My guess is that it is the main reason for the failure. The message about missing key is probably a side effect of this.
Sadly, I don't know enough about Exchange to explain what to do. I'm sure another volunteer will at some point but perhaps this is enough to help until then. This CSR restriction just went into effect a couple weeks ago.