Problems with certificate renewal Exchange 2010 / Exchange 2013 coexistence, Failed to enable constraints


Scenario:

I have a LAB, with Exchange 2010 / Exchange 2013 in coexitence:

  • 1 Exchange 2010 CHM
  • 2 DAG servers with FrontEnd and Backend roles and HAProxy load balancer

I have selected renew Exchange Certificate from EMC and got certificate request. Requested certificatee renewal on Startcom Certification authority -> Completed pending request

Problem:

When I was trying to renew certificate for SMTP / TLS, I started to get error message on the Picture.

Error

It was not possible to do anything with certificates in EMC, because list was empty.

Solution:

  • Run EMS
  • List certificates
Get-ExchangeCertificate | Select Status,Thumbprint,Notafter,Services | ft -Autosize
  • In the list you will see pending requests

List of certificates

  • Complete pending request
Import-ExchangeCertificate -FileData ([Byte[]]$(Get-Content -Path Z:Z_DOKUMENTYSALONOVI.CZSMTP_certifikat_renewal_2013_2.cer -Encoding byte -ReadCount 0))
completed pending request
  • Check certificate if it is valid
Get-ExchangeCertificate <Thumbprint> |fl ; Thumprint from previous command
  • Assign services to certificate (Requires confirmation to overwrite existing SMTP certificate)
Get-ExchangeCertificate <Thumbprint> | Enable-ExchangeCertificate -Services SMTP
Assigning Services
  • Once CSR is completed an all certificates are in place, it is possible to access  certificates in EMC again.

After

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s