Installation of Client Access role fails on Windows Server 2008 R2 (Execution of: "$error.Clear(); Install-ExchangeCertificate -services "IIS, POP, IMAP")

All replies

• 

  

  0

  Sign in to vote

  It's not exactly recommended installing Exchange on a Domain Controller, but apart from that there is a requirement for the Exchange 2010 Beta to be installed in a Windows 2003 domain functional level. I haven't checked installing AD DS on 2008 R2 Beta but doesn't that default to the Windows 2008 domain functional level?

  Monday, May 4, 2009 8:31 PM
• 

  

  0

  Sign in to vote

  If you can, don't install Exchange on a DC. You may have to make "Exchange Trusted Subsystem" a member of the Domain Admins groups since there really isn't a local admins group on a DC.

  ---

  Brian Day / MCSA / CCNA, Exchange/AD geek.

  Monday, May 4, 2009 11:13 PM
• 

  

  0

  Sign in to vote

  HI,
  
  Exchange 2010 on DC scenario is not recommend by Microsoft.if you can try after reinstall IIS components and .Net framework.
  
  
  
  
  Regards

  ---

  Chinthaka

  Tuesday, May 5, 2009 1:28 AM
• 

  

  1

  Sign in to vote

  Hi,
  
  the network service has no access to the client certificate store in wich the certificate was importet. Did you do this manually or do you use the self-signed cert coming with the installation?

  ---

  Viele Grüße Walter Steinsdorfer MVP Exchange Server http://msmvps.org/blogs/wstein

  Tuesday, May 5, 2009 2:21 PM
• 

  

  0

  Sign in to vote

  Hello

  Thanks for all the replies.

  I have since wiped the system and installed everything again and it all worked this time so not sure what was wrong last time. I did try to uninstall all Exchange components and then uninstall IIS and Application server, reboot and re-install but I received the same error still when it came to installing the client access role.

  Walter: I just attempted the standard installation which should have used the default self-signed certificate. Everything was a fresh install done at the same time on a freshly formatted PC.

  For info last time when it failed to work:
  - Installed Windows Server 2008 R2
  - Installed Domain Controller role using dcpromo. I set the forest and domain as Windows Server 2008 R2
  - Added a forest trust between main domain and test Exchange domain (set up as ex2010.local)
  - Installed IIS and Application Server role
  - Installed Hyper-v role
  - Installed Desktop Experience feature
  - Installed Exchange and recieved the error

  When it worked I set up the forest and domain in Windows Server 2008 mode (i.e. not R2), installed Exchange first and then set up the forest trust and then Hyper-v. It did say it failed to configure dns which was probably because it started trying to do automatic updates half way through the dcpromo! DNS seems to work ok though.

  I did notice this time that Hyper-v gave a warning about the virtual network adapter not being set up correctly and the local network did not work correctly although I could access the internet. Not sure if this could have been related to the cause of the problem previously. For now I have disabled the virtual network until I get time to try and get it working and so the mail will work in the meantime.
  I also noticed that Hyper-v added an extra 443 ssl binding to the default website so as it had 2 bindings on port 443 it refused to start. After deleting one it worked.

  I decided to install Exchange onto a domain controller as it is only a test and I wouldn't do it in a live environment. I am also short of test machines! It didn't give me any warnings about this actually, I think previous versions warn you that it is not recommended.

  Andreas and Chinthaka: I did not know about the requirement to run the domain at 2003 mode. The main domain is running in 2008 mode with Exchange 2007 so I assume this is just a temporary beta related requirement. It does seem to be working (second attempt) so far in a 2008 mode domain although I haven't had a chance to fully test it yet.

  Thanks
  Robin
  
  P.S. Sorry it's taken me a while to reply!

  ---

  Robin Wilson

  Thursday, May 7, 2009 9:39 PM
• 

  

  0

  Sign in to vote

  I think there might be a misunderstanding on the domain functional mode of W2K3.  That is the minimum value, but can also be W2K8. 

  ---

  Gary A. Cooper | Senior Systems Architect | MCA:Exchange2003 | MCM:Exchange2003/2007 | Horizons Consulting, Inc. If you have found my answer helpful, please vote as such.

  • Proposed as answer by garyc007 Wednesday, May 13, 2009 2:18 PM
  • Marked as answer by robinwilson16 Wednesday, May 13, 2009 9:08 PM

  Wednesday, May 13, 2009 2:18 PM
• 

  

  0

  Sign in to vote

  Thanks for the reply.
  It seems to be working well now in a forest trust with all users being automatically logged on from Outlook.

  ---

  Robin Wilson

  Wednesday, May 13, 2009 9:06 PM
• 

  

  11

  Sign in to vote

  Fire up MMC, add the Local Computer Certificate store into the console, located the certificate for the computers DNS name when you first went to install Exchange 2010 Beta/RC, (It will be in the personal store if you are getting this error), move it into the Trusted Root Certification Authorities. Now you can install, enjoy :).

  • Proposed as answer by Dustin J Friday, August 21, 2009 2:05 AM
  • Marked as answer by robinwilson16 Friday, August 21, 2009 12:06 PM

  Friday, August 21, 2009 2:04 AM
• 

  

  0

  Sign in to vote

  Hello Dustin
  
  Thanks for the reply but I can't really confirm if would fix it or not now but it sounds like a valid solution as the issue was related to certificates so I will mark it as the answer. I had used the totally confused, wipe the system, cross fingers and try again approach which worked in this instance.

