Exchange certificate error causes local mailbox users to not accept Office365 user messages

Exchange certificate error causes local mailbox users to not accept Office365 user messages

we described the localExchangewith theOffice365Hybrid deployment, after a hybrid deployment, due to the localExchangeserver certificate expires, updateExchangethe server certificate causesOffice365mailbox users cannot be associated with a localExchangeMailbox User Communication(Send mail), localExchangeMailbox users cannot accept theOffice365Email users ' mail, after processing, to share the solution to the same problem of children's shoes. Specifically see below:

We first make it clear that if you run the Hybrid Deployment Wizard directly, select the local certificate that causes the local receive connector, the default " defaultfrontend ixm-ex01 "The certificate used is local certificate information, where the three-party trust certificate is applied. Because local mail communication with Office365 must be used for certificates issued by trusted issuers to third parties.

If there is a problem with your local exchange, the following issues may occur;

Verify connector----Outbound to Localexchange

650) this.width=650; "src=" Http://s4.51cto.com/wyfs02/M02/78/36/wKiom1Z35NGgjwJ6AABlgk1bb_c676.png "title=" 1.png " alt= "Wkiom1z35nggjwj6aablgk1bb_c676.png"/>

650) this.width=650; "src=" http://s4.51cto.com/wyfs02/M01/78/35/wKioL1Z34p6D9lu9AAGumWQf2Dw380.jpg "title=" 1.jpg " alt= "Wkiol1z34p6d9lu9aagumwqf2dw380.jpg"/>

to import the three-party trust certificate, the re-run Hybrid Deployment Wizard, the certificate interface to manually select a third-party trust certificate, and then save to take effect, if not re-select, click to save, it will not be effective. So after you re-run the Hybrid Deployment Wizard, use the command check (get-receiveconnector "Default Frontend ixm-ex01" | FL tls*), or the local certificate of the application.

We'll use the order later.

Set-receiveconnector "Defaultfrontend ixm-ex01" –tlscertificatename "<I> cn=ca wosign free SSL certificate g2,o=wosign CA Limited, C =cn<s> cn=mail.ixmsoft.com ")

Bind a three-party certificate to the Receive connector, bind the user to a successful binding, but exactly C=CN One more space before, causing the problem to persist.

650) this.width=650; "src=" http://s1.51cto.com/wyfs02/M02/78/36/wKiom1Z34rOSWW8IAALuMJ2yMxw447.jpg "title=" 2.jpg " alt= "Wkiom1z34rosww8iaalumj2ymxw447.jpg"/>

We are locallyExchangeServerin useTelnetlocalhostCommand,EHLOthe time, found no250-starttlsoption, which leads to the setting of the outbound connector in the cloud, tickTLSoption, the message fails, promptingTLSauthentication failed.

throughExchangeLocalLog, sent us to findtelentLocal -Port, there is no information on the receive connector that matches the certificate. SoStartTLSoption failed to start.

Next, remove the local from the following command Exchange the problematic certificate on the server-side receive connector (that is, setting the current TLS certificate name is empty):

Get-receiveconnector "Servername\default Frontend receiveconnector" | Set-receiveconnector-tlscertificatename $nullGet-receiveconnector "Servername\defaultfrontend ReceiveConnector" | Set-receiveconnector-tlsdomaincapabilities$null

650) this.width=650; "src=" http://s1.51cto.com/wyfs02/M02/78/35/wKioL1Z343nDtLILAAD1p97rmD0378.jpg "title=" 3.jpg " alt= "Wkiol1z343ndtlilaad1p97rmd0378.jpg"/>

Before you re-run the Hybrid Deployment Wizard on the on-premises Exchange Server side, users will be able to successfully receive messages locally by checking the TLS option in the cloud Outbound connector again. Note: Why the local default Receive connector certificate is empty, the cloud Outbound connector check the TLS option, the cloud to send local mail, users can still receive mail? is because the local default receive connector Defaultfrontend ixm-ex01, the value of the REQUIRETLS option is false, that is, it is not forced to take TLS.

650) this.width=650; "src=" http://s5.51cto.com/wyfs02/M00/78/35/wKioL1Z345WTjrluAAEVnzn3gDA432.jpg "title=" 4.jpg " alt= "Wkiol1z345wtjrluaaevnzn3gda432.jpg"/>

Check out the outbound connector in the cloud TLS option, sending a test message actually attempts to TLS The encrypted connection is unsuccessful, but does not return a failed result because it is not forced to go TLS , so that it would try not to go TLS encryption, which causes the message to be sent successfully.

The Final solution is to remove the local Exchange after the problematic certificate on the server-side receive connector, rerun the Hybrid Deployment Wizard and re-select the three-party trust certificate, the problem is resolved.

Here's how: Open the Admin Center for Exchange Services

Click the Blend ---- Modify ----- Login office365 Management Center

650) this.width=650; "src=" Http://s2.51cto.com/wyfs02/M01/78/35/wKioL1Z347TCyDSGAABKT7Tvu58579.png "title=" 5.png " alt= "Wkiol1z347tcydsgaabkt7tvu58579.png"/>

Click Yes to modify the hybrid deployment configuration

650) this.width=650; "src=" Http://s5.51cto.com/wyfs02/M02/78/35/wKioL1Z348KyhjDJAABl-K8QHbg116.png "title=" 6.png " alt= "Wkiol1z348kyhjdjaabl-k8qhbg116.png"/>

See if the user and issuer of the certificate are third-party trusted authorities;

If you do not click Modify ---- Select a third-party trusted method Certificate --- Save As you can

650) this.width=650; "src=" Http://s4.51cto.com/wyfs02/M02/78/36/wKiom1Z349nyzbIhAACstuBviAU940.png "title=" 7.png " alt= "Wkiom1z349nyzbihaacstubviau940.png"/>

After the modification, we complete the configuration update that the hybrid deployment thought of with the wizard

Finally, we can also test on the portal, office365 to the local exchange whether the communication is normal, whether you can send and receive mail properly

We first edit the connector on the office365

650) this.width=650; "src=" Http://s3.51cto.com/wyfs02/M02/78/35/wKioL1Z35b_R-WX3AACiLdNeUk8125.png "title=" 11.png "alt=" Wkiol1z35b_r-wx3aacildneuk8125.png "/> Click Next;

Using a trusted approach agency: mail.ixmsoft.com

650) this.width=650; "src=" Http://s4.51cto.com/wyfs02/M01/78/37/wKiom1Z35cWTb_NDAACAupKaAlk858.png "title=" 12.png "alt=" Wkiom1z35cwtb_ndaacaupkaalk858.png "/> Start validation and verification success

650) this.width=650; "src=" Http://s4.51cto.com/wyfs02/M00/78/37/wKiom1Z35hrhi1m1AAB9a-A5Mu0872.png "title=" 13.png "alt=" Wkiom1z35hrhi1m1aab9a-a5mu0872.png "/> We double click the single Open connection message

650) this.width=650; "src=" Http://s1.51cto.com/wyfs02/M02/78/37/wKiom1Z35iqCHzg3AADWdCq0ibo316.png "title=" 14.png "alt=" Wkiom1z35iqchzg3aadwdcq0ibo316.png "/>

This article from "Gao Wenrong" blog, declined reprint!

Exchange certificate error causes local mailbox users to not accept Office365 user messages