Microsoft.EnterpriseCloud.Monitoring.MicrosoftMonitoringAgent expires, how to renew

Wenk, Patric 25 Reputation points
2024-03-27T14:05:16.75+00:00

We are using an Exchange hybrid solution and the certificate for Microsoft.EnterpriseCloud.Monitoring.MicrosoftMonitoringAgent is expiring.

Exchange says this certificate is self-signed, but I don't know where to get a new one.

Which certificate is it and how can I renew it?

I have already tried to see what options I have via the "renew" button and exchange reported that the friendly name was too long.

What options do I have to renew this certificate?

Best Regards,

Patric

Microsoft Exchange Hybrid Management
Microsoft Exchange Hybrid Management
Microsoft Exchange: Microsoft messaging and collaboration software.Hybrid Management: Organizing, handling, directing or controlling hybrid deployments.
1,886 questions
0 comments
Accepted answer
  1. Ke Zhang-MSFT 230 Reputation points Microsoft Vendor
    2024-03-28T07:48:52.2333333+00:00

    Hi Patric,

     

    This certificate is MMA certificate, which is automatically created during the MMA installation process, and it plays a crucial role in ensuring secure communication within your monitoring environment.

    If you want to view the MMA certificate, you could use the Get-ExchangeCertificate cmdlet to view all Exchange certificates that are installed on Exchange servers.

     

    There are two ways to renew an exchange self-signed certificate, including EAC and powershell.

    Given you’ve already clicked the renew button, which means you’ve probably already tried EAC,  I suggest you to try the command to solve the problem:

     

    Get-ExchangeCertificate -Thumbprint <Thumbprint> | New-ExchangeCertificate [-Force] [-PrivateKeyExportable <$true | $false>]

     

    example :This example renews a self-signed certificate on the local Exchange server, and uses the following settings:

    The thumbprint value of the existing self-signed certificate to renew is BC37CBE2E59566BFF7D01FEAC9B6517841475F2D

    The Force switch replaces the original self-signed certificate without a confirmation prompt.

    The private key is exportable. This allows you to export the certificate and import it on other servers.

    Get-ExchangeCertificate -Thumbprint BC37CBE2E59566BFF7D01FEAC9B6517841475F2D | New-ExchangeCertificate -Force -PrivateKeyExportable $true

     

    To find the thumbprint value of the certificate that you want to renew, run the following command:

    Get-ExchangeCertificate | where {$_.IsSelfSigned -eq $true} | Format-List FriendlyName,Subject,CertificateDomains,Thumbprint,NotBefore,NotAfter

     

     

    I hope this answer was helpful.

     

    Best,

    kellyzhang

    1 person found this answer helpful.

1 additional answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Deleted

    This answer has been deleted due to a violation of our Code of Conduct. The answer was manually reported or identified through automated detection before action was taken. Please refer to our Code of Conduct for more information.

    Comments have been turned off. Learn more