  ---

  Robin Wilson

  Friday, August 21, 2009 12:06 PM
• 

  

  0

  Sign in to vote

  Thank you for this post!  I can confirm as well that this indeed works!  I have a new 2008 R2 server (DC) running Exchange 2010, and this is what helped me get past that horrid error.  For me, the key was to look through my certificates until I found the one that had the thumbprint code that matched what was in the error message, and then move that certificate to the Trusted Root Certification Authorities folder.

  ---

  MCSE, MCSA, CCNA, A+

  Sunday, November 8, 2009 6:48 PM
• 

  

  9

  Sign in to vote

  I had a similar problem, but I was not installing on a DC.
  In my test environment, I installed a 2003 DC, and a 2008 R2 server.  I attempted to install Exchange 2010 on the 2008 server, but the install failed during the Client Access Role portion.  Same error as Robin's.
  This was about the only thread I could find about this error.  None of the suggestions worked for me.
  Here is what I did to resolve the problem and successfully install Exchange 2010:
  
  Since Exchange did install the Hub Transport role and Management Tools before failing, I was able to open the Exchange Management Console.
  
  1.  Open Exchange Management Console
  2.  Click Server Config in the left pane
  3.  In the center pane, under the Exchange Certificates tab, click on Microsoft Exchange
  4.  Click Assign Services to Certificate in the Right pane
  5.  Select each required service (I selected all except Unified Messaging)
  6.  Click Assign
  
  You should now be able to install the remaining roles.
  

  • Proposed as answer by brettu Wednesday, November 18, 2009 11:04 PM

  Wednesday, November 18, 2009 10:54 PM
• 

  

  1

  Sign in to vote

  brettu's solution worked perfectly for me.  Solved same error installing Exchange 2010 on Server 2008 R2.

  Thursday, February 11, 2010 11:33 PM
• 

  

  0

  Sign in to vote

  brettu's solution worked perfectly for me too.

  Exchange 2010 on Server 2008 R2 which is DC.

  Saturday, April 24, 2010 8:10 PM
• 

  

  0

  Sign in to vote

  Works for me, thx.

   

  ---

  GSOM!!1

  Wednesday, May 19, 2010 6:35 PM
• 

  

  0

  Sign in to vote

  I had the same problem described by robinwilson16.

  But i fixed it, was moving a Certificate from Personal to Root Certificate that Dustin J recommended .

  Now it all OK.

  Pablo

  ---

  Pablo Di Maria Optima Ingeniería S.A

  Thursday, September 16, 2010 4:24 PM
• 

  

  0

  Sign in to vote

  Fire up MMC, add the Local Computer Certificate store into the console, located the certificate for the computers DNS name when you first went to install Exchange 2010 Beta/RC, (It will be in the personal store if you are getting this error), move it into the Trusted Root Certification Authorities. Now you can install, enjoy :).

  This is what worked for me.  Very simple and too the point.

  ---

  Dan

  Monday, December 27, 2010 6:53 AM
• 

  

  0

  Sign in to vote

  I tried Just what you said:

  I found the said certificate and tranfered it.

  But the exact same error occurs.

  installed some hotfixes to put my server2008 R2 up to date, but still the same error pops up!

  Is there any other options?

  Thursday, July 7, 2011 2:14 PM
• 

  

  0

  Sign in to vote

  Thank you.

  You are right.

  ---

  szacrux

  Saturday, August 6, 2011 4:47 PM
• 

  

  1

  Sign in to vote

  Thanks for info, my problem sloved

  Thanks once again

  Vikram Titave

  System and Network Admin

   

  Tuesday, October 11, 2011 10:46 AM
• 

  

  0

  Sign in to vote

  Fire up MMC, add the Local Computer Certificate store into the console, located the certificate for the computers DNS name when you first went to install Exchange 2010 Beta/RC, (It will be in the personal store if you are getting this error), move it into the Trusted Root Certification Authorities. Now you can install, enjoy :).

  Same issue here on 2008 R2 when installing to DC.

  This solutions works, just match the fingerprint ID in the error message - I had two certificates in personal with the server name. One with just the NetBIOS name (SERVER) and one with the FQDN (SERVER.domain.local).

  The matching certificate was the one with the FQDN.

  
  

  • Edited by R-D Monday, December 10, 2012 10:56 PM

  Monday, December 10, 2012 10:56 PM
• 

  

  0

  Sign in to vote

  As memtioned above. Derach through the certifcate store to find the matching certioficate.

  I my case I found there was a second certificte in the personnal store that had the name of the default inctallation created computer name. ie. the name the server had when it was first built up. The name had since been changed to a more relavant name when the domain was built, but the old certificate was still present. It looked like exchange wa trying to use that certifivate as well as the correct certificate, but couldn't modify it as both the machine name and workgroup it related to no longer existed.

  I deleted the old certificate and it all installed fine.

  ---

  Battling away

  Monday, December 17, 2012 4:33 PM
• 

  

  0

  Sign in to vote

  Thank dear. It is work for me. OS server 2K8 R2. Thanks.

  Monday, December 2, 2013 9:55 AM
• 

  

  0

  Sign in to vote

  It is work for me now. OS server 2K8 R2.

  Correct answer.

  Thanks.

  Monday, December 2, 2013 9:56 AM
• 

  

  0

  Sign in to vote

  A similar process worked for me in Exchange 2013 to solve this. The system does have Exch running on the DC on Server 2012 R2 in this case. Moving it into Trusted Root * * worked great! thanks!
  

  • Edited by Systemtech77 Friday, February 21, 2014 10:38 AM

  Friday, February 21, 2014 10:38 AM
• 

  

  0

  Sign in to vote

  Can you send me the example of the certificate name? thanks

  ---

  dsd

  
  

  • Edited by alvaroegarcia Friday, August 26, 2016 5:36 PM

  Friday, August 26, 2016 5:36 PM