Exchange Renew certificate in Exchange Hybrid

 Thank to: https://www.alitajran.com/

How to renew a certificate in Exchange Hybrid? You have a new third-party certificate installed on the Exchange Server. Now that you finished that task, you like to remove the old certificate. But you get a message that these certificates are tagged with the Outbound to Office 365 send connector. Why is this happening, and what is the solution?

Table of contents

Invalid Exchange certificate

Sign in to the Exchange Server. Navigate to servers > certificates. Select the Exchange Server from the drop-down menu if you have multiple Exchange Servers.

In our example, we have an invalid certificate.

Important: In production environments, you need to renew the certificate before it gets invalid. Otherwise, mail flow will not work.

Exchange third-party certificate date invalid

Install Exchange certificate

We did install a free Let’s Encrypt certificate on the Exchange Server. Also, we did assign it to the services IMAP, ISS, and SMTP. The certificate shows the status Valid.

Exchange third-party certificate date valid

Read more: Install Exchange certificate with PowerShell »

These certificates are tagged with following Send Connectors

The new certificate is installed and valid. However, the old certificate is invalid. Let’s remove the old certificate on the Exchange Server to keep everything tidy.

When we want to remove the invalid Exchange certificate, we do get an error.

Error these certificates are tagged with following Send Connectors Outbound to Office 365

error
A special Rpc error occurs on server EX02-2016: These certificates are tagged with following Send Connectors : Outbound to Office 365 – d1c9beac-0655-48e7-9949-5e497af1d38d. Removing and replacing certificates from Send Connector would break the mail flow. If you still want to proceed then replace or remove these certificates from Send Connector and then try this command.

Why do we get this error, and what is the solution for removing the certificates that are tagged with the send connector Outbound to Office 365?

Renew certificate in Exchange Hybrid with PowerShell

The solution to this error is that we need to assign the new certificate to the:

  1. Send connector: Outbound to Office 365
  2. Receive connector: Default frontend

Important: Do the same steps on the other Exchange Servers.

Follow these steps:

Step 1. Collect information

Double-click the new certificate in the Exchange admin center. Copy the Thumbprint.

Copy new certificate thumbprint

Go to mail flow > send connectors. Copy the Outbound to Office 365 send connector name. In our example, it’s Outbound to Office 365 – d1c9beac-0655-48e7-9949-5e497af1d38d.

Copy send connector outbound to Office 365 name

Go to mail flow > receive connectors. Copy the Default Frontend receive connector name. In our example, it’s Default Frontend EX02-2016.

Copy default frontend name

Step 2. Set the new certificate

Run Exchange Management Shell as administrator. Get the Exchange certificate with the thumbprint that you copied in the previous step.

PS] C:\>Get-ExchangeCertificate -Thumbprint "2936E663C57F488BDC11661357DB60D031A90CE8"

Thumbprint                                Services   Subject
----------                                --------   -------
2936E663C57F488BDC11661357DB60D031A90CE8  I..WS..    CN=mail.exoip.com

Store the value to the $TLSCert variable.

[PS] C:\>$TLSCert = Get-ExchangeCertificate -Thumbprint "2936E663C57F488BDC11661357DB60D031A90CE8"

Store the certificate issuer and certificate subject values to the $TLSCertName variable.

[PS] C:\>$TLSCertName = "<I>$($TLSCert.Issuer)<S>$($TLSCert.Subject)"

Run the Set-SendConnector cmdlet, including the TlsCertificateName parameter. Fill in the Exchange Server name\send connector name that you copied in the previous step.

[PS] C:\>Set-SendConnector "Outbound to Office 365 - d1c9beac-0655-48e7-9949-5e497af1d38d" -TlsCertificateName $TLSCertName

Run the Set-ReceiveConnector cmdlet, including the TlsCertificateName parameter. Fill in the Exchange Server name\receive connector name that you copied in the previous step.

[PS] C:\>Set-ReceiveConnector "EX02-2016\Default Frontend EX02-2016" -TlsCertificateName $TLSCertName

You can get a warning as output when you run the Set-SendConnector and Set-ReceiveConnector cmdlets. That’s because the new certificate’s Issuer field and certificate’s Subject field are the same as the old certificate.

In our example, we did add a new Let’s Encrypt certificate. But the old certificate is also from Let’s Encrypt. That’s why we did get the below error.

WARNING: The command completed successfully but no settings have been modified.

