locked
Install of client access role fails on Windows Server 2008 R2 RRS feed

  • Question

  • Trying to install Exchange Server 2010 onto Windows Server 2008 R2 which has also been setup as a domain controller. When attempting to install the Client Access Role, setup fails with the error below.

    Does anyone know to a way to get around this?? Please shed any lights I would be appricated.

    Thanks,

    Tom

    Client Access Role
    Failed

    Error:
    The execution of: "$error.Clear(); Install-ExchangeCertificate -services "IIS, POP, IMAP" -DomainController $RoleDomainController", generated the following error: "Could not grant Network Service access to the certificate with thumbprint 2F320F5D5B5C6873E54C8AB57F604D8AFA31D18C because a cryptographic exception was thrown.".

    Could not grant Network Service access to the certificate with thumbprint 2F320F5D5B5C6873E54C8AB57F604D8AFA31D18C because a cryptographic exception was thrown.

    Access is denied.


    Elapsed Time: 00:00:01


    Mailbox Role
    Cancelled


    Finalizing Setup
    Cancelled

    Thursday, December 20, 2012 8:56 PM

Answers

  • There is probably a corrupted or locked Certificate on the server you're installing the role on. Open IIS, go to the server name, then go to Server Certificates and check all of the certificates installed on the server. Open each certificate and select the Details tab. Scroll down to the Thumbprint entry, and match it to 2F320F5D5B5C6873E54C8AB57F604D8AFA31D18C. The certificate with that thumbprint is the one causing your error. You will likely need to delete that certificate and recreate it.
    • Proposed as answer by Sharon.Shen Friday, December 21, 2012 10:28 AM
    • Marked as answer by Sharon.Shen Wednesday, January 2, 2013 9:40 AM
    Thursday, December 20, 2012 10:51 PM
  • See this.

    I'd also recommend not to install on a DC if possible.


    Sukh

    • Marked as answer by Sharon.Shen Wednesday, January 2, 2013 9:40 AM
    Thursday, December 20, 2012 11:36 PM
  • Hi,Reelmein,

    You can remove the certificate then recreate it again,check the following guide for how to remove the certificate on a Domain Controller

    http://technet.microsoft.com/en-us/library/cc783979(v=ws.10).aspx

    And check the below link to create certificate on Windows Server 2008 Domain Controller

    http://technet.microsoft.com/en-us/library/cc731522.aspx

    Regards,

    Sharon


    Sharon Shen
    TechNet Community Support

    ************************************************************************************************************************

    Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question.

    • Marked as answer by Sharon.Shen Wednesday, January 2, 2013 9:40 AM
    Thursday, December 27, 2012 3:14 AM

All replies

  • There is probably a corrupted or locked Certificate on the server you're installing the role on. Open IIS, go to the server name, then go to Server Certificates and check all of the certificates installed on the server. Open each certificate and select the Details tab. Scroll down to the Thumbprint entry, and match it to 2F320F5D5B5C6873E54C8AB57F604D8AFA31D18C. The certificate with that thumbprint is the one causing your error. You will likely need to delete that certificate and recreate it.
    • Proposed as answer by Sharon.Shen Friday, December 21, 2012 10:28 AM
    • Marked as answer by Sharon.Shen Wednesday, January 2, 2013 9:40 AM
    Thursday, December 20, 2012 10:51 PM
  • See this.

    I'd also recommend not to install on a DC if possible.


    Sukh

    • Marked as answer by Sharon.Shen Wednesday, January 2, 2013 9:40 AM
    Thursday, December 20, 2012 11:36 PM
  • Thanks acbrown2010. I have found the certificate with that thumbprint and it belong to my domain certificate. Should I delete that certificate? Can you send me instruction how to recreate it? Thank a million.
    Sunday, December 23, 2012 5:02 AM
  • Hi,Reelmein,

    You can remove the certificate then recreate it again,check the following guide for how to remove the certificate on a Domain Controller

    http://technet.microsoft.com/en-us/library/cc783979(v=ws.10).aspx

    And check the below link to create certificate on Windows Server 2008 Domain Controller

    http://technet.microsoft.com/en-us/library/cc731522.aspx

    Regards,

    Sharon


    Sharon Shen
    TechNet Community Support

    ************************************************************************************************************************

    Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question.

    • Marked as answer by Sharon.Shen Wednesday, January 2, 2013 9:40 AM
    Thursday, December 27, 2012 3:14 AM