Recently a customer contacted me with an Exchange 2013 issue. Their Exchange certificate was about to expire and they had some trouble renewing the certificate on one of their Client Access servers.
The 3rd party certificate was successfully imported and activated on the 1st CAS server, but it failed to import on the 2nd CAS server.
Trying to import the certificate generated an error; “Cannot import certificate. A certificate with the thumbprint xxx already exists.”
Get-Exchangecertificate -server CAS2 didn’t return a certificate with that thumbprint.
I decided to start MMC and add the Certificates snap-in for the computer account. And there it was, the 3rd party certificate was already there and in the details was the thumbprint that corresponded with the error message.
After deleting the certificate and an iisreset. After reopening the ECP it was possible to import the certificate from the ECP and assign it for the appropriate services.