question

RodrigoRocha-6311 avatar image
0 Votes"
RodrigoRocha-6311 asked ·

Certificate trust validation failed

After running the Microsoft Remote Connectivity Analyzer, we received a connectivity test fail while testing the certificate:

Testing the SSL certificate to make sure it's valid.

The SSL certificate failed one or more certificate validation checks.

     Certificate trust is being validated.

        Certificate trust validation failed.

The Microsoft Connectivity Analyzer is attempting to build certificate chains for certificate CN=...

A certificate chain couldn't be constructed for the certificate.

Additional Details

   The certificate chain has errors. Chain status = NotTimeValid.

Any idea on how to fix this?

adfs
· 1
10 |1000 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Hello,
Is that certificate expired?

Thanks,
Manu

0 Votes 0 ·

1 Answer

RodrigoRocha-6311 avatar image
0 Votes"
RodrigoRocha-6311 answered ·

We had a certificate expire a few months ago, and we replaced it on the ad fs servers.

The one we are using right now should be valid until 2022.

Is is possible the Exchange online is still using the old one?

· 4 ·
10 |1000 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Hi,
Please check Using Powershell

Get-MsolFederationProperty -DomainName "your domain name"

If it shows expired certificate, you can update it as follows:

Update-MsolFederatedDomain –DomainName "your domain name"

And check again with the first cmdlet



Please mark as "Accept the answer" if the above steps helps you. Others with similar issues can also follow the solution as per your suggestion

Regards,

Manu

0 Votes 0 ·

Hello again Manu, thanks for your reply!

after executing the command on our server, the certificate it shows us seems to be valid.

J will attach the result here, without the domain9005-powershell.txt



was the result corret?

Thanks for the help so far.

Rodrigo

0 Votes 0 ·
powershell.txt (2.8 KiB)

Hello Rodrigo,

Thanks for providing more details. Looks like you need to update the new certificate for service connections
Following steps should resolve the issue

  1. Get the thumbprint of the new certificate

  2. Open PowerShell as ADFS service account (Shift right click in PowerShell shortcut and select Run as different user)

  3. Add-PsSnapin Microsoft.Adfs.PowerShell

  4. Set-AdfsCertificate -CertificateType "Service-Communications" -Thumbprint "thumbprint copied in first step"



Please mark as "Accept the answer" if the above steps helps you. Others with similar issues can also follow the solution as per your suggestion

Regards,

Manu

0 Votes 0 ·
Show more comments