Share via

Manually renew hisconnectorregistrationca.msappproxy.net certificate

jremmc 56 Reputation points
2020-09-08T20:58:31.01+00:00

Needed to manually renew the hisconnectorregistrationca .msappproxy .net certificate (spaces intentional to prevent hyperlink). Did not have necessary URLs bypassed in our proxy.

On the Azure AD Connect sync server, Import-Module AppProxyPSModule followed by Register-AppProxyConnector worked, I now have a new certificate that expires 6 months from now.

On the authentication-agent-only server with a later version agent, Import-Module AppProxyPSModule returns invalid module. From what I found searching, AppProxyPSModule was replaced with PassthroughAuthPSModule in later agent versions, which could explain the invalid module error. But what is the equivalent command (meaning, the PassthroughAuthPSModule equivalent command of Register-AppProxyPSModule) to renew the certificate?

OR, can I export the renewed certificate from the AD Connect sync server and import it into the authentication-agent-only server?

Thanks,
Joan

Microsoft Security | Microsoft Entra | Microsoft Entra ID
Accepted answer
  1. VipulSparsh-MSFT 16,311 Reputation points Microsoft Employee
    2020-09-24T10:42:12.087+00:00

    @jremmc Thanks for reaching out and apologies for delay on this.

    Azure AD assigns each Authentication Agent a unique, digital-identity certificate that it can use for secure communication with Azure AD so the same certification cannot be used for another authentication agent. So you cannot export the certificate from one server and import for other authentication agent.

    You would need to register the authentication agent as per this article :
    https://learn.microsoft.com/en-us/azure/active-directory/hybrid/how-to-connect-pta-quick-start

    RegisterConnector.ps1 -modulePath "C:\Program Files\Microsoft Azure AD Connect Authentication Agent\Modules\" -moduleName "PassthroughAuthPSModule" -Authenticationmode Credentials -Usercredentials $cred -Feature PassthroughAuthentication

    Usually the certificate is renewed automatically, but if for some reason if its expired the passthrough agent will not be available and it will be deleted.

    If the suggested response helped you resolve your issue, please do not forget to accept the response as Answer and "Up-Vote" for the answer that helped you for benefit of the community.

    1 person found this answer helpful.

0 additional answers

Sort by: Most helpful
Most helpful Newest Oldest

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.