Certificate Error installing Exchange 2013 CAS Role

When installing Exchange 2013 from PowerShell in my lab I ran into an issue and the server failed installing the Client Access Role.

Welcome to Microsoft Exchange Server 2013 Service Pack 1 Unattended Setup
Copying Files…
File copy complete. Setup will now collect additional information needed for installation.
Management tools
Mailbox role: Transport service
Mailbox role: Client Access service
Mailbox role: Unified Messaging service
Mailbox role: Mailbox service
Client Access role: Front End Transport service
Client Access role: Client Access Front End service
Performing Microsoft Exchange Server Prerequisite Check
Configuring Prerequisites     COMPLETED
Prerequisite Analysis     COMPLETED
Configuring Microsoft Exchange Server
Preparing Setup     COMPLETED
Stopping Services     COMPLETED
Copying Exchange Files     COMPLETED
Language Files     COMPLETED
Restoring Services     COMPLETED
Language Configuration     COMPLETED
Exchange Management Tools     COMPLETED
Mailbox role: Transport service     COMPLETED
Mailbox role: Client Access service     FAILED
The following error was generated when “$error.Clear();
Install-ExchangeCertificate -WebSiteName “Exchange Back End” -services “IIS, POP, IMAP” -DomainController $RoleDomainController -InstallInTrustedRootCAIfSelfSigned $true
if ($RoleIsDatacenter -ne $true -And $RoleIsPartnerHosted -ne $true)
Install-AuthCertificate -DomainController $RoleDomainController
” was run: “Could not grant Network Service access to the certificate with thumbprint 1C5101B4BE0AF6CBD6A39FD413436E2649B0124 because a cryptographic exception was thrown.”.

The Exchange Server setup operation didn’t complete. More details can be found in ExchangeSetup.log located in the <SystemDrive>:\ExchangeSetupLogs folder.

Since I was already in PowerShell I went ahead and added the Exchange SnapIn since the Exchange Management Tools were installed and checked for the thumbprint listed above

PS C:\Exchange\Setup> Add-PSSnapin Microsoft.Exchange.Management.PowerShell.E2010
PS C:\Exchange\Setup> Get-ExchangeCertificate
Thumbprint Services Subject
———- ——– ——-
4DEAE2C0FD7657546E5BE9C326DFD463F6F3AB3D ….S.. CN=ex02
59A4489083B12076D397B30B27B53397194A2B2C ….S.. CN=Microsoft Exchange Server Auth Certificate
046880AF472664A815FFBC2252860A2E2111231B ……. CN=WMSvc-EX02

As we can see it’s not listed so I decided to look at all the certificates loaded on the server.

I then opened up MMC and added certificates for the local computer and see 4 certificates, however Exchange is only seeing 3. I am not sure where the certificate for the FQDN came from since the labs was just built today (8-10-14). The other three were supposed to be there after an Exchange Server install.


I backed up the certificate and removed it and then re-ran the installation and it resolved the issue.


Unknown at this time. I have been able to reproduce the issue but I do not know why the certificate is there (possible lab image issue). Time to try to debug the issue. J

Certificates Exchange IIS PowerShell Setup

"Performance counter updating error" after you install the Exchange Server 2013 Client Access server role


After you install the Microsoft Exchange Server 2013 Client Access server role on a new server and then restart the server, you receive many Event ID 106 errors in the Application log. For example, you may receive the following error message: ID: 106 Level: Error Source: MSExchange Common Machine: – Message: Performance counter updating error. Counter name is Per-Tenant KeyToRemoveBudgets Cache Size, category name is MSExchangeRemotePowershell. Optional code: 3. Exception: The exception thrown is: System.InvalidOperationException: The requested Performance Counter is not a custom counter, it has to be initialized as ReadOnly.\ When you check the Exchange Setup log (ExchangeSetup.log), you see the following information: [WARNING] The performance counter definition file C:\Program Files\Microsoft\Exchange Server\V15\Bin\Perf\AMD64\GlsPerformanceCounters.xml could not be found.


This issue occur because Exchange Server Setup tries to locate the GlsPerformanceCounters.xml performance counter definition file in the following folder: C:\Program Files\Microsoft\Exchange Server\V15\Bin\Perf\AMD64\ However, Exchange Server Setup should target the following folder instead: C:\Program Files\Microsoft\Exchange Server\V15\Setup\Perf Therefore, the performance counters cannot be loaded.


To resolve this issue, use one of the following methods.

Method 1 Use a script to reload all the performance counters
  1. Copy the following script to Notepad, and then save the file as Perfcounters.ps1. Make sure that you change the “$path” value in the script if the Exchange Server is installed in a different location. (This script also applies to Exchange Server 2010.)
    add-pssnapin Microsoft.Exchange.Management.PowerShell.Setup
    $path = "C:\Program Files\Microsoft\Exchange Server\V15\Setup\Perf"
    $items = Get-ChildItem -Recurse $path
    $files = $items | ?{$_.extension -eq ".xml"} 
    Write-Host "Registering all perfmon counters in $path"
    $count = 0;
    foreach ($i in $files)
       $f =  $i.directory, "\", $i.name -join ""
       Write-Host $count $f -BackgroundColor red
       New-PerfCounters -DefinitionFileName $f
  2. In Exchange Management Shell, run the file that you created in step 1. For example, run the following command:

Note Before you run the script, make sure that the execution policy is set to unrestricted. For more information about execution policies, go to the following Microsoft TechNet website: Using the Set-ExecutionPolicy Cmdlet (http://technet.microsoft.com/en-us/library/ee176961.aspx)

Method 2: Load the missing counters manually
  1. Close Performance Monitor, and then stop any other monitoring services that might be trying to use the missing counters.
  2. In Exchange Management Shell, type the following command, and then press Enter.
    Add-Pssnapin Microsoft.Exchange.Management.PowerShell.Setup
  3. Run New-PerfCounters to add the performance counters. For example, if you want to load the performance counters that are defined in GlsPerformanceCounters.xml, run the following cmdlet:
    New-PerfCounters –definitionfilename “C:\Program Files\Microsoft\Exchange Server\V15\Setup\Perf\GlsPerformanceCounters.xml
Source: Microsoft TechNet
Performance Counters Setup