SOLVED

HCW - Test-MigrationServerAvailability fails with SSL / TLS error

Brass Contributor

Hi All,

 

  I'm trying to set up exchange 2016 coexisting with exchange 2010 environment and get rid of exchange 2010.

 

 I have followed all the guides online and setup everything except HCW.

 

 I'm using Exchange 2010 Selfsign certificate with new exchange server. This certificate got the public name as SAN: webmail.mydomain.com

 

webmail.mydomain.com----> 210.22.123.48 ------> FW------443----->Exchange2016

 

Error:

Microsoft.Exchange.Migration.MigrationServerConnectionFailedException: The connection to the server'hybrid.contoso.com' could not be completed. --->
Microsoft.Exchange.MailboxReplicationService.MRSRemotePermanentException: The Mailbox Replication Service could not connect to the remote server because the certificate is invalid. The call to 'https://hybrid.contoso.com/EWS/mrsproxy.svc' failed. Error details: Could not establish trust relationship for the SSL/TLS secure channel with authority 'hybrid.contoso.com'. -->The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel. --> The remote certificate is invalid according to the validation procedure.

 

Do i really need the endpoint creation? All our mailboxes are on o365 and required by this server for management and smtp relay?

 

can we disable the port 443 after the HCW?

 

Do i have to create new selfsigh cert from exchange 2016? 

 

 

 

TA

2 Replies
best response confirmed by aussupport (Brass Contributor)
Solution

Hi @aussupport 

Unless you need to migrate users you don't need to create the migration endpoint. Also if there are no users (now or ever) on the legacy system, you don't need to run the HCW. You can just manually create the connectors for mail relay etc.

I just attached the public SSL and run the HCW to successfully complete.
1 best response

Accepted Solutions
best response confirmed by aussupport (Brass Contributor)
Solution

Hi @aussupport 

Unless you need to migrate users you don't need to create the migration endpoint. Also if there are no users (now or ever) on the legacy system, you don't need to run the HCW. You can just manually create the connectors for mail relay etc.

View solution in original post