question

CatherineJaszewski-5685 avatar image
0 Votes"
CatherineJaszewski-5685 asked LucasLiu-MSFT answered

Exchange 2019 Send Connector Issues After Installing 2nd Mailbox Server

I recently installed a second Exchange 2019 Mailbox Server. Using EAC, I exported the Go Daddy Ceritificate from the 1st Exchange Mailbox Server and Imported to the 2nd Exchange Mailbox server. Again using EAC, I added the services IMAP, POP, IIS and SMTP to the certificate and received a warning regarding overwriting a thumbprint (I think). I clicked on cancel but too late as the certificate included all 4 services.

Within about 5 minutes I noticed the smart connector queue on my Edge Transport server (which now includes the new server) was not routing emails to the mailbox servers. I immediately removed the Go Daddy Certificate from the second Exchange server and re-imported it but this time when adding services I left off the SMTP service.

This did not resolve the issue with my smart connector queue.

I have to shutdown the second exchange server in order for the Smart Connector Queue to route email to the Mailbox servers.

I think I need to include the SMTP service on the certificate for the second exchange server and then verify the certificate has the correct thumbprint on the second exchange server.

Does the Go Daddy certificate on the second Exchange Server require the SMTP service?

Is there something else I am missing in configuring the Send Connectors?

Please advise.

Thank you,

office-exchange-server-administration
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

1 Answer

LucasLiu-MSFT avatar image
0 Votes"
LucasLiu-MSFT answered

Hi @CatherineJaszewski-5685 ,
We could know the role fo the SMTP service in certificate in the Micorsoft’s official atrilce. So SMTP service is necessary. It will encrypt the mail flow between Exchange and other servers and clients.

TLS encryption for external SMTP client and server connections.
Mutual TLS authentication between Exchange and other messaging servers.
When you assign a certificate to SMTP, you're prompted to replace the default Exchange self-signed certificate that's used to encrypt SMTP communication between internal Exchange servers. Typically, you don't need to replace the default SMTP certificate.

1.Please try to following the steps to assign a certificate to Exchange servercs, then please run the “IISReset” in the CMD started as administrator to reset the IIS. And please make sure that the certificate contain correct host names. It must contain at least mail.contoso.com and autodiscover.contoso.com.

Open EAC -> Servers –> Certificates -> Select the certificate -> Edit ->Services -> Specify the services you want to assign this certificate to

For more information please refer to: Assign certificates to Exchange Server services and Digital certificates and encryption in Exchange Server

2.About send connector, please make sure you configure address spaces, scope and source servers correctly. Please refer to: Send connectors



If the response is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.





5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.