creating new OAuth certificate exchange 2013

Captain Kirk 121 Reputation points

on exchange 2013 (we are in hybrid mode btw) , preparing to upgrade to latest CU23, doing prereqs and found that although I have a certificate named "Microsoft Exchange Server Auth Certificate" and it is assigned to SMTP, it appears I do not have a valid certificate for OAuth. even though everything is working fine.

so I run this in powershell:
Get-AuthConfig).CurrentCertificateThumbprint | Get-ExchangeCertificate | Format-List

and I receive the error:

A special Rpc error occurs on server EXCHANGSERVER: The certificate with thumbprint
blahblahblah was not found.

  • CategoryInfo : NotSpecified: (:) [Get-ExchangeCertificate], InvalidOperationException
  • FullyQualifiedErrorId : [Server=EXCHANGSERVER,RequestId=dfgde3r53dfg33,TimeStamp=11/28/2021 4
    :42:18 PM] [FailureCategory=Cmdlet-InvalidOperationException] CDB48CE5,Microsoft.Exchange.Management.SystemConfigurationTasks.GetExchangeCertificate
  • PSComputerName :

so I go to create new OAuth cert by running this in powershell:

New-ExchangeCertificate -KeySize 2048 -PrivateKeyExportable $true -SubjectName "cn=Microsoft Exchange Server Auth Certificate" -FriendlyName "Microsoft Exchange Server Auth Certificate1" @()

and get this error in return:
A positional parameter cannot be found that accepts argument ''."

as far as I can tell I am following the example correctly, from what I have seen online it does require the .com at the end of my email domain, and that is the only "." i see. can someone point out my mistake?

Exchange Server Management
Exchange Server Management
Exchange Server: A family of Microsoft client/server messaging and collaboration software.Management: The act or process of organizing, handling, directing or controlling something.
7,494 questions
Microsoft Exchange Hybrid Management
Microsoft Exchange Hybrid Management
Microsoft Exchange: Microsoft messaging and collaboration software.Hybrid Management: Organizing, handling, directing or controlling hybrid deployments.
1,995 questions
{count} votes

Accepted answer
  1. Andy David - MVP 145.1K Reputation points MVP

    Needs to be:

    New-ExchangeCertificate -KeySize 2048 -PrivateKeyExportable $true -SubjectName "cn=Microsoft Exchange Server Auth Certificate" -FriendlyName "Microsoft Exchange Server Auth Certificate"   
    -DomainName -Services SMTP  

    If prompted to overwrite the existing SMTP Certificate, choose NO.

0 additional answers

Sort by: Most helpful