• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar
  • Skip to footer

danblee.com

Tutorials & Knowledge Base Articles for System Administrators who wear many, many hats.

  • Home
  • About
  • Ask Me
  • DBLHost.com

A special Rpc error occurred. Cannot import certificate. A certificate with the thumbprint already exists.

November 15, 2016 by Dan B. Lee 2 Comments

Notes

This is an issue found in my working version of Exchange, which is Exchange 2013 CU 11. It may exist elsewhere, but this is all I’ve got to test with.

Problem

Using the Exchange Admin Center, you either tried to import a certificate or complete a certificate request. It may have done nothing on the first attempt, but it gave you this error on the second attempt.

cert-error

Description

What you’re seeing is that you have a cert that was successfully installed on the server the first time around, but the EAC can’t really see it because it’s missing a few things. Namely, you’ll need to tie a private key to the cert, something that completing this cannot do, and you’ll need to give it a friendly name. Both will need to be done before you can see it in the EAC and assign it roles.

Resolution

Resolution 1

Sometimes all you need to do is delete a rendition of the cert that really does exist with the same thumbprint. Most likely, though, you’ll need to use Resolution 2 to fix this problem. But here’s how to delete one.

  1. Log into the server with admin privileges.
  2. Run MMC.exe as an admin.
  3. File > Add\Remove Snap-In to add the Certificates Snap-In.
  4. Go to Certificates > Personal > Certificates.
  5. Double click each certificate and look for the one with the same thumbprint in the Details tab of the certificate.
  6. Delete the certificate.
  7. Try and add the certificate again.

Resolution 2

If you were unable to just delete the cert and try again, you’re going to have to make some changes after you import the certificate. The cert will need a private key and a friendly name.

  1. Follow the steps in Resolution 1 to get to the Certificates list using the MMC.
  2. Find your certificate that was imported but not working. It will most likely be the one with a little key on the icon and the Friendly Name will be <None>.
  3. Double Click the certificate, go to details, double click the Serial, and copy out the Serial.
  4. Open an elevated command prompt and enter the command certutil -repairstore my “your-serial-here” (use the quotes around your serial).
  5. Watch it go, and you’ll now have a little key next to your Certificate, signifying that a private key has been applied to your cert.
  6. Double click the cert and give it a friendly name.
  7. Go back to your EAC and you’ll find that it now has what it needs to show up.
  8. If you had pending request waiting to complete, you don’t need it any more. You completed it.
  9. Mover services over to the new Certificate with the friendly name you gave it and you’re done.

Screenshots

Here’s what running that command will look like in #4

command

And here’s where you can change the Friendly Name, which is required in order to see it properly in the EAC.

friendly-name

 

Share this:

  • Click to share on Twitter (Opens in new window)
  • Click to share on Facebook (Opens in new window)

Related

Filed Under: Exchange 2013, Uncategorized Tagged With: errors, Exchange

Primary Sidebar

Categories

  • Active Directory
    • Group Policy
  • Adobe Photoshop
  • Browsers
    • Chrome
  • Cloud Based Technology
    • Citrix XenApp
  • ConnectWise
    • LabTech
  • Dell
  • Internet Service Providers (ISPs)
  • iPhone
  • Linux
    • CentOS
    • OpenVPN
    • SaltStack
    • Ubuntu
  • Microsoft Office
    • Lync
    • Microsoft Excel
    • Microsoft Outlook
    • Microsoft Word
  • Microsoft Windows
    • Active Directory
    • PowerShell
    • Windows 7
    • Windows 8 Preview & Release
  • Networks
  • News
  • Off Topic
  • Office 365
  • Peripherals
    • Monitors
  • Printers
    • Local Printers
    • Network Printers
  • Programming
    • Python
  • Riverbed
  • Security
  • Sharepoint
  • Social Media
  • Splunk
  • Storage
  • Switching & Routing
    • Cisco
    • Fortinet
  • Technology Culture
    • Opinion
  • Uncategorized
  • Virtualization
    • VEEAM
    • VMware
  • WAMP
  • Web Hosting
    • WHMCS
  • Website Design
  • Windows Server
    • Exchange 2003
    • Exchange 2010
    • Exchange 2013
    • Microsoft SQL
    • Windows Server 2003
    • Windows Server 2008 R2
    • Windows Server 2012
  • WordPress

Footer

Recent Activity

  • Run a python script scheduled on a Windows server – How to Cloud on Log on as Batch Job Rights for Task Scheduler
  • Confluence: Crimson Performance Technologies on Log on as Batch Job Rights for Task Scheduler
  • Confluence: Crimson Performance Technologies on Log on as Batch Job Rights for Task Scheduler
  • VSS Volume Shadow Copy Service - Intro - on Diskshadow, VSSAdmin’s best friend
  • Confluence: Wiki on Diskshadow, VSSAdmin’s best friend

Dan Lee

Dan B. Lee works at SyApps, LLC., a Managed Hosting Solutions Firm, as a Senior Network Engineer. Dan has a decade of IT experience and specializes in a number of different disciplines including Virtualization, Web Site Hosting and Design, Network Security, Data Center Architecture, Local and Remote Server Hosting, and Backup & DRS Solutions. Read More…

Links

  • Home
  • About Dan B. Lee
  • Ask Me
  • Privacy Policy

Copyright © 2019 · Genesis Child Theme on Genesis Framework · WordPress · Log in