daknetworks.com

You are here: Blog Exchange could not load the certificate with thumbprint

Exchange could not load the certificate with thumbprint

Exchange could not load the certificate with thumbprint. Or as the warning message states in the logs:

Microsoft Exchange could not load the certificate with thumbprint of 59235427B7C322A8CFD7E1EB939445A2EAF9F670 from the personal store on the local computer.

Get the information

There's a few ways to get the information to see the current certificate list.

First is through the Exchange Management Shell (EMS):

  • -type: get-exchangecertificate

You can see the same list in the Exchange Admin Center (EAC):

  • EAC > servers > certificates

You can also see the same list in Internet Information Services (IIS):

  • -click server-name (on the left-hand side).
  • -click SERVER-CERTIFICATES (on the middle section).

Once you have the information displayed, find the thumbprint of the certificate you are using for email.

Fix the error

In EMS:

  • -type: Enable-ExchangeCertificate -Thumbprint <new_certificate_thumbprint> -Services None
  • -type: Enable-ExchangeCertificate -Thumbprint <new_certificate_thumbprint> -Services IMAP,POP,IIS,SMTP

Explanation

This error is actually coming from the configuration of the: get-transportservice

More specifically, the value at: get-transportservice |select InternalTransportCertificateThumbprint

In older versions this is called: get-transportserver

More specifically, the value at: get-transportserver |select InternalTransportCertificateThumbprint

With this command you will see the thumbprint of the certificate in the log.

Typing the commands above will replace this value with the new value.

For the curious, there is no fine-tuned fix. In other words, the following does not exist or work. Use the above commands:

set-transportservice InternalTransportCertificateThumbprint <new-certificate-thumbprint-here>

Contact Dak Networks

Please contact us at the following.