Skip to main content

Notifications

Microsoft Dynamics CRM forum
Under review by Community Managers

Under review

Thank you for your post! To ensure a great experience for everyone, your content is awaiting approval by our Community Managers. Please check back later.

Applying certificate update for CRM 2016 on-prem to Exchange Online connection - Error!

Posted on by 310

Hi,

I've been given the task to update the certificate using by the Hybrid Exchange connection between a CRM 2016 on-prem enviroment to Exchange Online.

I sucessfully updated the certificate used by IFD and that is working fine.

I've been following the guide: Connect Dynamics 365 (on-premises) to Exchange Online | Microsoft Docs

I am using a CA SSL certificate (wildcard certificate)

I've had MS on a call to try and fix it, they suggested I use a different certificate to the one i used for IFD, so i got a new one issued but I still get an error.

However, I get an error following the powershell command:

$CertificateScriptWithCommand = “.\CertificateReconfiguration.ps1 -certificateFile c:\Personalcertfile.pfx -password personal_certfile_password -updateCrm -certificateType S2STokenIssuer -serviceAccount contoso\administrator -storeFindType FindBySubjectDistinguishedName”

Invoke-Expression -command $CertificateScriptWithCommand

I get the error after the command on line 3:

PS C:\Program Files\Microsoft Dynamics CRM\tools> Invoke-Expression -command $CertificateScriptWithCommand
[08/03/2021 18:24:13]  Certificate private key is not found.

MS did give me some ideas to try:

1. A possible reason would be if the password for the private key is wrong. So, please assure that the password is correct.
2. This issue can occur, as well, when there are two self-signed certificates located in the local certificate store that have the same subject name. Notice that this issue should only occur when you use a self-signed certificate. Self-signed certificates should not be used in production environments. To resolve this issue,  remove the certificates with the same subject name that you don’t need using the Certificate Manager MMC snap-in and note the following.
3. Another reason can be because of an unsupported template of the certificate. If we have a look into the CertificateReconfiguration.ps1, we will be able to see that we can get the error: “Certificate private key is not found“, if the $script: privKeyCertFile will be equal to null.
            $script:privKeyCertFile = Get-Item -path "$ENV:ProgramData\Microsoft\Crypto\RSA\MachineKeys\*" | where {$_.Name -eq $sslCertPrivKey.CspKeyContainerInfo.UniqueKeyContainerName}
            if ($script:privKeyCertFile -eq $Null)
            {         LogError "Certificate private key is not found."
                        Exit            }}
4. One potential reason for this is if the template of the certificate is not a legacy one, but instead it is a CNG, as the CNG certificates are not supported.
Optio 1 i've double checked the password loads of times, option 2, I'm not using a self signed certificate, option 3 & - im not sure of since the same certificate worked for IFD
HAs anyone got any ideas ?
many thanks!

Helpful resources

Quick Links

Anton Venter – Community Spotlight

Kudos to our October Community Star of the month!

Announcing Our 2024 Season 2 Super Users!

A new season of Super Users has arrived, and we are so grateful for the daily…

Dynamics 365 Community Newsletter - September 2024

Check out the latest community news

Leaderboard

#1
André Arnaud de Calavon Profile Picture

André Arnaud de Cal... 290,524 Super User 2024 Season 2

#2
Martin Dráb Profile Picture

Martin Dráb 228,469 Most Valuable Professional

#3
nmaenpaa Profile Picture

nmaenpaa 101,148

Leaderboard

Featured topics

Product updates

Dynamics 365 release plans