locked
The encryption certificate cannot be accessed by the CRM service account RRS feed

  • Question

  • I'm trying to install CRM 2016 onto a new server, and upgrade an existing CRM 2015 organization in the process.

    I'm getting this error during the System Checks step of CRM Setup: "The encryption certificate '(certificate here)' cannot be accessed by the CRM service account."

    I have no idea what that means since I see no security settings that I can configure in the Certificates interface.

    This is running on Windows Server 2012 R2 with SQL Server 2014 Standard. I took the organization database and the MSCRM_CONFIG database from the old server and restored them onto this server so I could upgrade those databases during this installation. I also installed the certificate from the old server to the certificate store on this new computer.


    I recently changed the service account to be local administrator of the machine, but still get this same message from the CRM Setup.
    • Edited by tfishr Thursday, December 31, 2015 6:28 PM
    Thursday, December 31, 2015 4:56 PM

Answers

  • I decided to go back and perform a new deployment with a new, temporary organization and then plan to use the Import Organization wizard later. The first step appears to have worked in that the certificate error was not a problem this time.

    Monday, January 4, 2016 6:36 PM

All replies

  • First of all, you shouldn't restore the MSCRM_Config database. This database is deployment specific, so shouldn't be restored for a new deployment. Instead, you should install a new CRM 2016 deployment, then make any changes (e.g. to enable Claims authentication) via Deployment Manager

    Re the certificate error - if you still get this with a new deployment, then this will refer to the settings in the Certificates MMC snap-in, via All Tasks, Manage Private Keys on the certificate


    Microsoft CRM MVP - http://mscrmuk.blogspot.com/ http://www.excitation.co.uk

    Monday, January 4, 2016 12:44 PM
    Moderator
  • I decided to go back and perform a new deployment with a new, temporary organization and then plan to use the Import Organization wizard later. The first step appears to have worked in that the certificate error was not a problem this time.

    Monday, January 4, 2016 6:36 PM