Share via

lost connectivity due to Renewal of Server Auth Certificate

Mohammed Raheem 21 Reputation points
2021-03-16T18:07:06.3+00:00

Hi,

I am running Exchange on premises Exchange Sever 2013 Server, My server showed up that there are two certificates expired as below:

  1. Microsoft Exchange Server Auth Certificate.
  2. Microsoft Exchange Certificate.

I renewed it and suddenly found that all users lost connectivity to my exchange even web console wouldn't open.
i went through some blogs and found by selecting the Microsoft Exchange Certificate in bindings of exchange back end i got my web restored.

with Auth Certificate I used the following commands

Get-AuthConfig | fl

Set-AuthConfig -NewCertificateThumbprint <paste the thumbprint> –NewCertificateEffectiveDate $dt

effective date was a day ahead 

Set-AuthConfig –PublishCertificate

with this command it asked me Yes, Yes to all, No, and No to all by default was "y"
which i pressed and it went through.

Finally, clear any previous certificate used: 

Set-AuthConfig –ClearPreviousCertficate

and then i went for an IIS RESET. successfull

after which 2 hours passed and I still have no connections.

i finally ran (Get-AuthConfig).CurrentCertificateThumbprint | Get-ExchangeCertificate

to see if the certificate is installed, it shows the new thumbprint.

please help on this issue.

Thanks
Abdul Raheem

Exchange | Exchange Server | Management
Accepted answer
  1. Kael Yao 37,751 Reputation points Moderator
    2021-03-17T02:47:57.737+00:00

    Hi, @Mohammed Raheem

    Do you have some third-party certificates on your Exchange server? Or do you use the default Exchange self-signed certificate?

    If you only use the Exchange self-signed certificate, you may need to export and re-import the renewed certificates to the client devices.
    Otherwise, the devices won't trust the certificate as indicated by the warning message in OWA.

    By default, the "Microsoft Exchange" Certificate is assigned to the IIS,SMTP,POP,IMAP services which are responsible for OWA and Outlook access.
    And you may need to export and import it to the client devices.

    If the response is helpful, please click "Accept Answer" and upvote it.
    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

1 additional answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Mohammed Raheem 21 Reputation points
    2021-03-17T02:55:31.54+00:00

    Many Thanks to you KaelYao,

    I was just going through Andy and YJoe's link
    https://learn.microsoft.com/en-us/answers/questions/100526/exchange-2013-self-signed-cert-renewal-issue.html

    and i found that iis is also required to be assigned to the third party certificate which i did and all started working.

    somehow i couldn't figure it our how it came out where i didnt touch it though.

    Thanks and regards
    Abdul Raheem

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.