We are excited to announce the general availability of Exchange Server Subscription Edition (SE). This release continues Microsoft’s long tradition of enabling customers to provide enterprise email s...
Updated Aug 06, 2025
Version 5.0
Blog Post
Found an issue with testing Windows 2025 and Exchange SE in lab. Hybrid connectors to/from 365
Testing connector validation
Validation fine when 365 talking to Server 2016 and Exchange 2016 servers, but not when changing to the Windows Server 2025 with Exchange SE server.
For 2016 server a commercial SSL cert is assigned to SMTP and verified with Get-Transportservice | Select InternalTransportCertificateThumbprint
For SE server, the same commercial SSL cert assigned to SMTP and also verified with the Get-transportservice
365 connector validation error
Reason: [{LED=450 4.4.317 Cannot connect to remote server [Message=UntrustedRoot Expected Subject: <removed>. Presented Subject: CN=<removed>, O=<removed>, C=<removed>. Thumbprint: thumbprint that is a certificate on the Exchange SE server, but not assigned to SMTP
Changed back to the 2016 server, validation succeeds. Changed back to Exchange SE, it failed.
Another test, on Exchange SE server, removed the certificate with the thumbprint shown during the validation. Retried test and the 365-connector validation errored with another 450 mentioning another certificate thumbprint that is not assigned to SMTP.
Not sure if Windows 2025 is contributing to the Exchange SE musical SMTP certificates, but something is odd.
Found the issue, the ExchangeSE Default Front End <exchangese> receive connector didn't have the tlscertificatename assigned to it. The Exchange 2016 had it, the SE server didn't. All is well now with the connector validation.