Wednesday, July 6, 2011

Assigning a certificate for Lync Server 2010 throws the error: “Command execution failed: Unable to find the private key file "C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\e646a17abefa0f8af6000ca417c1ba93_4f378237-0174-4b4c-a6d1-553e9da19b02" for the certificate "30C0D12D0000000000D4".”

Ran into an interesting issue the other day when I was trying to reissue the certificate for a Lync Server 2010 pool because of Avaya’s requirement for RCC.  What I basically had to do was use a different template for the certificate that also Client Authentication for the Application policies (the regular Webserver template only had Server Authentication).  After requesting the certificate with the right template, I proceeded to assign it but noticed that the wizard failed with:

Assign CertificateSet-CSCertificate -Type Default,WebServicesInternal,WebServicesExternal -Thumbprint BF33F560768CA838E515B1D2908C4348342FD7D4 -Verbose -Confirm:$false -Report "C:\Users\tluk\AppData\Local\Temp\2\Set-CSCertificate-[2011_06_06][15_11_51].html"Creating new log file "C:\Users\tluk\AppData\Local\Temp\2\Set-CSCertificate-bfd5784f-928f-483c-ada6-f7945e14f490.xml".Assign the certificate to the Central Management Store.Creating new log file "C:\Users\tluk\AppData\Local\Temp\2\Set-CSCertificate-[2011_06_06][15_11_51].html".Warning: Set-CSCertificate failed.Warning: Detailed results can be found at "C:\Users\tluk\AppData\Local\Temp\2\Set-CSCertificate-[2011_06_06][15_11_51].html".Command execution failed: Unable to find the private key file "C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\e646a17abefa0f8af6000ca417c1ba93_4f378237-0174-4b4c-a6d1-553e9da19b02" for the certificate "30C0D12D0000000000D4".


The first idea I had off the top of my head when I saw this error was that perhaps I had made a typo or an incorrect selection during the certificate request process so I went back to review all of the settings as well as comparing the old working certificate with the new one.  After verifying that I did not make any mistakes, I opened up the certificate to check and see if the private key was still there and it was.

Now that I’m coming close to running out of ideas, the next thought I had was perhaps the way that I had moved it.  What I initially did was lazy in the sense that I moved the certificate simply by dragging and dropping the certificate from the user store to the computer store:



Not that I thought it would matter but since re-exporting and importing the certificate didn’t take a whole lot of effort, I went ahead and tried it:



Right after I moved the certificate via using the export and import option, the certificate assigned properly without any issues.  I’m not exactly sure dragging and dropping didn’t work since the properties of the certificate appeared to have been retained but I’ve made a note to myself that I’ll be doing this regardless of the products that requires certificates in the future.

Hope this helps anyone who may encounter the same problem as I have.

1 comment:

Anonymous said...


Same problem here. Suspected the same issue, and this operation solve the problem.

Thanks for your post:).