Receive-connector - Migration to o365 - TLS certname

Marek G 171 Reputation points

Hi all,

pls i try set in receive connector on edge server certificate tlscertname, but everyone end wih error:

set-ReceiveConnector : An Active Directory Constraint Violation error occurred on localhost. Additional information: A
value for the attribute was not in the acceptable range of values.
Active directory response: 00002082: AtrErr: DSID-03151E5C, #1:
0: 00002082: DSID-03151E5C, problem 1005 (CONSTRAINT_ATT_TYPE), data 0, Att 9ca484c4 (msExchSmtpTLSCertificate):len 520
At line:1 char:1

  • set-ReceiveConnector -Identity "Edge1\Default internal receive ...
  • ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  • CategoryInfo : NotSpecified: (:) [Set-ReceiveConnector], ADConstraintViolationException
  • FullyQualifiedErrorId : [Server=Edge1,RequestId=weqqq-ewed-4d9a-a01d-55bc943260f7,TimeStamp=28.10.2022
    10:09:06] [FailureCategory=Cmdlet-ADConstraintViolationException] 266047D0,Microsoft.Exchange.Management.SystemCon


it is from certificate from

O = První certifikační autorita, a.s.
CN = I.CA SSL CA/RSA 07/2015
C = CZ

Exchange is in version 2019CU11
thanx for any ideas ;)

Microsoft Exchange Hybrid Management
Microsoft Exchange Hybrid Management
Microsoft Exchange: Microsoft messaging and collaboration software.Hybrid Management: Organizing, handling, directing or controlling hybrid deployments.
1,985 questions
{count} votes

Accepted answer
  1. Rafael da Rocha 5,091 Reputation points

    Hello @Marek G ,

    Here's a KB for the same error, although in a different product:

    Use the steps at the bottom of the page to check the rangeUpper property of "CN=ms-Exch-Smtp-TLS-Certificate" using ADSI Edit.
    According to documentation, Exchange 2019 should have this value set at 1024 by default:

    Active Directory schema changes in Exchange Server - Attributes modified by Exchange 2019 RTM


    If this or any other reply helped solve your question, please remember to upvote and/or "Accept Answer".
    It helps others facing similar issues find the solution.

3 additional answers

Sort by: Most helpful
  1. Marek G 171 Reputation points

    I look to ADSI edit, but in local ADAM is not this attribute.... :(

    0 comments No comments

  2. KyleXu-MSFT 26,236 Reputation points

    @Marek G

    How did you set certificate for your connector?

    I would suggest you try to delete this connector, then rerun HCW to create new one, you can also assign certificate to connector from HCW.

    If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".
    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

    0 comments No comments

  3. Amit Singh 4,866 Reputation points

    Check this article for more insight -

    Please Note: Since Microsoft does not host the website, the link may change without notice. Microsoft does not guarantee the accuracy of this information.

    0 comments No comments