeCertificate.InternalProcessRecord()
       at Microsoft.Exchange.Configuration.Tasks.Task.<ProcessRecord>b__b()
       at Microsoft.Exchange.Configuration.Tasks.Task.InvokeRetryableFunc(String funcName, Action func, Boolean terminatePipelineIfFailed)".

    Saturday, March 14, 2020 5:23 PM

Answers

  • Question
    Sign in to vote
    0
    Sign in to vote

    Hi Vincy

    The issue has been resolved as due to McAfee Antivirus "Could not grant Network Service access to the certificate with thumbprint"  as its blocking the changes.

    After disabling the McAfee antivirus the CU23 upgrade completed successfully

    Thanks for your support 

    • Marked as answer by Moiz V Saturday, March 21, 2020 11:44 PM
    Saturday, March 21, 2020 11:44 PM

All replies

  • Question
    Sign in to vote
    0
    Sign in to vote

    Hi

    Have you tried granting the Network Service access to the certificate as that is in the error above?

    Hope this helps. Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

    Sunday, March 15, 2020 3:53 PM
  • Question
    Sign in to vote
    0
    Sign in to vote

    Hi Moiz V,

    Agree with Edward van Biljon. You can try granting Full access to Network Service, right click on certificate in the MMC -> All Tasks -> Manage Private Keys -> Add Network Service Full Control and the account that you are using.

    And you can also try doing  the following actions:

    a. Open the MMC (Microsoft Management Console)

    b. Add the Local Computer Certificate store into the console

    c. Located the certificate for the computers DNS name (It may be in the personal store if you are getting this error)

    d. Move it into the Trusted Root Certification Authorities

    e. Re-run the setup.

    Here is a similar thread for your reference: Mailbox role: Client Access Service error when install Exchange 2016

    By the way, before you upgrade the Exchange CU, you should be aware of Exchange server prerequisites.

    Regards,

    Vincy Cao

    Please remember to mark the replies as answers if they helped. If you have feedback for TechNet Subscriber Support, contact tnsf@microsoft.com.

    Monday, March 16, 2020 7:25 AM
  • Question
    Sign in to vote
    0
    Sign in to vote

    Hi Moiz V,

    Any update now?

    If you have any questions or needed further help on this issue, please feel free to post back. If the above suggestion helps, please be free to mark it as answer.

    Regards,

    Vincy Cao

    Please remember to mark the replies as answers if they helped. If you have feedback for TechNet Subscriber Support, contact tnsf@microsoft.com.

    Thursday, March 19, 2020 1:07 AM
  • Question
    Sign in to vote
    0
    Sign in to vote

    Hi Vincy

    The issue has been resolved as due to McAfee Antivirus "Could not grant Network Service access to the certificate with thumbprint"  as its blocking the changes.

    After disabling the McAfee antivirus the CU23 upgrade completed successfully

    Thanks for your support 

    • Marked as answer by Moiz V Saturday, March 21, 2020 11:44 PM
    Saturday, March 21, 2020 11:44 PM