{"id":184,"date":"2016-01-19T11:00:08","date_gmt":"2016-01-19T11:00:08","guid":{"rendered":"http:\/\/www.pkipartner.support\/?page_id=184"},"modified":"2016-03-29T10:41:29","modified_gmt":"2016-03-29T10:41:29","slug":"uc-privatekeymissing-when-running-enable-exchangecertificate","status":"publish","type":"page","link":"https:\/\/pkipartner.com\/support\/uc-privatekeymissing-when-running-enable-exchangecertificate\/","title":{"rendered":"UC – PrivateKeyMissing when running Enable-ExchangeCertificate"},"content":{"rendered":"

PrivateKeyMissing when running Enable-ExchangeCertificate<\/h1>\n

Enable-ExchangeCertificate : The certificate with thumbprint XXXXXXXXX was found but is not valid for use with Exchange Server<\/strong>
\n(reason: PrivateKeyMissing).
\nAt line:1 char:27
\n+ Enable-ExchangeCertificate -Thumbprint XXXXXXXXX -Services “IIS”<\/strong><\/p>\n

The above error can as a result of multiple reasons. CSR was created with IIS and attempted to be installed through the Exchange Management Shell (EMS), CSR was created in EMS on another Exchange Server, a damaged certificate, or Windows simply “forgets” where it placed the PrivateKey for the certificate. It doesn’t happen all the time, but sometimes the error can be a nuisance.<\/p>\n

Option #1:<\/strong>\u00a0Repair Damaged Certificate (Windows Server 2003\/2008)<\/p>\n

    \n
  1. Open MMC and add the Certificate Snap-In for the Local Computer account.<\/li>\n<\/ol>\n

     <\/p>\n

      \n
    1. Double-Click on the recently imported certificate.<\/li>\n<\/ol>\n

      Note:<\/strong>\u00a0In Windows Server 2008 it will be the certificate missing the golden key beside it.<\/p>\n

        \n
      1. Select the Details tab.<\/li>\n<\/ol>\n

         <\/p>\n

          \n
        1. Click on the Serial Number field and copy that string.<\/li>\n<\/ol>\n

          Note:<\/strong>\u00a0You may use CTRL+C, but not right-click and copy.<\/p>\n

            \n
          1. Open up a command prompt session. (cmd.exe aka DOS Prompt)<\/li>\n<\/ol>\n

             <\/p>\n

              \n
            1. Type:\u00a0certutil -repairstore my “SerialNumber”<\/strong>\u00a0(SerialNumber is that which was copied down in step 4.)<\/li>\n<\/ol>\n

               <\/p>\n

                \n
              1. After running the above command, go back to the MMC and Right-Click\u00a0Certificates<\/strong>\u00a0and select\u00a0Refresh<\/strong>\u00a0(or hit F5 in the MMC)<\/li>\n<\/ol>\n

                 <\/p>\n

                  \n
                1. Double-Click on the problem certificate. At the bottom of this window (General tab) it should state: “You have a private key that corresponds to this certificate.<\/strong>“<\/li>\n<\/ol>\n

                  Note:<\/strong>\u00a0<\/strong>In Windows Server 2008 there will be a golden key to the left of the certificate, so there is no need to double-click the certificate.<\/p>\n

                    \n
                  1. Now that the Private Key is attached to the certificate, please proceed to enable Exchange Services via\u00a0Enable-ExchangeCertificate<\/a>.<\/li>\n<\/ol>\n

                    Option #2:<\/strong>\u00a0Remove and Re-Install Certificate (Windows Server 2003\/2008)<\/p>\n

                      \n
                    1. Verify the certificate doesn’t have it’s private key.
                      \nIn the MMC and double-click the recently imported certificate. (Be sure that you’re using the Certificate Snap-In for the Local Computer account!)<\/li>\n<\/ol>\n

                      Note:<\/strong>\u00a0In Windows Server 2008 it will be the certificate missing the golden key beside it.<\/p>\n

                        \n
                      1. Right-Click on the certificate and click\u00a0Delete<\/strong>.<\/li>\n<\/ol>\n

                         <\/p>\n

                          \n
                        1. Re-install<\/a>\u00a0<\/a>the Certificate<\/li>\n<\/ol>\n

                           <\/p>\n

                          If any of the above does not work, please contact Microsoft.<\/p>\n","protected":false},"excerpt":{"rendered":"

                          PrivateKeyMissing when running Enable-ExchangeCertificate Enable-ExchangeCertificate : The certificate with thumbprint XXXXXXXXX was found but is not valid for use with Exchange Server (reason: PrivateKeyMissing). At line:1 char:27 + Enable-ExchangeCertificate -Thumbprint XXXXXXXXX -Services “IIS” The above error can as a result of multiple reasons. CSR was created with IIS and attempted\u2026<\/p>\n

                          Continue reading<\/span><\/i><\/a> <\/p>\n","protected":false},"author":1,"featured_media":0,"parent":0,"menu_order":0,"comment_status":"closed","ping_status":"closed","template":"","meta":{"footnotes":""},"_links":{"self":[{"href":"https:\/\/pkipartner.com\/support\/wp-json\/wp\/v2\/pages\/184"}],"collection":[{"href":"https:\/\/pkipartner.com\/support\/wp-json\/wp\/v2\/pages"}],"about":[{"href":"https:\/\/pkipartner.com\/support\/wp-json\/wp\/v2\/types\/page"}],"author":[{"embeddable":true,"href":"https:\/\/pkipartner.com\/support\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/pkipartner.com\/support\/wp-json\/wp\/v2\/comments?post=184"}],"version-history":[{"count":3,"href":"https:\/\/pkipartner.com\/support\/wp-json\/wp\/v2\/pages\/184\/revisions"}],"predecessor-version":[{"id":784,"href":"https:\/\/pkipartner.com\/support\/wp-json\/wp\/v2\/pages\/184\/revisions\/784"}],"wp:attachment":[{"href":"https:\/\/pkipartner.com\/support\/wp-json\/wp\/v2\/media?parent=184"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}