During a certificate renewal on Exchange 2016, I received the below error while attempting to assign services to the new certificate:
You’ll also see a similar message when generating new self-signed certificates via PowerShell:
A special Rpc error occurs on server EX01: Could not grant Network Service access to the certificate with thumbprint X because a cryptographic exception was thrown. + CategoryInfo : NotSpecified: (:) [Enable-ExchangeCertificate], InvalidOperationException + FullyQualifiedErrorId : [Server=EX01,RequestId=0de72192-fd3e-9ac9-9f7e-094b332d612e,TimeStamp=03/08/2022 16: 22:10] [FailureCategory=Cmdlet-InvalidOperationException] F3BA354C,Microsoft.Exchange.Management.SystemConfigurati onTasks.EnableExchangeCertificate + PSComputerName : EX01.contoso.com
In my case, this was caused by McAfee Endpoint Security. Disabling Threat Prevention and Adaptive Threat Protection allowed me to complete the service assignment.