Fix: Cryptographic exception error when assigning certificates on Exchange

During a certificate renewal on Exchange 2016, I received the below error while attempting to assign services to the new certificate:

You’ll also see a similar message when generating new self-signed certificates via PowerShell:

A special Rpc error occurs on server EX01: Could not grant Network Service access to the certificate with
thumbprint X because a cryptographic exception was thrown.
    + CategoryInfo          : NotSpecified: (:) [Enable-ExchangeCertificate], InvalidOperationException
    + FullyQualifiedErrorId : [Server=EX01,RequestId=0de72192-fd3e-9ac9-9f7e-094b332d612e,TimeStamp=03/08/2022 16:
   22:10] [FailureCategory=Cmdlet-InvalidOperationException] F3BA354C,Microsoft.Exchange.Management.SystemConfigurati
  onTasks.EnableExchangeCertificate
    + PSComputerName        : EX01.contoso.com

In my case, this was caused by McAfee Endpoint Security. Disabling Threat Prevention and Adaptive Threat Protection allowed me to complete the service assignment.

Leave a comment