none
Exchange 2010 Hybrid Office 365 SSL certificate issue

    问题

  • We have an Exchange 2010 Office 365 hybrid setup operating. It has been working for about 4 years now and is fully patched up. All mailboxes are located in Exchange Online. Autodiscover is pointing to our hybrid on premise server as recommended by Microsoft. The SSL certificate on the on premise server was about to expire so we replaced it with a newly purchased one. We removed the old certificate completely from the on premise Exchange and also double checked it was removed from the certificate store. I applied a new certificate which applied fine.

    The problem is that when our Outlook 2016 clients and connecting to the on premise Exchange server they are getting the certificate error. Stating that the certificate has expired. You can press view certificate and it is showing the old, expired certificate that was removed and deleted. I can’t for the life of me work out why this is still occurring and how it is seeing this certificate which has been removed from the EMC and the server’s certificate store.
    Any help appreciated.

    2018年7月11日 6:33

全部回复

  • Hi MatthewCTM,

     

    1.Please run Get-ExchangeCertificate | fl cmdlet to verify if the certificate was assigned to services.

    2.Test if you will get certificate warning if you login to OWA

    3.Check the Default web site binding setting if the Https is assigned correct certificate.

    Regards,

    Gavin Gao


    Please remember to mark the replies as answers if they helped. If you have feedback for TechNet Subscriber Support, contact tnsf@microsoft.com.

    Click here to learn more. Visit the dedicated forum to share, explore and talk to experts about Microsoft Teams.

    2018年7月12日 5:48
  • Hi Gavin,

    Thanks for the reply. Yes I have tried those three suggestions that you offered. None of them show the old certificate and that is what is stumping me.
    Running the command show the need certificate, the bindings show the new certificate and the webmail also works fine and shows the new certificate.
    I cant understand this. Very weird.

    This is an Office 365 hybrid setup. Is there anywhere else I need to check?

    2018年7月12日 5:57
  • Hi Matthew,

     

    If only the Outlook client shows the old certificate, try to follow the steps below to clear SSL certificate and check again:

     

    Open the Control Panel and then Internet Options.

    Go to the Content tab.

    Click the Clear SSL State button.


    Regards,

    Gavin Gao


    Please remember to mark the replies as answers if they helped. If you have feedback for TechNet Subscriber Support, contact tnsf@microsoft.com.

    Click here to learn more. Visit the dedicated forum to share, explore and talk to experts about Microsoft Teams.

    • 已建议为答案 Gavin-Gao 2018年7月25日 8:13
    2018年7月16日 9:53
  • Hi Gavin,

    Thanks for the reply. I have also tried clearing that SSL state as in your suggestion but we are still getting the certificate issue. I am really stumped on this one and can't work out why this is happening.

    Regards,

    Matt

    2018年7月25日 22:58
  • Hi Matthew,

     

    Did you rerun Hybrid configuration wizard after replacing the old certificate?

     

    Also, I found an article describe the procedure for replacing certificates in the hybrid environment:

     

    Procedure for replacing expired certificates on transport servers which are part of Hybrid configuration

    https://blogs.technet.microsoft.com/rrajan/2017/08/31/procedure-for-replacing-expired-certificates-on-transport-servers-which-are-part-of-hybrid-configuration/

    Regards,

    Gavin Gao


    Please remember to mark the replies as answers if they helped. If you have feedback for TechNet Subscriber Support, contact tnsf@microsoft.com.

    Click here to learn more. Visit the dedicated forum to share, explore and talk to experts about Microsoft Teams.

    2018年7月31日 8:24