Knowledge Base

Our dedicated Product Specialist team is always ready to help you when you need it the most. Contact Support

Service failed to start (Initializing ServiceHost) System.InvalidOperationException: Cannot find the X.509 certificate using the following…

The Specops Password Reset Server Service will not start on the server, the application log is showing the following error:

Service failed to start (Initializing ServiceHost)
System.InvalidOperationException: Cannot find the X.509 certificate using the following search criteria: StoreName ‘My’, StoreLocation ‘LocalMachine’, FindType ‘FindByThumbprint’, FindValue ‘..’.
at System.ServiceModel.Security.SecurityUtils.GetCertificateFromStoreCore(StoreName storeName, StoreLocation storeLocation, X509FindType findType, Object findValue, EndpointAddress target, Boolean throwIfMultipleOrNoMatch)
at System.ServiceModel.Security.SecurityUtils.GetCertificateFromStore(StoreName storeName, StoreLocation storeLocation, X509FindType findType, Object findValue, EndpointAddress target)
at System.ServiceModel.Configuration.X509RecipientCertificateServiceElement.ApplyConfiguration(X509CertificateRecipientServiceCredential cert)
at System.ServiceModel.Configuration.ServiceCredentialsElement.ApplyConfiguration(ServiceCredentials behavior)
at System.ServiceModel.Configuration.ServiceCredentialsElement.CreateBehavior()
at System.ServiceModel.Description.ConfigLoader.LoadBehaviors[T](ServiceModelExtensionCollectionElement`1 behaviorElement, KeyedByTypeCollection`1 behaviors, Boolean commonBehaviors)
at System.ServiceModel.Description.ConfigLoader.LoadServiceDescription(ServiceHostBase host, ServiceDescription description, ServiceElement serviceElement, Action`1 addBaseAddress, Boolean skipHost)
at System.ServiceModel.ServiceHostBase.LoadConfigurationSectionInternal(ConfigLoader configLoader, ServiceDescription description, ServiceElement serviceSection)
at System.ServiceModel.ServiceHost.ApplyConfiguration()
at System.ServiceModel.ServiceHostBase.InitializeDescription(UriSchemeKeyedCollection baseAddresses)
at System.ServiceModel.ServiceHost..ctor(Type serviceType, Uri[] baseAddresses)
at Specopssoft.SpecopsPasswordReset.Server.SpecopsPasswordResetServer.AsynchronousStartupProcedure()


This X.509 certificate related error usually turns up when a wrong certificate or a non-working certificate has been selected when installing or upgrading the Specops password reset server.

It’s completely fine to use a self-signed certificate for the Specops password reset server. It usually works flawlessly and it’s perfectly secure as it’s only used for signing the internal communications on the server between the WCF components. It has nothing to do with IIS and the client interaction.

However when you install or upgrade your Specops password reset web server services you should use a SSL certificate.

How to change to a self-signed certificate:

1. Uninstall the Specops password reset server component in “Programs and Features” or “Apps and Features”.

2. Run the Specops password reset setup assistance and install the password reset server. In the wizard: Select an existing self-signed certificate. If you’re uncertain about which one to pick just create a new one by clicking on the “Create Self-signed Certificate” button.

3. Finish the installation and if the Specops Password Reset service is not already up and running, start it in “Services”.

That’s it. Hopefully it will work now, without any certificate related errors.

October 14, 2020

Was this article helpful?

Related Articles