This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(19.2, 46%, 11%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EIH%3C/text%3E%3C/svg%3E)
I have Exchange 2019 DAG with 3 three servers and the issue I am facing is on Exchange Toolbox the error message popup every few time
"Connecting to remote server failed with the following error message : WinRM cannot complete the operation. Verify that the specified computer name is valid, that the computer is accessible over the network, and that a firewall exception for the WinRM service is enabled and allows access from this computer. By default, the WinRM firewall exception for public profiles limits access to remote computers within the same local subnet. For more information, see the about_Remote_Troubleshooting Help topic."
while executing the winrm get winrm/config, the following result shows
"Cannot create a WinRM listener on HTTPS because this machine does not have an appropriate certificate. To be used for SSL, a certificate must have a CN matching the hostname, be appropriate for Server Authentication, and not be expired, revoked, or self-signed."
I just renewed my SSL certificate from Digicert and every thing is working fine from server and client side only the problem is certificate is not showing "Revocation check failed" not the valid status in EAC
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(41.6, 80%, 14%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EAL%3C/text%3E%3C/svg%3E)
Hi @Innocent Heartvoice ,
only the problem is certificate is not showing "Revocation check failed" not the valid status in EAC
What you mean is that when you check the status of a certificate in EAC, the certificate appears in the "invalid" status, and the details show that the revocation check failed?
If I misunderstand this issue, please correct me in time, thank you!
If as described above, please have a check that your CRL URL( Use internet explorer – Security lock – view certificates)
You could refer to this official guidance document from Digicert to resolve the issue of certificate revocation check failure:https://www.digicert.com/kb/util/utility-test-ocsp-and-crl-access-from-a-server.htm
If the above method doesn't work, try clearing the cache on the server and see if it changes:
https://exchangemaster.wordpress.com/tag/crl/
Note: Microsoft provides third-party contact information to help you find additional information about this topic. This contact information may change without notice. Microsoft does not guarantee the accuracy of third-party contact information.
If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.
My mistake, in certificate details in EAC and status is showing "Revocation Check Failed". I already tried to download the .crl files and updated on the server but same problem.
Any idea of WinRM issue, this issue is also related to this SSL certificate error?
Hi,
"Cannot create a WinRM listener on HTTPS because this machine does not have an appropriate certificate. To be used for SSL, a certificate must have a CN matching the hostname, be appropriate for Server Authentication, and not be expired, revoked, or self-signed."
According to my search , to resolve this error, you first need to resolve the issue of certificate revocation check failed.
How to configure WINRM for HTTPS - Windows Client | Microsoft Learn
As a workaround, you could run the following command to configure WinRM authentication and see if it runs successfully. However, the data is not encrypted by this method.
winrm quickconfig
The command worked for me and resolved the certificate revocation check failed issue.
"netsh winhttp set proxy proxy-server="http=myproxy:88;https=sproxy:88" bypass-list= "*.foo.com"
Hi,
Glad to know that you have resolved this issue and thank you for sharing~
After using the above cmdlet to enable Winhttp proxy settings, the revocation check failed error was gone and the certificate status was correct, but EMS was not working. After resetting winhttp proxy settings EMS was working but now same error "revocation check failed".
Please suggest how to set up EMS to work with winhttp proxy settings.