Today I was trying to upgrade Exchange Server 2019 RTM to cumulative update CU 5 stopped with an error. The upgrade went up to Step 10 and errored out with the following error message.


 The following error was generated when "$error.Clear();
 Install-ExchangeCertificate -services IIS -DomainController $RoleDomainController
 if ($RoleIsDatacenter -ne $true -And $RoleIsPartnerHosted -ne $true)
 Install-AuthCertificate -DomainController $RoleDomainController
 " was run: "Microsoft.Exchange.Management.Clients.FormsAuthenticationMarkPathUnknownSetError: An unexpected error occurred while modifying the forms authentication settings for path /LM/W3SVC/1. The error returned was 5506.
 at Microsoft.Exchange.Configuration.Tasks.Task.ThrowError(Exception exception, ErrorCategory errorCategory, Object target, String helpUrl)
 at Microsoft.Exchange.Configuration.Tasks.Task.WriteError(Exception exception, ErrorCategory category, Object target)
 at Microsoft.Exchange.Management.SystemConfigurationTasks.InstallExchangeCertificate.EnableForServices(X509Certificate2 cert, AllowedServices services)
 at Microsoft.Exchange.Management.SystemConfigurationTasks.InstallExchangeCertificate.InternalProcessRecord()
 at Microsoft.Exchange.Configuration.Tasks.Task.<ProcessRecord>b__91_1()
 at Microsoft.Exchange.Configuration.Tasks.Task.InvokeRetryableFunc(String funcName, Action func, Boolean terminatePipelineIfFailed)". 


To resolve this issue, I opened the Internet Information Services Manager and went to the Default website and right click and bindings option and changed the certificate from the third party one to the self-signed certificate.

Restarted the IIS using the command iisreset from the command prompt.

Restarted the Exchange CU upgrade and the upgrade completed successfully.

After the upgrade, I changed the Default website binding back third party certificate for the https binding.

Hope this would help someone.


  1. Benjamin Chen

    I was stuck on this for 4 week before running into your fix. We went from Exchange 2019 RTM directly to CU8 after changing SSL from existing to self-signed.

    I was able to use the same method to upgrade Exchange 2016 CU8 to CU19 using the same procedure.

    Thank you.

  2. Bryan

    Thank you, helped get past this error on 2019 updating to CU8.

Leave a Reply

Your email address will not be published. Required fields are marked *