The other day, a colleague of mine experienced an issue when updating the certificate for one of his Exchange servers. After using the EAC to update the certificate, the Exchange Management Shell would not start and give the following error:
New-PSSession : [server.domain.com] Connecting to remote server server.domain.com failed with the following error message : [ClientAccessServer=server,BackEndServer=server.domain.com,RequestId=357032aa-2312-477e-be88-8d99 db9027c5,TimeStamp=07/12/2016 23:10:21] [FailureCategory=Cafe-SendFailure] For more information, see the about_Remote_Troubleshooting Help topic.
In the System event log we would find the following:
Log Name: System
Date: 6/18/2016 4:45:40 PM
Event ID: 15021
Description: An error occurred while using SSL configuration for endpoint 0.0.0.0:444. The error status code is contained within the returned data.
Because this was a passive server of a DAG, no users were connecting to it so they were not impacted. However, we were not able to access OWA/EAC directly on this server.
The problem turned out to be in IIS and the fact that the new certificate was not binding to the Exchange Back End site. To fix it, open ISS, expand the server name, expand Sites, right-click on Exchange Back End and select Edit Bindings. In the new window, select https and then click Edit...:
As you can see, no SSL certificate was selected:
To fix it, simply select the new certificate from the SSL certificate drop-down box and click OK.