When you see the above warning, you don’t have to worry. But you should delete the old certificate. Unfortunately, it will not let you delete it in the Exchange admin center because it still thinks it’s connected to both connectors.

View the certificates in the MMC snap-in, and delete the invalid certificate in the Personal store. An excellent way to identify the certificate is by checking the Expiration Date.

Delete expired certificate

Go back to the Exchange admin center. Refresh the page or click the refresh icon in the toolbar. The old certificate is removed successfully, and the new certificate is still available.

Only new certificate available in Exchange admin center certificates list

Step 3. Restart IIS

Restart the Internet Information Services (IIS) on the Exchange Server.

[PS] C:\>iisreset

Renew certificate in Exchange Hybrid with Office 365 Hybrid Configuration Wizard

Another way to renew the Exchange Hybrid certificate is to rerun the Hybrid Configuration Wizard. Connect in the first step with your credentials and go through the setup wizard by clicking the Next button.

You will see the Transport Certificate window in the setup wizard. Choose the new certificate. Click next.

Select new certificate in Exchange Hybrid Configuration Wizard

Click on update.

Office 365 Hybrid Configuration Wizard ready for update

The Office 365 Hybrid Configuration Wizard configured the new certificate for both the send connector and receive connector.

Office 365 Hybrid Configuration Wizard completed

That’s it!



Comentarios

Publicar un comentario

Dime si la información de este blog te sirvio.

Entradas populares de este blog

Guía de herramientas básicas para estudiantes: 31 apps y webs imprescindibles para ayudarte con los estudios

Imagen
  Te traemos una guía con   31 aplicaciones y herramientas web para ayudarte como estudiante , una colección muy variada para sacar provecho en diferentes ámbitos en los que puedas necesitarlo. Nos hemos dejado fuera el ámbito educativo para los más jóvenes, recursos que tenemos en   esta otra guía , y nos hemos centrado en estudiantes más adultos. Hemos decidido centrarnos en herramientas prácticas, dejando fuera las plataformas para cursos online, tanto  las más conocidas  como  otras menos conocidas . Lo que hemos preferido buscar son recursos que puedas usar en tu día a día, como gestores de fuentes y citaciones, herramientas para diagramas, para intercambiar apuntes o para crear diferentes contenidos. Y lo que decimos siempre en Xataka Basics hoy cobra más sentido que nunca. Nosotros te traemos 31 herramientas, pero te invitamos a  compartir tus propuestas en la sección de comentarios  para que el resto de usuarios también pueda beneficiarse de los conocimientos de nuestros xatake
Leer más

Comando FOR para archivos BAT

Gracias a: http://profesoremiliobarco.blogspot.com/ El comando FOR sirve para ejecutar bucles de instrucciones, y es una instrucción que se encuentra disponible en todos los lenguajes de programación. Un bucle son varias repeticiones de algunas instrucciones. Este comando suele ser el más complicado de entender para las personas que empiezan a escribir archivos BAT complejos. Aqui intentaré explicar todas las opciones y usos del comando FOR, así como intentar resolver las dudas que los usuarios de Internet me puedan plantear. La sintaxis normal del comando FOR es: FOR %var IN (lista) DO (      comando     comando      ... )  Pero si lo vamos a usar dentro de un archivo BAT será así: FOR %%var IN (lista) DO (      comando     comando      ... ) Observa que la variable "var" ahora va precedida por dos simbolos de "%". Además, si este for está dentro de un archivo BAT, el nombre de la variable debe ser UNA SOLA LETRA (p.ej: %%n, %%i,  %%j , etc
Leer más

How to Setup and Configure Your Own GitLab Server on Ubuntu 20.04

Imagen
  GitLab CE(Community Edition) is a free and opensource web-based git manager tool & it’s written in Ruby. GitLab CE is generally used for Software development teams, it has a lot of features like version control, code review, monitoring, CI & CD, issue management, wiki, etc. GitLab allows you to host your Git reposit o ry that can be accessed from either your local LAN / WAN / local server or (if you have an available public IP address) from outside your company. The community edition is open-sourced and freely available to install and setup. There are three different editions of GitLab available, Community Edition (CE), Enterprise Edition (EE), and a GitLab-hosted version. In this article, we will go step by step to install the latest version of GitLab CE on Ubuntu 20.04 / 18.04 Server. Below should be your laptop or desktop minimum configuration: RAM: Gitlab recommends 4 GB for Gitlab Setup 2 CPU cores. (optional) Domain or subdomain pointing to the server IP address. Instal
Leer más