Exchange Shell Certificate Error

by [Published on 23 Aug. 2016 / Last Updated on 23 Aug. 2016]

This tip shows how to solve a particular certificate issue when renewing Exchange certificates

The other day, a colleague of mine experienced an issue when updating the certificate for one of his Exchange servers. After using the EAC to update the certificate, the Exchange Management Shell would not start and give the following error:

New-PSSession : [server.domain.com] Connecting to remote server server.domain.com failed with the following error message : [ClientAccessServer=server,BackEndServer=server.domain.com,RequestId=357032aa-2312-477e-be88-8d99 db9027c5,TimeStamp=07/12/2016 23:10:21] [FailureCategory=Cafe-SendFailure]  For more information, see the about_Remote_Troubleshooting Help topic.

 

 In the System event log we would find the following:

Log Name:      System
Source:        Microsoft-Windows-HttpEvent
Date:          6/18/2016 4:45:40 PM
Event ID:      15021
Level:         Error
Computer:      server.domain.com
Description: An error occurred while using SSL configuration for endpoint 0.0.0.0:444.  The error status code is contained within the returned data.

 

 Because this was a passive server of a DAG, no users were connecting to it so they were not impacted. However, we were not able to access OWA/EAC directly on this server.

 The problem turned out to be in IIS and the fact that the new certificate was not binding to the Exchange Back End site. To fix it, open ISS, expand the server name, expand Sites, right-click on Exchange Back End and select Edit Bindings. In the new window, select https and then click Edit...:

Image

 

As you can see, no SSL certificate was selected:

 Image

 

To fix it, simply select the new certificate from the SSL certificate drop-down box and click OK.

 

See Also


The Author — Nuno Mota

Nuno Mota avatar

Nuno is an Exchange MVP working as a Senior Microsoft Messaging Consultant for a UK IT Services Provider in London. He specializes in Exchange, Lync, Active Directory and PowerShell.

Featured Links