Sunday, February 24, 2013

SBS 2011 Exchange 2010 SP2 installation fails - certificate not found error

Tonight I was installing Server Pack 2 on SBS 2011.  Here's the error I got:

Hub Transport Role
Failed

Error:
The following error was generated when "$error.Clear();
         
Write-ExchangeSetupLog -Info "Creating SBS certificate";

$thumbprint = [Microsoft.Win32.Registry]::GetValue("HKEY_LOCAL_MACHINE\Software\Microsoft\SmallBusinessServer\Networking", "LeafCertThumbPrint", $null);
          if (![System.String]::IsNullOrEmpty($thumbprint)){
            Write-ExchangeSetupLog -Info "Enabling certificate with thumbprint: $thumbprint for SMTP service";
            Enable-ExchangeCertificate -Thumbprint $thumbprint -Services SMTP;
            Write-ExchangeSetupLog -Info "Removing default Exchange Certificate";
            Get-ExchangeCertificate | where {$_.FriendlyName.ToString() -eq "Microsoft Exchange"} | Remove-ExchangeCertificate;
            Write-ExchangeSetupLog -Info "Checking if default Exchange Certificate is removed";
            $certs = Get-ExchangeCertificate | where {$_.FriendlyName.ToString() -eq "Microsoft Exchange"};
            if ($certs)
{
              Write-ExchangeSetupLog -Error "Failed to remove existing exchange certificate"
            }
            }
            else{
            Write-ExchangeSetupLog -Warning "Cannot find the SBS certificate";
          }
           " was run: "The certificate with thumbprint EC6C8334CEB1F6A5A3802E3927BCADE008ACD07A was not found.".

The certificate with thumbprint EC6C8334CEB1F6A5A3802E3927BCADE008ACD07A was not found.
Click here for help... http://technet.microsoft.com/en-US/library/ms.exch.err.default(EXCHG.141).aspx?v=14.2.247.1&e=ms.exch.err.Ex88D115&l=0&cl=cp

The default self-signed certificate generated for Exchange by the Small Business Server setup has been deleted / replaced by a 3rd party certificate, but registry still contains the registry value referencing it. 

I fixed it by opening REGEDIT and edited the following:
  HKEY_LOCAL_MACHINE/Software/Microsoft/SmallBusinesServer/Networking/LeafCertThumbprint and clear the value value under it. (The value, not the key. The key itself should not be deleted) 

Restart service pack installation.

2 comments:

Hein said...

Thank you very much for sharing this solution. It was exactly what i needed,

Regards,

Will said...

You're welcome. Glad it helped.