Share via

Renew expired exchange delegation federation certificate

Chong 871 Reputation points
2021-07-29T09:13:58.43+00:00

Hi Support,

We have 2 x exchange 2013 Hybrid servers in root domain and around 12 x exchange 2016 MBX servers in root and subdomain. Since EX2013 will end of life, we planned to migrate the Hybrid server to EX2016.

Each exchange servers have a “delegation federation certificate”, some of them valid and some of them expired. When we run the hybrid wizard in new EX2016 Hybrid server, will all of these certificate renew?
Or we need to remove the federation domain from the trust to renew the certificate as this documents: Renew the federation certificate: Exchange 2013 Help | Microsoft Learn ?
Any impact if we remove the domain from the trust?

Thanks
Chong

Exchange | Hybrid management
0 comments
Accepted answer
  1. KyleXu-MSFT 26,396 Reputation points
    2021-07-30T09:29:19.627+00:00

    @Chong

    If this certificate expired, you will get error about free/busy, so you need to renew this certificate if it expired.

    In your organization, if the exchange delegation federation certificate on root Exchange 2016 isn't expired, you could try to run HCW to switch hybrid server from Exchange 2013 to Exchange 2016 first. If you cannot run HCW, then try to renew all expired certificate. Even if you can run HCW successfully, you may still encounter problems about free/busy afterwards.

    If the response is helpful, please click "Accept Answer" and upvote it.
    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

3 additional answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Andy David - MVP 157.8K Reputation points
    2021-07-29T11:23:02.537+00:00
    0 comments
  2. Chong 871 Reputation points
    2021-07-30T04:36:58.573+00:00

    Hi @Andy David - MVP ,

    So we should follow the link to recreate the trust first before run the hybrid wizard.

    We have more than 10 subdomain and the federation certificate in those domain Exchange servers were expired (only the root domain and 1 subdomain Exchange is renew and valid, I don't know why), what is the impact of those domain if remove the domain trust?

    Best Regards
    Chong

  3. Chong 871 Reputation points
    2021-08-20T01:55:45.107+00:00

    Hi @KyleXu-MSFT and @Andy David - MVP ,

    Before I renew the federation cert and re-run the HCW, I found the subdomain user still work on the free/busy between on-premise Exchange and Exchange Online, even the subdomain exchange server's federation certificate is invalid (the certificate of hybrid server in root domain is valid).

    Why the free/busy work in our environment?
    As our user account located on subdomain exchange database but the email address is using root domain, do this setting cause the federation still valid so the free/busy work?

    Do I still need to remove the federation domain trust to renew the federation certificate for those subdomain exchange?

    Thanks

    Best Regards
    Chong

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.