Exchange Delegation Federation certificate expired

WW-6729 371 Reputation points
2021-03-22T17:30:06.887+00:00

Hello! Need help with expired Exchange Delegation Federation certificate. I've managed to renew the certificate following this MS sites:

https://learn.microsoft.com/en-us/exchange/renew-the-federation-certificate-exchange-2013-help#replace-an-expired-federation-certificate

https://learn.microsoft.com/en-us/exchange/configure-a-federation-trust-exchange-2013-help

We have hybrid environment where our on-prem users can't see our online users free/busy calendar information. This was because our Exchange Delegation Federation certificate expired. After we renew it the free/busy problem stayed. We figured that it might be the problem with Auth Configuration (get-authconfig |fl) for CurrentCertificateThumbprint value where this value is still from the previous Exchange Delegation Federation certificate.

Does anybody have experience with this? If we change this value to our new Exchange Delegation Federation certificate thumbprint is there any steps to do after changing that value? Some sites mention that we need to publish this certificate and also start HCW (this site: http://www.wave16.com/2018/06/test-oauthconnectivity-errormissing.html)

Will changing this Auth Configuration value for CurrentCertificateThumbprint to our new CurrentCertificateThumbprint have impact on our mail-flow or something else?

Is it possible to auto-renew this certificate?

Thank you!

Microsoft Exchange Hybrid Management
Microsoft Exchange Hybrid Management
Microsoft Exchange: Microsoft messaging and collaboration software.Hybrid Management: Organizing, handling, directing or controlling hybrid deployments.
1,881 questions
0 comments

2 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. KyleXu-MSFT 26,206 Reputation points
    2021-03-23T07:34:41.87+00:00

    @GK-6729

    The "get-authconfig" is used to check the "Microsoft Exchange Server Auth Certificate" which different from "Exchange Delegation Federation certificate". You can follow this article to renew this certificate and clear old certificate.
    Please Note: Since the web site is not hosted by Microsoft, the link may change without notice. Microsoft does not guarantee the accuracy of this information.

    After modify those two certificates, I would suggest you rerun HCW to update this configuration.

    The renewal procedure is simple and will not affect mail flow. But the best practice is to modify the Exchange server when it is idle.

    If the response is helpful, please click "Accept Answer" and upvote it.
    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

  2. WW-6729 371 Reputation points
    2021-03-29T08:43:30.147+00:00

    Hello KyleXu, thank you for the response.

    Will things work if I just put the thumbprint of our new Exchange Delegation Federation certificate under Auth Configuration? This was obviously done first time because I have no explanation why Auth Configuration has thumbprint of our old Exchange Delegation Federation certificate. Is this type of configuration acceptable or MS recommends to have one certificate for Exchange Delegation Federation and one certificate for Auth Configuration?

    If we go with the creation of a new Auth Configuration certificate will it have impact on something in our environment because i see that this certificate is used also for Lync, Sharepoint...?

    Thank you!