Forum Discussion

DamianM2440's avatar
DamianM2440
Copper Contributor
Nov 04, 2024

Exchange Hybrid connector validation from o365 to on-prem

We recently setup Exchange Hybrid on Classic mode. Completed without errors.

During setup we ensure that the Transport Certificate is valid and we assigned our 3rd party cert.

 

We checked on IIS that "Default Front End" certificates are assigned with 3rd party cert.

IIS 'Exchange Back End' is using the private "Exchange Server" certificate.

 

When checking Exchange online connectors and validating the O365-Onprem connector, it errors with

 

"450 4.4.317 Cannot connect to remote server [Message=SubjectMismatch Expected Subject: ...... Thumbprint:######"

 

When troubleshooting and Checking the certificate thumbprint from the error message on the server.  Determined that the thumbprint belonged to the private certificate used in the 'Exchange Back End'

 

Not sure why it's presenting the wrong certificate and not the front-end certificate?

 

Normal email flow is still working.

 

Appreciate anyone's feedback.

  • Dan_Snape's avatar
    Dan_Snape
    Steel Contributor
    Mail flow is secured via the send and receive connectors, so view the cert names with get-sendconnector and get-recieveconnector for the on-prem Exchange and make sure the correct ones are assigned
  • randieriko's avatar
    randieriko
    Copper Contributor

    check what certificate is assingned to that particular connector. TLS Domain specified must match with the remote host.

Resources