During a customer recent case, I experienced problems in the Hybrid Configuration Wizard (HCW) for Exchange 2010, when trying to configure a Hybrid setup with Exchange 2010 and Office 365.
When going through the Manage Hybrid Configuration Wizard in Exchange 2010, we experienced an error, almost at the end of the wizard, when trying to choose the certificate used for Hybrid “No valid certificate exists for the Hub Transport server(s)”:
This was a bit weird, since the Exchange server already has enabled a valid Exchange certificate for the Transport services (SMTP).
To list the certificate used, using Exchange Management Shell and the following command:
Get-ExchangeCertificate | fl
A first view everything seems ok.
Some has experienced similar issue, if you do a Google (or Bing) on it and some apparently solved this by re-importing the SSL certificate.
This was however not the case in my scenario.
The root cause seems to be in RootCAType, which in my scenario is set to Registry.
Make sure your Root CA certificates are correct and updated, if not get the most recent ones from your certificate provider (In my case GlobalSign).
When importing the Root certificates, make sure they are placed correct within the certificate store, which is:
- Intermediate certificates to the Intermediate store (folder)
- Root Certificates to the Third Party store (folder)
- The Solution
The last step, seems to be the root cause to my issue, when the Root CA certificate from GlobalSign was placed in Third Party store (folder), it changed the parameters for RootCAType, when listing certificates for Exchange using Exchange Management Shell and the following command:
Get-ExchangeCertificate | fl
Now the parameter of RootCAType has changed to ThirdParty and the certificate, which was already enabled in Exchange for Transport Services (SMTP), can now be viewed and used for the Hybrid Configuration Wizard.
Other references to similar issue:
Hi,
We have a hybrid deployment setup with Exchange 2010 and Office 365 and it has been working fine. The certificate has come up for renewal on the exchange server and I have renewed the certificate and imported into the EMC. However when I re-run the hybrid configuration wizard it cannot see the new certificate.
Do you have any idea what the issue maybe as I have restarted the server as well with no joy.
I have this same issue. We renewed the certificate and imported it but the HCW doesn’t see it. It’s configured as 3rd party. Were you able to figure out how to resolve?
Bit late on reply but may help someone else
From EMS you need find out what your thumbprint id is for the right cert
Get-ExchangeCertificate
then run the command:
Set-HybridConfiguration -SecureMailCertificateThumbprint AC00F35CBA8359953F4126E0984B5CCAFA2F4F17
Obviously replace the thumbprint above with your own
how we can change the hybrid after renew the certificate
You want to use a new hybrid server ?
You can always rerun the Hybrid Configuration Wizard.
/Peter