How to renew a certificate in Exchange hybrid? You have a new third-party certificate installed…
You like to remove a certificate in Exchange Server. After signing in to Exchange Admin Center and removing the certificate, an error is showing. It’s showing that a special Rpc error occurs on server Exchange. Removing the certificate with PowerShell is giving you the same error. Now how to fix this problem and why are you getting that error?
Table of contents
Error when removing certificate in Exchange Server
Removing the Exchange certificate is not working and an error is showing. Let’s have a look at what is happening in the Exchange Admin Center and in PowerShell. After that, we can come up with a solution.
Error a special Rpc error occurs on server in Exchange Admin Center
The following error is showing when removing the certificate in Exchange Server 2016.
A special Rpc error occurs on server EX01-2016: The internal transport certificate cannot be removed because that would cause the Microsoft Exchange Transport service to stop. To replace the internal transport certificate, create a new certificate. The new certificate will automatically become the internal transport certificate. You can then remove the existing certificate.
Error a special Rpc error occurs on server with PowerShell
Find the thumbprint of the certificate that you like to remove in Exchange Admin Center. Do you want to find the certificate in PowerShell? Read the article Get Exchange certificiate with PowerShell.
Click servers in the feature pane and follow with certificates in the tabs. Select the certificate in the list view and click the edit icon.
Click general in the menu and copy the thumbprint.
Run Exchange Management Shell as administrator. Make use of the Remove-ExchangeCertificate cmdlet including the -Thumbprint parameter. Paste the thumbprint that you copied from the previous step after the -Thumbprint parameter.
[PS] C:\>Remove-ExchangeCertificate -Thumbprint 0C4C00B76EB7DB236573BF79258888D32C9B753D Confirm Are you sure you want to perform this action? Remove certificate with thumbprint 0C4C00B76EB7DB236573BF79258888D32C9B753D from the computer's certificate store? [Y] Yes [A] Yes to All [N] No [L] No to All [?] Help (default is "Y"): Y A special Rpc error occurs on server EX01-2016: The internal transport certificate cannot be removed because that would cause the Microsoft Exchange Transport service to stop. To replace the internal transport certificate, create a new certificate. The new certificate will automatically become the internal transport certificate. You can then remove the existing certificate. + CategoryInfo : InvalidArgument: (:) [Remove-ExchangeCertificate], InvalidOperationException + FullyQualifiedErrorId : [Server=EX01-2016,RequestId=2b89e3a0-3a90-44a0-a24f-b4a3aab1ac8f,TimeStamp=6/8/2020 6:14 :05 PM] [FailureCategory=Cmdlet-InvalidOperationException] 20CCF95D,Microsoft.Exchange.Management.SystemConfigurat ionTasks.RemoveExchangeCertificate + PSComputerName : ex01-2016.exoip.local
The error is clearly showing and the certificate can’t be removed. What is the solution?
Assign certificate to Exchange services
Click the new certificate that you like to assign to the Exchange services. Click the edit icon. In my example, it’s the self-signed certificate.
Click services on the left menu. We clearly can see that the services are already checked and greyed out.
Solution a special Rpc error occurs on server
Let’s recap that, the services are checked on the self-signed certificate. We can’t remove the old certificate as an error is showing up. What is the solution? The answer is PowerShell. We have to assign the self-signed certificate to the Exchange services with PowerShell.
Before we do that, grab the thumbprint certificate of the certificate that you like to assign. Copy the thumbprint.
Assign the new certificate to the Exchange services. Click Y and press Enter.
[PS] C:\>Enable-ExchangeCertificate -Thumbprint 9BC8DF0DC366A87E2D397DD4CD328D91533346D2 -Services SMTP,IMAP,POP,IIS Confirm Overwrite the existing default SMTP certificate? Current certificate: '0C4C00B76EB7DB236573BF79258888D32C9B753D' (expires 9/3/2020 6:22:51 PM) Replace it with certificate: '9BC8DF0DC366A87E2D397DD4CD328D91533346D2' (expires 6/6/2025 8:00:12 PM) [Y] Yes [A] Yes to All [N] No [L] No to All [?] Help (default is "Y"): Y
Have a look at the old certificate that we want to remove. Almost all services are unchecked (only SMTP is checked).
Click the certificate and click the delete icon.
A warning is showing. Click OK.
The certificate is not showing in the list view. The certificate is removed successfully.
I hope that this article helped you to fix the a special Rpc error occurs on server from showing.
In this article, you learned why the error a special Rpc error occurs on server is showing. Get the thumbprint of the certificate that you like to assign. Run the cmdlet as shown in the article to assign the certificate to the Exchange services. After that, remove the old certificate. No more error showing up.
Did you enjoy this article? If so, you may like the article How to import certificate in Exchange 2016. Don’t forget to follow us and share this article.