After performing an (upgrade-)installation of Trados GroupShare the application service does not start or starts and stops again after a couple of seconds.
When you check the application log or Event Viewer log you can find the messages:
Exception Object: System.InvalidOperationException
Message: Cannot find the X.509 certificate using the following search criteria: StoreName 'My', StoreLocation 'LocalMachine'
To work around this problem the solution is usually to run the CertificateRefresh.exe with administrative privileges (by default located: C:\ProgramData\Package Cache\SDL\SDLTradosGroupShare202x).
However, when trying to execute the CertificateRefresh.exe via the Command Prompt, the following error is displaying:
The computer must be trusted for delegation and the current user account must be configured to allow delegation.
This means that the required identity.sdl.com certificate wasn't and/or cannot be added to the certificate storage of the web/application server.
Note: If ProtectionPolicy doesn't exist, add DWORD (32bit) value, name it ProtectionPolicy and then change the value to 1.
Having the identity.sdl.com certificate installed requires the Group Policy “Enable computer and user accounts to be trusted for delegation” to be set.If it is not set on the web/application server where GroupShare is installed, the installation of the certificate during or after the install (via the CertificateRefresh.exe) cannot be performed.