Hybrid Exchange TLS

swapped a cert but messages still stuck in the queue? probably your send connector is being a bitch and holding onto the old cert.

$cert = Get-ExchangeCertificate -Thumbprint XXXXXX

$tlscertificatename = "<i>$($cert.Issuer)<s>$($cert.Subject)"

To Replace Send Connector –

Set-SendConnector "Outbound to Office 365" -TlsCertificateName $tlscertificatename

To Replace Receive Connector –

Set-ReceiveConnector "EXCH1\Default Frontend EXCH1" -TlsCertificateName $tlscertificatename

if you don’t update receive connector you can see hybrid mail flow stops with TLS error

Reason: [{LED=450 4.4.317 Cannot connect to remote server [Message=451 5.7.3 STARTTLS is required to send mail] [LastAttemptedServerName=83.0.59.81] [LastAttemptedIP=83.0.59.81:25] [DX2ARE01FT002.eop-are01.prod.protection.outlook.com]};{MSG=451 5.7.3 STARTTLS is required to send mail}

DHCP's house in AD

Hybrid Exchange TLS

No Comments