Regarding errors after migrating from Exchange Server 2013 to 2019

sakura_snow_blossom 190 Reputation points
2023-09-24T12:00:58.9433333+00:00

thank you

Migrated from ExchangeServer2013 to ExchangeServer2019

I have already uninstalled 2013 because it was necessary to keep the host name the same during migration.

We used a temporary Exchange Server for mailbox migration. This server is currently shut down as we plan to delete it in the future.

Based on what I wrote above, please tell me about the following two things.

  1. About “MSExchange Mitigation Service”

 The error "MSExchange Mitigation Service" (Event ID: 1008) is occurring every hour.

 I understand that this error occurs because a temporary Exchange Server remains and there is no actual harm, but is this correct?

  *There are no mailboxes left on the temporary server

  1. About BackEnd's certificate

  I created an SSL certificate using ADCS for use with Exchange Server.

  I bound the created SSL certificate in IIS

  I bound the created SSL certificate with both "DefaultWebSite (http, port 443)" and "ExchangeBackEnd (http, port 444)" in IIS

 However, I saw an article that says that in ExchangeBackEnd, self-certificates should not be deleted.

  https://learn.microsoft.com/en-us/exchange/troubleshoot/client-connectivity/owa-ecp-ems-cannot-connect-after-self-signed-certificate-removed

 Please tell me whether I should restore the ExchangeBackEnd certificate.

Windows for business | Windows Client for IT Pros | Directory services | Active Directory
Exchange | Exchange Server | Management
Windows for business | Windows Server | User experience | Other
0 comments No comments
{count} votes

Accepted answer
  1. Jarvis Sun-MSFT 10,231 Reputation points Microsoft External Staff
    2023-09-25T07:53:13.0633333+00:00

    Hi @sakura_snow_blossom ,

    Regarding the “MSExchange Mitigation Service” error, you are correct that this error occurs because a temporary Exchange Server remains and there is no actual harm. Since there are no mailboxes left on the temporary server, you can safely ignore this error.

    As for the SSL certificate, it is recommended that you do not delete self-signed certificates in ExchangeBackEnd. Therefore, it is advisable to restore the ExchangeBackEnd certificate. However, if you have already deleted it, you can create a new self-signed certificate and bind it to the ExchangeBackEnd website.


    If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment". 

    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

    1 person found this answer helpful.

1 additional answer

Sort by: Most helpful
  1. Amit Singh 5,306 Reputation points
    2023-09-25T06:04:04.5233333+00:00

    Generally speaking, it is not a good idea to remove the self-signed certificate from the IIS website for ExchangeBackEnd. Exchange does internal server communication using this certificate. The exchange might not run properly if you erase the certificate.

    You can make a new SSL certificate and bind it to the ExchangeBackEnd website if you are concerned about the security of the self-signed certificate. The self-signed certificate should, nonetheless, be backed up in case you ever need to recover it.

    1 person found this answer helpful.

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.