A hybrid Exchange is a combination of an on-premises Exchange and cloud-based services. It allows organizations to leverage the benefits of both environments while reducing IT costs by using existing infrastructure.
The renew ssl certificate exchange 2016 hybrid is a process that has been around for a while. It allows users to renew their SSL certificates in Exchange hybrid environments.
In Exchange hybrid, how do you renew a certificate? The Exchange Server now has a new third-party certificate installed. You’d want to get rid of the old certificate now that you’ve completed that job. However, you get an error notice stating that these certificates are associated with the Outbound to Office 365 send connector. What is the cause of this, and what is the remedy?
Exchange certificate is invalid.
Access the Exchange Server by logging in. Select Servers > Certificates from the drop-down menu. If you have more than one Exchange Server, choose one from the drop-down option.
We have an invalid certificate in our case.
Important: In production settings, the certificate must be renewed before it becomes invalid. Otherwise, the mail flow would be disrupted.
Install the certificate for Exchange.
On the Exchange Server, we installed a free Let’s Encrypt certificate. We also assigned it to the IMAP, ISS, and SMTP services. The status of the certificate is Valid.
These certificates are labeled with the Send Connectors shown below.
The new certificate has been installed and is now valid. The old certificate, on the other hand, is no longer valid. To keep things clean, we’ll delete the old certificate from the Exchange Server.
We receive an issue when we try to delete the invalid Exchange certificate.
error On server EX02-2016, a unique RPC error occurs: The following Send Connectors are associated with these certificates: Outbound to Office 365 – d1c9beac-0655-48e7-9949-5e497af1d38d. The mail flow would be disrupted if certificates were removed and replaced in Send Connector. If you wish to continue, change or delete these certificates from Send Connector before running this command.
What causes this issue, and how can we get rid of the certificates associated with the send connector Outbound to Office 365?
Using PowerShell, you may renew a certificate in an Exchange hybrid environment.
The fix for this issue is to give the new certificate to the following:
- Outbound to Office 365 send connector
- Receive connector: Frontend default
Important: Repeat the procedure on the other Exchange Servers.
Take the following steps:
Gather data in step one.
In the Exchange admin area, double-click the new certificate. Make a copy of the thumbprint.
Select Mail Flow > Send Connectors from the drop-down menu. Copy the name of the transmit connection from Outbound to Office 365. It’s Outbound to Office 365 – d1c9beac-0655-48e7-9949-5e497af1d38d in our case.
To access the receive connections, go to mail flow > receive connectors. Copy the name of the default Frontend receive connector. It’s Default Frontend EX02-2016 in our case.
Step 2: Replace the old certificate with the new one.
As an administrator, run Exchange Management Shell. Get the Exchange certificate that has the thumbprint that you copied before.
Get-ExchangeCertificate -Thumbprint “2936E663C57F488BDC11661357DB60D031A90CE8” Thumbprint Services C:>Get-ExchangeCertificate -Thumbprint “2936E663C57F488BDC11661357DB60D031A90CE8” ———— ——————————————————————————————————————————- 2936E663C57F488BDC11661357DB60D031A90CE8 CN=mail.exoip.com I..WS..
The value is saved in the $TLSCert variable.
C:>$TLSCert = Get-ExchangeCertificate -Thumbprint “2936E663C57F488BDC11661357DB60D031A90CE8” [PS] C:>$TLSCert = Get-ExchangeCertificate -Thumbprint “2936E663C57F488BDC11661357DB60D031A90CE8”
The $TLSCertName variable holds the certificate issuer and certificate subject information.
[PS] C:>$TLSCertName = “$($TLSCert.Issuer)$($TLSCert.Issuer)$($TLSCert.Issuer)$($TLSCert.
Use the TlsCertificateName argument in the Set-SendConnector cmdlet. Copy the transmit connection name from the previous step and paste it here.
Use the TlsCertificateName argument in the Set-ReceiveConnector cmdlet. Input the name of the receive connection you copied in the previous step.
When you execute the Set-SendConnector and Set-ReceiveConnector cmdlets, you may receive a warning as output. Because the new certificate’s Issuer field and Subject field are identical to the previous certificate’s, this is the case.
We did install a fresh Let’s Encrypt certificate in our example. However, the previous certificate was also issued by Let’s Encrypt. That’s why we got the following error.
WARNING: The command was successfully executed, but no settings were changed.
You do not need to be concerned if you notice the above warning. However, you should get rid of the old certificate. Unfortunately, since it still believes it’s linked to both connections, it won’t allow you remove it in the Exchange admin area.
In the MMC snap-in, see the certificates and remove the invalid certificate from the Personal store. Checking the Expiration Date is a great method to identify the certificate.
Return to the Exchange administration center. Click the refresh button in the toolbar or reload the page. The old certificate has been successfully deleted, and the new certificate remains active.
Step 3: Restart Internet Information Services (IIS).
Restart the Exchange Server’s Internet Information Services (IIS).
With the Office 365 Hybrid Configuration Wizard, you may renew your certificate in Exchange hybrid.
Restarting the Hybrid Configuration Wizard is another option for renewing the Exchange hybrid certificate. Connect using your credentials in the first step, then click the Next button to go through the setup process.
The Transport Certificate window will appear in the setup wizard. Pick a new certificate. Continue by pressing the next button.
Update should be selected.
The Office 365 Hybrid Configuration Wizard configured the new certificate for both the transmit connection and receive connector.
That concludes our discussion.
Continue reading: Exchange Server Certificate Export »
You learnt how to renew the Exchange hybrid certificate in this post. Gather the new certificate information and use the instructions to configure the TLS certificate on the transmit and receive connectors. Rerunning the Office 365 Hybrid Configuration Wizard and selecting the new certificate is another option.
Did you find this article to be interesting? You may also be interested in the PowerShell script to restart Exchange services. Don’t forget to subscribe to our newsletter and share this post.
The exchange delegation federation certificate hybrid is a type of certificate that allows an organization to delegate the authority for their Exchange Online service. This can be helpful in certain cases where organizations are looking to migrate from on-premises Exchange servers to Azure.
Frequently Asked Questions
How do I renew my exchange certificate?
You can renew your certificate by visiting the following locations:
What happens when exchange certificate expires?
If your certificate expires, you will be unable to log in to the game.
How do I renew SSL certificate in Exchange 2016?
To renew your SSL certificate in Exchange 2016, you need to open the Exchange Management Shell and run the following command:
- renew ssl certificate exchange 2013 hybrid
- exchange hybrid wildcard certificate
- office 365 exchange certificate expired
- exchange 2010 renew self-signed certificate
- exchange 2013 certificate renewal step by step