How to renew OAUTH SSL Certificate in Exchange

/0 Comments/in , /by

 

Open Exchange PowerShell on the Exchange server

Run the following command (replace *.domainname below with the domain name)

New-ExchangeCertificate -KeySize 2048 -PrivateKeyExportable $true -SubjectName “CN= Microsoft Exchange Server Auth Certificate” -DomainName “*.domainname” -FriendlyName “Microsoft Exchange Server Auth Certificate” -Services SMTP

Answer No to over-write

Write down the certificate thumpprint

Type:

$date = Get-Date

Type:

Set-AuthConfig -NewCertificateThumbprint <certificate_thumbprint> –NewCertificateEffectiveDate $date

Substitute <certificate_thumbprint> above with certificate thumpprint that you wrote down.

Confirm Y

Type:

Set-AuthConfig –PublishCertificate

Type:

Set-AuthConfig -ClearPreviousCertificate

Restart the Microsoft Exchange Service Host service

Restart IIS
IISReset

Site link to create or delete Microsoft Office 365 App password

/0 Comments/in , /by

Below is the site used to create or delete Microsoft Office 365 App Password needed for Multi Factor Authentication used in conjunction with non-Microsoft Office apps like native mail clients on smart phones, MAC mail or even older versions of Microsoft Outlook.

https://aka.ms/mysecurityinfo

 

 

Renewing VMware esxi 6.0 SSL certificate – Certificate Error – Host – vCenter

/1 Comment/in , /by

If the self-assigned VMware esxi 6.0 SSL Certificate expired on a Host and displaying a warning or an error in vCenter on the Host, you will need to renew that SSL Certificate.

The certificate can’t be renewed through the VMware vSphere client, but can be renewed via the Web Client but unfortunately that would require Adobe Flash to work, and Adobe Flash has been deprecated and unavailable to download unless you had an old browser with flash installed and you never removed flash from it.

We had this issue last week.  We found another way to renew that certificate and that is by going to vSphere client, right-clicking on the Host and disconnecting it, wait a few seconds then choose to reconnect it.  By reconnecting the Host, that will automatically renew that ssl Certificate.

 

 

Do at your own risk.  We take no responsibility for anything that could go wrong.

PowerShell failed to invoke ‘New-FederationTrust’: Unable to access the Federation Metadata document from the federation partner

/0 Comments/in , /by

We were in the process of migrating mailboxes on-premise Exchange 2013 running on Windows Server 2012 to office 365  and while installing the Hybrid Configuration Wizard we were getting the following error.

PowerShell failed to invoke ‘New-FederationTrust’: Unable to access the Federation Metadata document from the federation partner. Detailed information: “The underlying connection was closed: An unexpected error occurred on a receive

After some troubleshooting and collecting logs, we found out that the reason we were getting that error is that a few years ago and to comply with PCI requirements, we disabled SSL and weaker TLS encryptions and enabled TLS 1.1 and 1.2 on the Exchange server.  We only did the HTTPS part.   The Hybrid Configuration was invoking .NET that was trying to use those disabled protocols and therefore the Hybrid Configuration Wizard was failing.  In Registry we forced .NET to use the new TLS protocols not the disabled ones.

Added the following Registry values

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\v4.0.30319]

“SystemDefaultTlsVersions”=dword:00000001

-AND-

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\v4.0.30319]

“SystemDefaultTlsVersions”=dword:00000001