Forum Discussion
Exchange 2016 On-premise Hybrid Configuration for Management & Federation Certificate
I have an Exchange Server 2016 on-premise for Exchange Admin Center Management of Exchange attributes only as we've migrated to Office 365 years ago. I got notification that self-signed certifica...
It seems that the only Thumbprint I see via the Exchange Management Shell is the one for the invalid/expired certificate. I don't see one for the valid ones, so how would I be able to add the services to it?
I've figured out how to handle my scenario with this and here is what I did to resolve it:
* I found that I had to delete the trust and recreate it due to the expired certificate, but couldn't do it from the UI, so I used PowerShell to remove each federated domain, then the primary one, then finally the trust itself
* Although, I didn't have to recreate the trust, I had to again use PowerShell to create a new certificate for the "Microsoft Exchange Server Auth Certificate" which came up via the Health Check script for the Exchange upgrade procedures as being needed
* I also had to renew the certificate for "WMSVC" but this one wasn't expired, so I was able to renew it using the UI. The Health Check script identified it as having SHA1 instead of SHA2, so that's why I renewed it
* Deleted all old certs via MMC console...That pretty much summarizes everything, glad that's over with 😉
* I found that I had to delete the trust and recreate it due to the expired certificate, but couldn't do it from the UI, so I used PowerShell to remove each federated domain, then the primary one, then finally the trust itself
* Although, I didn't have to recreate the trust, I had to again use PowerShell to create a new certificate for the "Microsoft Exchange Server Auth Certificate" which came up via the Health Check script for the Exchange upgrade procedures as being needed
* I also had to renew the certificate for "WMSVC" but this one wasn't expired, so I was able to renew it using the UI. The Health Check script identified it as having SHA1 instead of SHA2, so that's why I renewed it
* Deleted all old certs via MMC console...That pretty much summarizes everything, glad that's over with 😉