After my server crashed and I reinstalled Windows and ran Exchange installation in recover mode, I have been having issues trying to enable the certificate. Import-ExchangeCertificate : Cannot import as there already is a certificate wi th a thumbprint of ..... Enable-ExchangeCertificate : The certificate with thumbprint ..... was found but is not valid for use with Exchange Server (reason: PrivateKeyMissing). I then ran certutil repairstore... C:\Users\Administrator.mydomain>certutil -repairstore my 12121212121212 ================ Certificate 1 ================ Serial Number: 12121212121212 Issuer: SERIALNUMBER=07969287, CN=Go Daddy Secure Certification Authority, OU=ht tp://certificates.godaddy.com/repository, O=GoDaddy.com, Inc., L=Scottsdale, S=A rizona, C=US NotBefore: 2010/08/12 01:08 PM NotAfter: 2011/08/14 01:38 PM Subject: CN=mydomain.org, OU=Domain Control Validated, O=mydomain.org Non-root Certificate Cert Hash(sha1): c2 87 8a 7d 99 17 10 43 17 6e 7f ac bf 26 8b 8f 6c 34 1e 04 No key provider information Cannot find the certificate and private key for decryption. CertUtil: -repairstore command FAILED: 0x80090010 (-2146893808) CertUtil: Access denied. C:\Users\Administrator.mydomain> Please help.

Hi Have you exported the certificate including the private key? If you have, then you can import it and assign it for the exchange services Which version of Exchange are you using? Jonas Andersson MCTS: Microsoft Exchange Server 2007/2010 | MCITP: EMA 2007/2010 | MCSE/MCSA Blog: http://www.testlabs.se/blog

Hi Jonas, Exchange 2007 sp2 on a Windows 2008 server. I got the certificate from GoDaddy and added it on the server's certificates store from the mmc. How do I export the certificate? Also note that I have run remove-exchangecertificate, nad after trying to import again, got the error that a certificate with that thumbprint exists already. Regards

Hi Ok, it sounds like it's not imported correctly Before you reinstall the server, did you export the certificate including the private key? To a pfx file etc If not, then i think you need to create a new csr and request a new certificate, normally you can revoke the old one and request a new one without paying additional costs Jonas Andersson MCTS: Microsoft Exchange Server 2007/2010 | MCITP: EMA 2007/2010 | MCSE/MCSA Blog: http://www.testlabs.se/blog

Sorted. I mailed GoDaddy support and they gave me instructions on rekeying the certificate. This involved regenerating a new csr from the Exchange Management shell, applying it to the existing key. I then imported the new key into Exchange and enabled it for the Exchange services. I still had to run the certutil-repairstore command to pair it with the private key. Thanks Jonas.