Regarding errors after migrating from Exchange Server 2013 to 2019

Question

Regarding errors after migrating from Exchange Server 2013 to 2019

sakura_snow_blossom 190

thank you

Migrated from ExchangeServer2013 to ExchangeServer2019

I have already uninstalled 2013 because it was necessary to keep the host name the same during migration.

We used a temporary Exchange Server for mailbox migration. This server is currently shut down as we plan to delete it in the future.

Based on what I wrote above, please tell me about the following two things.

About “MSExchange Mitigation Service”

　The error "MSExchange Mitigation Service" (Event ID: 1008) is occurring every hour.

　I understand that this error occurs because a temporary Exchange Server remains and there is no actual harm, but is this correct?

　 *There are no mailboxes left on the temporary server

About BackEnd's certificate

　 I created an SSL certificate using ADCS for use with Exchange Server.

　 I bound the created SSL certificate in IIS

　 I bound the created SSL certificate with both "DefaultWebSite (http, port 443)" and "ExchangeBackEnd (http, port 444)" in IIS

　However, I saw an article that says that in ExchangeBackEnd, self-certificates should not be deleted.

　 https://learn.microsoft.com/en-us/exchange/troubleshoot/client-connectivity/owa-ecp-ems-cannot-connect-after-self-signed-certificate-removed

　Please tell me whether I should restore the ExchangeBackEnd certificate.

Accepted answer

1 additional answer

Your answer

Answer 1

Jarvis Sun-MSFT 10,231 Microsoft External Staff

Hi @sakura_snow_blossom ,

Regarding the “MSExchange Mitigation Service” error, you are correct that this error occurs because a temporary Exchange Server remains and there is no actual harm. Since there are no mailboxes left on the temporary server, you can safely ignore this error.

As for the SSL certificate, it is recommended that you do not delete self-signed certificates in ExchangeBackEnd. Therefore, it is advisable to restore the ExchangeBackEnd certificate. However, if you have already deleted it, you can create a new self-signed certificate and bind it to the ExchangeBackEnd website.

If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".

Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

sakura_snow_blossom 190 Reputation points

2023-09-25T12:30:08.1733333+00:00

Hi@Jarvis Sun-MSFT

thank you for your reply.

Regarding the “MSExchange Mitigation Service” error, you are correct that this error occurs because a temporary Exchange Server remains and there is no actual harm. Since there are no mailboxes left on the temporary server, you can safely ignore this error.

I understand that there is no problem in ignoring it.

I plan to delete the temporary Exchange Server, so I would like to ignore the error until then.

As for the SSL certificate, it is recommended that you do not delete self-signed certificates in ExchangeBackEnd. Therefore, it is advisable to restore the ExchangeBackEnd certificate. However, if you have already deleted it, you can create a new self-signed certificate and bind it to the ExchangeBackEnd website.

I changed the binding of ExchangeBackEnd to SSL certificate, but I left the self-certificate without deleting it. I am thinking of not restoring the binding until there is a problem using Exchange Server, but should I restore it immediately?
Jarvis Sun-MSFT 10,231 Reputation points Microsoft External Staff

2023-09-27T07:54:25.3666667+00:00

@sakura_snow_blossom

To ensure the smooth functioning of your Exchange Server, it is generally recommended to assign a valid SSL certificate to the Exchange services. Assigning a certificate to the Exchange services is essential for encryption and secure communication between clients and servers. If you have left the self-signed certificate without deleting it, it is advisable to assign another certificate to the services and then remove the self-signed certificate.

However, if you are confident that your Exchange Server is functioning correctly and you have no immediate need to restore the binding, you can choose to monitor the server for any issues. In case you encounter any problems with the Exchange Server, you should promptly restore the binding with a valid SSL certificate.
sakura_snow_blossom 190 Reputation points

2023-09-27T16:41:33.8233333+00:00

@Jarvis Sun-MSFT

thank you for your reply.

However, if you are confident that your Exchange Server is functioning correctly and you have no immediate need to restore the binding, you can choose to monitor the server for any issues. In case you encounter any problems with the Exchange Server, you should promptly restore the binding with a valid SSL certificate.

ExchangeServer seems to be working correctly, so I would like to continue to monitor the situation.

If a problem occurs, can you refer to the link below for how to unbind the certificate?

https://learn.microsoft.com/en-us/exchange/troubleshoot/client-connectivity/owa-ecp-ems-cannot-connect-after-self-signed-certificate-removed
Jarvis Sun-MSFT 10,231 Reputation points Microsoft External Staff

2023-09-28T02:10:06.9733333+00:00

@sakura_snow_blossom

Yes, that's exactly what I want to share. Hope things going well~
sakura_snow_blossom 190 Reputation points

2023-09-30T09:11:29.77+00:00

@Jarvis Sun-MSFT

thank you for your reply.

If you have any trouble, please refer to the site.

The “MSExchange Mitigation Service” error occurs even after uninstalling the temporary Exchange Server.

I would like to ask a separate question regarding this.

Thank you very much for helping me

Answer 2

Amit Singh 5,306

Generally speaking, it is not a good idea to remove the self-signed certificate from the IIS website for ExchangeBackEnd. Exchange does internal server communication using this certificate. The exchange might not run properly if you erase the certificate.

You can make a new SSL certificate and bind it to the ExchangeBackEnd website if you are concerned about the security of the self-signed certificate. The self-signed certificate should, nonetheless, be backed up in case you ever need to recover it.

sakura_snow_blossom 190 Reputation points

2023-09-25T12:18:47.0733333+00:00

Hi@Amit Singh

thank you for your reply.

Exchange does internal server communication using this certificate

Is it correct to understand that communication with internal servers is "communication with other Exchange Servers in the same domain"?

If so, I plan to temporarily delete ExchangeServer, so will there be no impact even if I don't change ExchangeBackEnd's certificate binding back to self-certificate?

You can make a new SSL certificate and bind it to the ExchangeBackEnd website if you are concerned about the security of the self-signed certificate. The self-signed certificate should, nonetheless, be backed up in case you ever need to recover it.

The certificate bound to ExchangeBackEnd is an SSL certificate, but the self-certificate is left as it is without being deleted.If a problem occurs when using Exchange Server, I would like to restore the binding, but I should restore it immediately. Is not it

*A few people were unable to log in to "OfficeOnTheWeb," but this was resolved by clearing the cache on the PC, so we plan to continue using it as is.

Share via

Regarding errors after migrating from Exchange Server 2013 to 2019

1 additional answer

Your answer