7,925 questions
I would keep it current. Even if not being used.
You can use these steps :
https://learn.microsoft.com/en-us/exchange/renew-the-federation-certificate-exchange-2013-help
or run the Hybrid Wizard.
Exchange 2019 Delegation Federation certificate expired hybrid
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(233.6, 1%, 32%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EJD%3C/text%3E%3C/svg%3E)
Jan De Smet
66
Reputation points
Hello we have an exchange 2019 onprem, hybrid configuration. We use the exchange onprem for user mgmt and internal relaying only. No mailboxes onprem anymore.
We noticed our Exchange Delegation Federation certificate expired a while ago. I was wondering, do we need to renew this certificate in our deployment? or can we remove this certificate? I did notice there was a federation set up.
Or can we renew this certificate by rerunning the HCW?
thanks
Exchange | Exchange Server | Management
Exchange | Hybrid management
2,310 questions
{count} vote
-
KyleXu-MSFT 26,396 Reputation points2022-05-23T09:20:17.59+00:00 @Jan De Smet
I am writing here to confirm with you any update about this thread now.
If the suggestion below helps, please feel free to accept it as an answer to close this thread. It also could be beneficial to other community members reading this thread.
Sign in to comment
Accepted answer
-
Andy David - MVP 157.8K Reputation points MVP Volunteer Moderator2022-05-16T11:06:24.24+00:00
3 additional answers
Sort by: Most helpful
-
KyleXu-MSFT 26,396 Reputation points
2022-05-17T07:23:13.457+00:00 I agree with AndyDavid‘s suggestion.
Follow the "Replace an expired federation certificate" part in the article that AndyDavid provided. An expired or missing certificate will cause a lot of errors in Event Viewer.
Due to there still exist hybrid in your organization, it is suggested to renew this certificate.
If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.
-
Jan De Smet 66 Reputation points
2022-05-17T12:55:59.737+00:00 Hi,
The instructions on this page only suggest to remove the federated domains and the trust.
When they are removed, I just recreate it via the ECP?
https://learn.microsoft.com/en-us/exchange/configure-a-federation-trust-exchange-2013-helpRerunning the HCW did not renew the certificate. Maybe it renews the trust, but it did not renew the certificate.
Thanks
-
Andy David - MVP 157.8K Reputation points MVP Volunteer Moderator
2022-05-17T13:06:07.53+00:00 If the trust already exists you just need to renew the cert
https://learn.microsoft.com/en-us/exchange/renew-the-federation-certificate-exchange-2013-help
Sign in to comment -
-
Jan De Smet 66 Reputation points
2022-06-14T10:38:48.35+00:00 Hello, I removed the Federation.
I followed the instructions here: https://learn.microsoft.com/en-us/exchange/renew-the-federation-certificate-exchange-2013-helpI also renewed the Federation via EAC: https://learn.microsoft.com/en-us/exchange/configure-a-federation-trust-exchange-2013-help
All is looking good now;
Many thanks