I'm having some certificate issues with my Exchange 2007 server. I only know how to check the certificate information using cmdlets, however I have a limited scope on being able to use them. When I run the following command I get the following result.
[PS] C:\WINDOWS\system32>Get-ExchangeCertificate
Get-ExchangeCertificate : The requested key container was not found.
At line:1 char:23
+ Get-ExchangeCertificate <<<<
I know I'm not doing it wrong because I have another server that I can use this on and I can even tab into the command.
How would I troubleshoot this?
Contacted Microsoft about this. Turns out there were a lot of self signed certificates that must have been choking up the command (about 2 dozen) with lots of duplicates. After removing all of them but two in the
Certificate
snap inMMC
, I was able to run this command just fine.I saw this issue on 1 of 3 Exchange 2016 servers. The other Exchange servers had no problem running Get-ExchangeCertificate.
A new Exchange certificate signed by the AD CA was imported into all 3 servers. On the 2 working servers, in mmc/Add-Snapin/Certificate/Computer Account/Local server, under Personal/Certificates, the new Exchange cert AND the AD CA cert were showing.
On the broken server the AD CA cert wasn't present. The AD CA cert was missing because the CER version of the Exchange certificate was imported, not the PFX version which contains the whole certificate chain. After I deleted the Exchange cert, the get-ExchangeCertificate cmdlet started working again. And after importing the PFX it continued working.