Yesterday I issued a certificate for my new Exchange 2013 server, yesterday everything worked fine. Today I got this error message when I tried to start the ECP:
And the event log is also completely red with event 1003:
[Ecp] An internal server error occurred. The unhandled exception was: System.Security.Cryptography.CryptographicException: Invalid provider type specified
for System.Security.Cryptography.Utils.CreateProvHandle(CspParameters parameters, Boolean randomKeyContainer)
with System.Security.Cryptography.Utils.GetKeyPairHelper(CspAlgorithmType keyType, CspParameters parameters, Boolean randomKeyContainer, Int32 dwKeySize, SafeProvHandle& safeProvHandle, SafeKeyHandle& safeKeyHandle)
for System.Security.Cryptography.RSACryptoServiceProvider.GetKeyPair()
for System.Security.Cryptography.X509Certificates.X509Certificate2.get_PrivateKey()
for Microsoft.Exchange.HttpProxy.FbaModule.ParseCadataCookies(HttpApplication httpApplication)
for Microsoft.Exchange.HttpProxy.FbaModule.OnBeginRequestInternal(HttpApplication httpApplication)
for Microsoft.Exchange.HttpProxy.ProxyModule.c__DisplayClass8.b__7()
for Microsoft.Exchange.Common.IL.ILUtil.DoTryFilterCatch(TryDelegate tryDelegate, FilterDelegate filterDelegate, CatchDelegate catchDelegate)
Speaking error messages look different, but fortunately you can deduce a bit, i.e. read them carefully:
System.Security.Cryptography.CryptographicException: Invalid provider type specified
for System.Security.Cryptography.RSACryptoServiceProvider.GetKeyPair()
It seems that I have entered an invalid provider type and something with RSA is expected. So check it out:
certutil -store my
The provider doesn't say anything about RSA... so that could be the problem. I took the liberty of selecting "Server 2008 compatible" as the certificate template, so I am now creating a new template with "Server 2003"
RSA is also listed as a provider under Cryptography
So I quickly created a new certificate with the new template and assigned it via shell, as ECP no longer starts. In addition with
Get-ExchangeCertificate | fl thumbprint,notafter,services
display the certificates, select the corresponding thumbprint and click on
Enable-ExchangeCertificate -Thumbprint 10DB8A5538EABF994E1667D7B0EE93CA003EC368 -Services IIS,SMTP,IMAP,POP
assign.
The ECP will then work again with the new certificate.
Hallo
Mein Problem sieht exact so aus wie auf dieser Seite beschrieben.
Ich kann auch fast alle schritte nachvolziehen, bleibe jedoch bei Enable-ExchangeCertificate -Thumbprint 1 xxxx -Services IIS,SMTP,IMAP,POP hängen.
ich habe festgestell das ISS nicht angenommen wird, SMTP,IMAP,POP funktionieren und werden angenommen.
Exchange 2013 läuft für den anwender mit Outlook weiterhin korrekt.
Hat jemand eine Idde wo ich jetzt weitersuche?