Today our Exchange servers refused to send out emails to the user mailboxes. After going through the logs, Warnings popped up for Exchange OAuth, which said that SMTPReceive connector was failing because of a certificate issue.
So Exchange server installs a server authentication certificate used for Organizational Authentication for itself and other Exchange servers in the organization for intra-site communication, during initial setup
Usually these certificates have a 5 year validity. Upon expiry, some services start failing to work as needed.
Following the link and steps below, i was able to get the services up and running again.
ref: https://community.spiceworks.com/topic/512374-missing-the-microsoft-exchange-server-auth-certificate
New-ExchangeCertificate -KeySize 2048 -PrivateKeyExportable $true -SubjectName "cn= Microsoft Exchange Server Auth Certificate" -DomainName "*.yourdomain.com" -FriendlyName "Microsoft Exchange Server Auth Certificate" -Services smtp
Do not accept to replace the SMTP certificate when prompted
2. Note the thumbprint of the new certificate. Let us assume it is 7A39541F8DF58D4821967DD8F899B27410F7C081
3. $a=get-date
4. Set-AuthConfig -NewCertificateThumbprint 7A39541F8DF58D4821967DD8F899B27410F7C081 –NewCertificateEffectiveDate $a
Accept to continue despite the fact that the certificate effective date is not 48 hours into the future
5. Set-AuthConfig –PublishCertificate
6. Make sure to remove any potential reference to the previous certificate (which might not exist anymore) by doing Set-AuthConfig -ClearPreviousCertificate.
So Exchange server installs a server authentication certificate used for Organizational Authentication for itself and other Exchange servers in the organization for intra-site communication, during initial setup
Usually these certificates have a 5 year validity. Upon expiry, some services start failing to work as needed.
Following the link and steps below, i was able to get the services up and running again.
ref: https://community.spiceworks.com/topic/512374-missing-the-microsoft-exchange-server-auth-certificate
New-ExchangeCertificate -KeySize 2048 -PrivateKeyExportable $true -SubjectName "cn= Microsoft Exchange Server Auth Certificate" -DomainName "*.yourdomain.com" -FriendlyName "Microsoft Exchange Server Auth Certificate" -Services smtp
Do not accept to replace the SMTP certificate when prompted
2. Note the thumbprint of the new certificate. Let us assume it is 7A39541F8DF58D4821967DD8F899B27410F7C081
3. $a=get-date
4. Set-AuthConfig -NewCertificateThumbprint 7A39541F8DF58D4821967DD8F899B27410F7C081 –NewCertificateEffectiveDate $a
Accept to continue despite the fact that the certificate effective date is not 48 hours into the future
5. Set-AuthConfig –PublishCertificate
6. Make sure to remove any potential reference to the previous certificate (which might not exist anymore) by doing Set-AuthConfig -ClearPreviousCertificate.
No comments:
Post a Comment