Friday , August 7 2020

Replacing Send Connector Certificate

A special Rpc error occurs on server EXCH1: These certificates are tagged with following Send Connectors : Outbound to Office 365. Removing and replacing certificates from Send Connector would break the mail flow. If you still want to proceed then replace or remove these certificates from Send Connector and then try this command.

$cert = Get-ExchangeCertificate -Thumbprint XXXXXX 
$tlscertificatename = "<i>$($cert.Issuer)<s>$($cert.Subject)"

To Replace Send Connector –

Set-SendConnector "Outbound to Office 365" -TlsCertificateName $tlscertificatename

To Replace Receive Connector –

Set-ReceiveConnector "EXCH1\Default Frontend EXCH1" -TlsCertificateName $tlscertificatename

if you don’t update receive connector you can see hybrid mail flow stops with TLS error

Reason: [{LED=450 4.4.317 Cannot connect to remote server [Message=451 5.7.3 STARTTLS is required to send mail] [LastAttemptedServerName=83.0.59.81] [LastAttemptedIP=83.0.59.81:25] [DX2ARE01FT002.eop-are01.prod.protection.outlook.com]};{MSG=451 5.7.3 STARTTLS is required to send mail};{FQDN=83.0.59.81};{IP=83.0.59.81};. OutboundProxyTargetIP: 83.0.59.81.

About Satheshwaran Manoharan

Satheshwaran Manoharan is an Microsoft Office Server and Services MVP , Publisher of Azure365pro.com. Specialized in Office365 / Microsoft Exchange / Virtualization , Sathesh is an Messaging Expert supporting/Designing/Deploying many medium size businesses to large enterprises when it comes to Corporate messaging and Virtualization Infrastructure

Check Also

Office 365 Branding

Office 365 Branding is the first thing i do on most of the Office 365 …

2 comments

  1. I ran into this problem today, and unfortunately this did not fix the issue. Here is how i fixed it.

    First (fail) I re-ran the HCW and linked the send connector to the new certificate and tried to remove the old one. Still failed with the same message.

    Luckily, we are still in the testing phase of O365 mail, so I just deleted the ‘Outbound to Office 365’ send connector, deleted the old certificate and re-ran the HCW.

    In a full production environment, this will break mail flow, so use wisely! Hope this helps someone else out.

Leave a Reply

Your email address will not be published.