none
Unable to enable SSL for SMTP services - Exchange 2010

    Pregunta

  • Hi,

    We have a problem when enable  SSL for SMTP services. We are using wildcart cert for our exchange 2010. We do not have any problem to enable the certificate for OWA/IIS. We are using the command as below and the error return as: 

    [PS] C:\>Enable-ExchangeCertificate -Server "MSG-HUB1" -Services "SMTP" -Thumbprint 274D0CB3118E1C9D27A1E3B66043004B494C6C0E
    The certificate with thumbprint 274D0CB3118E1C9D27A1E3B66043004B494C6C0E was found but is not valid for use with Exchange Server (reason: PrivateKeyNotAccessible).
        + CategoryInfo          : NotSpecified: (:) [Enable-ExchangeCertificate], InvalidOperationException
        + FullyQualifiedErrorId : 6DD20B,Microsoft.Exchange.Management.SystemConfigurationTasks.EnableExchangeCertificate     

    This is renewal for the SSL certificate, is there anyone have problem like us?

    please advice!

    Regards,

    shiro

    jueves, 15 de noviembre de 2012 7:58

Todas las respuestas

  • Hi shiro,

    Please imported that cert into personal folder on msg server with exportable key and then try again.

    Hope it is helpful.


    Fiona Liao

    TechNet Community Support

    viernes, 16 de noviembre de 2012 8:28
  • Hi Fiona,

    Thanks for the comments! However, actually I already imported the cert into personal folder but it still showing the error message.

    I'm running the command below:

    C:\>Get-ExchangeCertificate -Thumbprint 274D0CB3118E1C9D27A1E3B66043004B494C6C0E | New-ExchangeCertificate
    The certificate with thumbprint 274D0CB3118E1C9D27A1E3B66043004B494C6C0E was found but is not valid for use with Exchange Server (reason: PrivateKeyNotAccessible).
        + CategoryInfo          : NotSpecified: (:) [Get-ExchangeCertificate], InvalidOperationException

        + FullyQualifiedErrorId : 7052D273,Microsoft.Exchange.Management.SystemConfigurationTasks.GetExchangeCertificate

    FYI, we are using wildcart certificate, should be any problem?

    lunes, 26 de noviembre de 2012 8:38
  • Hi,

    You said you are using a wildcertificate, but the cmdlet Net-exchange server is using to generate/renew a self-signed certificate. They are two kind of certificates.


    Fiona Liao
    TechNet Community Support

    miércoles, 28 de noviembre de 2012 9:33
  • Hi Fiona,

    Thanks for the comment! We are able to import the wildcard key into personal folder. However, we cant enable the SMTP services using wildcard cert.

    Event ID: 1033

    EdgeSync failed to decrypt the credential for Edge Transport server edge2.mydomain.net using the private key of the default Exchange certificate with exception Bad Data.
    . The certificate's thumbprint is 274D0CB3118E1C9D27A1E3B66043004B494C6TYU and its subject is CN=*.mydomain.net, OU=PremiumSSL Wildcard, OU=Hosted by Company, OU=Hosted Exchange. Use either Enable-ExchangeCertificate or New-ExchangeCertificate to set the proper Exchange default certificate and re-subscribe the Edge Transport server msg-edge2.mydomain.net again.

    When we run the command "Test-EdgeSynchronization"

    C:\>Test-EdgeSynchronization



    RunspaceId                  : 4d86d2ab-5f44-4392-9d07-96991ba7c765
    SyncStatus                  : Failed
    UtcNow                      : 11/28/2012 2:07:25 AM
    Name                        : edge2
    LeaseHolder                 :
    LeaseType                   : None
    FailureDetail               : EdgeSync service cannot connect to this subscription because of error "No EdgeSync credentials were found for Edge transport server edge2.mydomain.net on the local Hub Transport server. Remove the Edge subscription and re-subscribe the Edge Transport server".      

    The server now are in production, if we re-subscribe the edge subscription i belive we need to restart the services such likes transport services and ADAM services. How do we backup the domains listed under Accepted domains at hub transport? What aspecting would be happen if we re-subcribe the edge subscription? 

    Or maybe have another workaround in order to  re-subscribe edge transport server?

    Appreciate it if anyone can give some comments for this issues.

    Thanks!



    • Editado ShiroBB jueves, 29 de noviembre de 2012 6:26
    jueves, 29 de noviembre de 2012 6:23