WinRM error on Exchange 2019

Innocent Heartvoice 286 Reputation points
2022-09-27T07:34:00.027+00:00

I have Exchange 2019 DAG with 3 three servers and the issue I am facing is on Exchange Toolbox the error message popup every few time

"Connecting to remote server failed with the following error message : WinRM cannot complete the operation. Verify that the specified computer name is valid, that the computer is accessible over the network, and that a firewall exception for the WinRM service is enabled and allows access from this computer. By default, the WinRM firewall exception for public profiles limits access to remote computers within the same local subnet. For more information, see the about_Remote_Troubleshooting Help topic."

while executing the winrm get winrm/config, the following result shows

"Cannot create a WinRM listener on HTTPS because this machine does not have an appropriate certificate. To be used for SSL, a certificate must have a CN matching the hostname, be appropriate for Server Authentication, and not be expired, revoked, or self-signed."

I just renewed my SSL certificate from Digicert and every thing is working fine from server and client side only the problem is certificate is not showing "Revocation check failed" not the valid status in EAC

Exchange Server Management
Exchange Server Management
Exchange Server: A family of Microsoft client/server messaging and collaboration software.Management: The act or process of organizing, handling, directing or controlling something.
7,390 questions
0 comments No comments
{count} votes

Accepted answer
  1. Aholic Liang-MSFT 13,821 Reputation points Microsoft Vendor
    2022-09-28T03:26:56.997+00:00

    Hi @Innocent Heartvoice ,

    only the problem is certificate is not showing "Revocation check failed" not the valid status in EAC

    What you mean is that when you check the status of a certificate in EAC, the certificate appears in the "invalid" status, and the details show that the revocation check failed?
    If I misunderstand this issue, please correct me in time, thank you!

    If as described above, please have a check that your CRL URL( Use internet explorer – Security lock – view certificates)
    245355-2022-9-28-1.png
    You could refer to this official guidance document from Digicert to resolve the issue of certificate revocation check failure:https://www.digicert.com/kb/util/utility-test-ocsp-and-crl-access-from-a-server.htm
    If the above method doesn't work, try clearing the cache on the server and see if it changes:
    https://exchangemaster.wordpress.com/tag/crl/

    Note: Microsoft provides third-party contact information to help you find additional information about this topic. This contact information may change without notice. Microsoft does not guarantee the accuracy of third-party contact information.


    If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".
    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

    0 comments No comments

1 additional answer

Sort by: Most helpful
  1. Innocent Heartvoice 286 Reputation points
    2022-09-28T04:36:28.42+00:00

    My mistake, in certificate details in EAC and status is showing "Revocation Check Failed". I already tried to download the .crl files and updated on the server but same problem.

    Any idea of WinRM issue, this issue is also related to this SSL certificate error?