2,309 questions
I figured it out, thanks to this article: https://blog.matrixpost.net/category/office-365/page/5/
My mistake was that when I installed the certificate on Edge for the SMTP service, I was replacing the original one.
hybrid Exchange with Edge.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(304, 60%, 39%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EA%3C/text%3E%3C/svg%3E)
Андрей Михалевский
3,451
Reputation points
Hello. I have three mailbox servers and one Edge.
The mailbox servers have a purchased wildcard certificate.
- After setting up the hybrid configuration, I can't receive emails from EXO and can't send there.
In EXO in the connector to send to my servers, I turned off TLS verification. The emails started coming from EXO.
But I cannot send to EXO from my local servers.
When I set up the hybrid configuration, Edge uses the certificate from the mailbox servers. But I get an error when I send email to EXO:
[{LED=451 4.4.395 Target host responded with error. -> 421 4.4.1 Connection timed out};{MSG=};{FQDN=resoleasing-mail-onmicrosoft-com.mail.protection.outlook.com};{IP=104.47.14.36};{LRT=16.09.2021 11:50
:19}]
- As I understand it, I need to install a commercial certificate on the SMTP service, but then I can't do the subscription since I can't use one generic certificate.
- Do I understand correctly that when using a hybrid configuration with Edge, I need to buy 1 more certificate or what should I do ? I can't use the one generic certificate I bought and use on the mailbox servers ?
Translated with www.DeepL.com/Translator (free version)
Exchange | Hybrid management
Accepted answer
1 additional answer
Sort by: Most helpful
-
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(25.6, 67%, 12%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EJS%3C/text%3E%3C/svg%3E)
Joyce Shen - MSFT 16,701 Reputation points2021-09-17T01:50:59.723+00:00 What's your on-prem Exchange server version? Like you said, your issue is related to your certificate does not have a private key.
And the two links discussed about the similar issue as yours:
Certificate error in Edge Transport server in Hybrid Environment
EXCHANGE HYBRID TLS NEGOTIATION FAILED WITH ERROR NOCREDENTIALS
Please Note: Since the web site is not hosted by Microsoft, the link may change without notice. Microsoft does not guarantee the accuracy of this information.Try the solution below to fix your issue:
1) Set selfsigned cert as default for SMTP. Subscribe Edge.
2) Set wildcard cert as SMTP cert. Assign TlsCertificateName to receive connector.$cert = Get-ExchangeCertificate -Thumbprint <3rd party cert thumbprint> $tlscertificatename = "<i>$($cert.Issuer)<s>$($cert.Subject)" Set-ReceiveConnector "EDGE SERVER\Default internal receive connector EDGE SERVER" -TlsCertificateName $tlscertificatename3) restart transport service
4) check certificate in use from internet:
openssl s_client -connect edge.contoso.com:25 -starttls smtp
If an Answer is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.