question

fsdg-2871 avatar image
0 Votes"
fsdg-2871 asked ManiBhushan-9381 edited

Exchange certificate renewal-in hybrid environment

Hello,
if I change on-premises Exchange 2013 3rd party certificate and than re-run HCW to attach this new certificate in hybrid enviroment does HCW only change this certificate information or does it change the whole configuration.
Im asking this because I have on premises send connector to O 365 disabled.I dont know why,but does re-running HCW change this connector to enabled or does it change only new certificate information?
71534-1.png


office-exchange-server-administrationoffice-exchange-server-mailflowoffice-exchange-server-connectivityoffice-exchange-hybrid-itpro
1.png (97.2 KiB)
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

AndyDavid avatar image
1 Vote"
AndyDavid answered BobFoglia-9322 published

It should stay disabled.


Note you could just replace the cert, assign SMTP to it and manually update the connectors. Its not required to run the Wizard.

https://practical365.com/exchange-server/configuring-the-tls-certificate-name-for-exchange-server-receive-connectors/

 [PS] C:\>$cert = Get-ExchangeCertificate -Thumbprint DE67EC3C8D679AA35D17678FEC51907272B1BAE2

 [PS] C:\>$tlscertificatename = "<i>$($cert.Issuer)<s>$($cert.Subject)"

 [PS] C:\>Set-ReceiveConnector "EX2016SRV1\HybridRecConnector" -TlsCertificateName $tlscertificatename

Then do the same for the send connector

 Set-SendConnector -Identity “Send Connector Name” -TLSCertificateName $tlscertificatename




· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

In addition to the above, I ran one further step to update the hybrid configuration

Set-HybridConfiguration -TlsCertificateName $tlscertificatename

0 Votes 0 ·
ManiBhushan-9381 avatar image
0 Votes"
ManiBhushan-9381 answered ManiBhushan-9381 edited

If Cert Issuer and Subject is same then only import new certificate and remove old cerificate will work?

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

LucasLiu-MSFT avatar image
1 Vote"
LucasLiu-MSFT answered LucasLiu-MSFT commented

Hi @fsdg-2871 ,
For HCW, renew certificate does not need to re-run the HCW. If you planning to use the certificate for the SMTP service and select the new certificate, then I suggest you re-run the HCW.

After you renew the certificate, you could run the commands provide by Andy to set the certificate bound to the sender connector. Then you could send test email to test the mail flow.

According to check the sender connector in my Exchange hybrid environment. Then send connector to Office 365 is enabled by default. If you need to run HCW, it is recommended that you run the following command line to view the existing HCW settings.

 Get-HybridConfiguration

71920-2.png



If the response is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.






2.png (24.0 KiB)
· 4
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

If you planning to use the certificate for the SMTP service and select the new certificate, then I suggest you re-run the HCW.

Is it posible SMTP on-premise to o 365 hybrid without certificate?

0 Votes 0 ·

Not possible with hybrid - . 3rd party cert required

https://docs.microsoft.com/en-us/exchange/certificate-requirements



1 Vote 1 ·

Hi @fsdg-2871 ,
When configuring a hybrid deployment, we must use and configure certificates that have purchased from a trusted third-party CA.
For more information: Certificate requirements for hybrid deployments



If the response is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.




1 Vote 1 ·

Hi @fsdg-2871 ,
Do suggestions above help? If the issue has been resolved, please click “Accept as answer” to mark helpful reply as an answer, this will make answer searching in the forum easier and be beneficial to other community members as well.

Thanks for your understanding.



If the response is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.


0 Votes 0 ·
fsdg-2871 avatar image
0 Votes"
fsdg-2871 answered AndyDavid commented


Note you could just replace the cert, assign SMTP to it and manually update the connectors. Its not required to run the Wizard.

Thank you for advice.
I thought to do only this without HCW.

· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

That will work.
Honestly, I never run the Wizard unless I need to setup or change the OAuth config.
You never know if something will get changed when its not supposed to.
If the Wizard enables that send connector, go back and disable as soon as you can :)

1 Vote 1 ·