Exchange Cumulative Update Error Expired Certificate

Good Morning,

I've had a customer that encountered the Error below during Exchange 2016 CU23 installation.

The following error was generated when "$error.Clear();
Install-ExchangeCertificate -services IIS -DomainController $RoleDomainController
if ($RoleIsDatacenter -ne $true -And $RoleIsPartnerHosted -ne $true)
Install-AuthCertificate -DomainController $RoleDomainController
" was run: "System.Security.Cryptography.CryptographicException: The certificate is expired.
at Microsoft.Exchange.Configuration.Tasks.Task.ThrowError(Exception exception, ErrorCategory errorCategory, Object target, String helpUrl)
at Microsoft.Exchange.Management.SystemConfigurationTasks.InstallExchangeCertificate.InternalProcessRecord()
at Microsoft.Exchange.Configuration.Tasks.Task.<ProcessRecord>b__91_1()
at Microsoft.Exchange.Configuration.Tasks.Task.InvokeRetryableFunc(String funcName, Action func, Boolean terminatePipelineIfFailed)".

It was obvious that a Certificate had expired.

We've recreated a new CSR with FQDN and Hostname and installed the Certificate on the Server. Still the Setup failed at the exact same point.

The Solution was to delete the expired Certificate from the Local Machine Certificate Store and start the Setup again.

After that, the Setup finished successful.
Check the Exchange Certificate after the Installation

Enable-ExchangeCertificate -Thumbprint <Thumbprint> -Services IIS,POP,IMAP,SMTP

Andres Bohren