Exchange Setup – Certificate Is Expired

The below is one of my Exchange 2013 lab servers which ran into an error when upgrading to Exchange 2013 CU13.  This was because I had deliberately broken Outlook Anywhere in order to replicate a customer situation where they had let the Outlook Anywhere certificate expire.    When running the CU upgrade process, setup failed when restoring the Mailbox Role Transport Service:

setup.exe /Mode:Upgrade /IAcceptExchangeServerLicenseTerms

Exchagne Setup Fails With The Certificate Is Expired

For reference the reported error was:

    Mailbox role: Transport service                                                                                       FAILED
The following error was generated when “$error.Clear();
Install-ExchangeCertificate -services IIS -DomainController $RoleDomainController
if ($RoleIsDatacenter -ne $true -And $RoleIsPartnerHosted -ne $true)
Install-AuthCertificate -DomainController $RoleDomainController
” was run: “System.Security.Cryptography.CryptographicException: The certificate is expired.    at Microsoft.Exchange.Configuration.Tasks.Task.WriteError(Exception exception, ErrorCategory category, Object target, Boolean reThrow, String helpUrl)
at Microsoft.Exchange.Configuration.Tasks.Task.WriteError(Exception exception, ErrorCategory category, Object target)
at Microsoft.Exchange.Management.SystemConfigurationTasks.InstallExchangeCertificate.InternalProcessRecord()
at Microsoft.Exchange.Configuration.Tasks.Task.<ProcessRecord>b__b()
at Microsoft.Exchange.Configuration.Tasks.Task.InvokeRetryableFunc(String funcName, Action func, Boolean terminatePipelineIfFailed)”.

The Exchange Server setup operation didn’t complete. More details can be found in ExchangeSetup.log located in the
<SystemDrive>:\ExchangeSetupLogs folder


The relevant portion is highlighted above.  The certificate in question was added to Outlook Anywhere, and was also bound to the SMTP service.  Note that the certificate is not seen as valid as it has expired.

Expired Exchange Certificate


The expired certificate was removed using the certificate MMC, the server restarted and then setup was launched again which then completed successfully.

setup.exe /Mode:Upgrade /IAcceptExchangeServerLicenseTerms




Comments (0)

Skip to main content