How to install a certificate in Exchange Server? It's important to secure the Exchange Server…
A special Rpc error occurs on server
You like to remove a certificate in Exchange Server. After signing in to Exchange Admin Center and removing the certificate, an error is showing. It’s showing that a special Rpc error occurs on server Exchange. Removing the certificate with PowerShell gives you the same error. Now how to fix this problem, and why do you get that error?
Table of contents
Error when removing certificate in Exchange Server
Removing the Exchange certificate is not working, and an error is showing. Let’s have a look at what is happening in the Exchange Admin Center and in PowerShell. After that, we can come up with a solution.
Error a special Rpc error occurs on server in Exchange Admin Center
The following error appears when removing the certificate in Exchange Server.
error
A special Rpc error occurs on server EX01-2016: The internal transport certificate cannot be removed because that would cause the Microsoft Exchange Transport service to stop. To replace the internal transport certificate, create a new certificate. The new certificate will automatically become the internal transport certificate. You can then remove the existing certificate.
Error a special Rpc error occurs on server with PowerShell
Find the certificate’s thumbprint you want to remove in Exchange Admin Center. Do you want to find the certificate in PowerShell? Read the article Get Exchange certificate with PowerShell.
Click servers in the feature pane and follow with certificates in the tabs. Select the certificate in the list view and click the edit icon.
Click general in the menu and copy the thumbprint.
Run Exchange Management Shell as administrator. Make use of the Remove-ExchangeCertificate cmdlet, including the -Thumbprint parameter. Paste the thumbprint you copied from the previous step after the -Thumbprint parameter.
[PS] C:\>Remove-ExchangeCertificate -Thumbprint 0C4C00B76EB7DB236573BF79258888D32C9B753D
Confirm
Are you sure you want to perform this action?
Remove certificate with thumbprint 0C4C00B76EB7DB236573BF79258888D32C9B753D from the computer's certificate store?
[Y] Yes [A] Yes to All [N] No [L] No to All [?] Help (default is "Y"): Y
A special Rpc error occurs on server EX01-2016: The internal transport certificate cannot be removed because that
would cause the Microsoft Exchange Transport service to stop. To replace the internal transport certificate, create a
new certificate. The new certificate will automatically become the internal transport certificate. You can then remove
the existing certificate.
+ CategoryInfo : InvalidArgument: (:) [Remove-ExchangeCertificate], InvalidOperationException
+ FullyQualifiedErrorId : [Server=EX01-2016,RequestId=2b89e3a0-3a90-44a0-a24f-b4a3aab1ac8f,TimeStamp=6/8/2020 6:14
:05 PM] [FailureCategory=Cmdlet-InvalidOperationException] 20CCF95D,Microsoft.Exchange.Management.SystemConfigurat
ionTasks.RemoveExchangeCertificate
+ PSComputerName : ex01-2016.exoip.local
The error is clearly showing, and the certificate can’t be removed. What is the solution?
Assign certificate to Exchange services
Click the new certificate that you like to assign to the Exchange services. Click the edit icon. In my example, it’s the self-signed certificate.
Click services on the left menu. We clearly can see that the services are already checked and greyed out.
Solution a special Rpc error occurs on server
The services are checked on the self-signed certificate. But we can’t remove the old certificate as an error is showing up. What is the solution? The answer is PowerShell. We have to assign the self-signed certificate to the Exchange services with PowerShell.
Before we do that, copy the thumbprint certificate of the certificate that you like to assign.
Assign the new certificate to the Exchange services. Click Y and press Enter.
[PS] C:\>Enable-ExchangeCertificate -Thumbprint 9BC8DF0DC366A87E2D397DD4CD328D91533346D2 -Services SMTP,IMAP,POP,IIS
Confirm
Overwrite the existing default SMTP certificate?
Current certificate: '0C4C00B76EB7DB236573BF79258888D32C9B753D' (expires 9/3/2020 6:22:51 PM)
Replace it with certificate: '9BC8DF0DC366A87E2D397DD4CD328D91533346D2' (expires 6/6/2025 8:00:12 PM)
[Y] Yes [A] Yes to All [N] No [L] No to All [?] Help (default is "Y"): Y
Click the certificate and click the delete icon.
A warning is showing. Click OK.
The certificate is not showing in the list view. The certificate is removed successfully.
I hope that this article helped you to fix the a special Rpc error occurs on server from showing.
Read more: How to create certificate in Exchange Server »
Conclusion
You learned why the error a special Rpc error occurs on server is showing. Get the thumbprint of the certificate that you like to assign. Run the cmdlet as shown in the article to assign the certificate to the Exchange services. After that, remove the old certificate. No more error is showing up.
Did you enjoy this article? If so, you may like Install FREE Let’s Encrypt certificate in Exchange Server. Don’t forget to follow us and share this article.
ALI- Thank you for your help and great work!!!
My 1st time ever Exchange 2010 to 2016 migration was all done just following all the articles from your site. Now, I’m remove all Exchange 2010 entries from 2016 servers so that I could decom. Exchange 2010. Removing 2010 Mailboxes giving error message, Can you provide a guide to complete remove 2010 from 2016?
Glad to hear that, Fuad.
The best way is to follow the article Uninstall Exchange Server 2010 step by step.
My old wildcard certificate has only SMTP checked and I still can’t delete it. The same message occurred 🙁
I just followed the steps, and it still works. Try to do the steps again.
Issue for me was that the Microsoft Exchange Server Auth Certificate was the one that the command wanted to replace rather than the imported godaddy certificate..
Ideas why and how i force replacement of the correct one?
You can have a look at the article Install Exchange certificate with PowerShell.
Worked for me