Exchange 2010 SP3 installation fails on SBS 2011

You install Exchange 2010 SP3 on Microsoft Windows Small Business Server 2011 (SBS 2011).

The update fails at the Hub Transport role with the error below:

Hub Transport Role

The following error was generated when "$error.Clear();
          Write-ExchangeSetupLog -Info "Creating SBS certificate";

          $thumbprint =

[Microsoft.Win32.Registry]::GetValue("HKEY_LOCAL_MACHINE\Software\Microsoft\SmallBusinessServer\Networking", "LeafCertThumbPrint", $null);

          if (!

            Write-ExchangeSetupLog -Info "Enabling certificate with thumbprint: $thumbprint for SMTP service";

       Enable-ExchangeCertificate -Thumbprint $thumbprint -Services SMTP;
            Write-ExchangeSetupLog -Info "Removing default Exchange Certificate";

        Get-ExchangeCertificate | where {$_.FriendlyName.ToString() -eq "Microsoft Exchange"} | Remove-ExchangeCertificate;

            Write-ExchangeSetupLog -Info

"Checking if default Exchange Certificate is removed";
            $certs = Get-ExchangeCertificate | where {$_.FriendlyName.ToString() -eq "Microsoft Exchange"};

   if ($certs)
              Write-ExchangeSetupLog -Error "Failed to remove existing exchange certificate"


          Write-ExchangeSetupLog -Warning "Cannot find the SBS certificate";
        " was run: "The certificate with thumbprint

EF21B275EAA71E26D27349711D1272A2C9B246BA was not found.".

The certificate with thumbprint EF21B275EAA71E26D27349711D1272A2C9B246BA was not found.
Click here for help…

Elapsed Time: 00:08:34


The upgrade is looking in this Registry Key "HKEY_LOCAL_MACHINE\Software\Microsoft\SmallBusinessServer\Networking\LeafCertThumbPrint" is picking the "EF21B275EAA71E26D27349711D1272A2C9B246BA" Thumbprint and it's finding that is different than the Thumbprint of the certificate configured for SMTP in Exchange, and the upgrade fails.

The solution:

Go to Exchange Management Console > Server Configuration > and open the certificate configured for SMTP:

Look for the Thumbprint and note it:

Run the command in CMD: netsh http show ssl

Look for the Thumbprint of the certificate which is configured on Exchange 2010 SMTP connector, and copy the Thumbprint from here:

Go to REGISTRY "HKEY_LOCAL_MACHINE\Software\Microsoft\SmallBusinessServer\Networking\LeafCertThumbPrint" and replace the existing Thumbprint with the one of the certificate used for SMTP:

Run again the Exchange 2010 SP3 setup. This time the upgrade will be successful.

After the upgrade run Windows Update for the latest Exchange 2010 SP3 patches.