Unable to set Exchange Hybrid Server send-connector certificate

Rick Danforth 96 Reputation points
2021-09-14T15:39:06.23+00:00

I have created a new externally signed certificate for our Hybrid Exchange server. It has been enabled for both IIS and SMTP, and we have restarted the server twice. The new certificate shows up as being enabled for SMTP.

However, when we are trying to run the commands to replace the send-connector certificate, as seen131909-exc-cert2.png in image, we get the error:

The given certificate is not enabled for SMTP protocol. Only certificates enabled for SMTP protocol can be set on Send
Connectors. To enable a certificate for SMTP, please use 'Enable-ExchangeCertificate' cmdlet.

The certificate definitely appears to be enabled for SMTP, and we have restarted the server twice since this. Could anyone please suggest to me why this error would still appear?

For added context, this is the only Exchange Hybrid server in our environment. And all commands are being run from it.

Exchange Server Management
Exchange Server Management
Exchange Server: A family of Microsoft client/server messaging and collaboration software.Management: The act or process of organizing, handling, directing or controlling something.
7,435 questions
Microsoft Exchange Hybrid Management
Microsoft Exchange Hybrid Management
Microsoft Exchange: Microsoft messaging and collaboration software.Hybrid Management: Organizing, handling, directing or controlling hybrid deployments.
1,959 questions
{count} votes

2 answers

Sort by: Most helpful
  1. Andy David - MVP 143.8K Reputation points MVP
    2021-09-14T16:52:23.397+00:00

    Any help from:
    https://learn.microsoft.com/en-us/answers/questions/58292/hybrid-configuration-wizard-says-certificate-has-n.html

    Came across this issue in our environment trying to add new servers to an existing send connector - the cmdlet I was using was Set-Sendconnector -SourceTransportServers @{add='SERVERNAME'} which is in effect re-adding all existing servers and the new server to the connector. I found that the error was not related to the new server but somehow one of the existing servers did not have the SMTP service assigned to the cert used by the send connector. Running Enable-ExchangeCertificate on the existing server and then re-running the additions to the send connector resolved the issue.


  2. DanW 1 Reputation point
    2022-06-08T01:29:03.497+00:00

    I had the same problem recently on send connector becuase one of my servers did not have SMTP enabled, but the one i was working from did so it was confusing, all servers with the scoped connected need SMTP enabled for that cert otherwsie you'll get the error.

    0 comments No comments