# Hybrid Exchange TLS

swapped a cert but messages still stuck in the queue? probably your send connector is being a bitch and holding onto the old cert.

<div id="bkmrk-%24cert-%3D-get-exchange"><div><table border="0" cellpadding="0" cellspacing="0"><tbody><tr><td class="code"><div><div>`$cert` `= ``Get-ExchangeCertificate` `-Thumbprint` `XXXXXX`</div></div></td></tr></tbody></table>

</div></div><div id="bkmrk-%24tlscertificatename-"><div><table border="0" cellpadding="0" cellspacing="0"><tbody><tr><td class="code"><div><div>`$tlscertificatename` `= ``"<i>$($cert.Issuer)<s>$($cert.Subject)"`</div></div></td></tr></tbody></table>

</div></div>To Replace Send Connector –

<div id="bkmrk-set-sendconnector-%22o"><div><table border="0" cellpadding="0" cellspacing="0"><tbody><tr><td class="code"><div><div>`Set-SendConnector` `"Outbound to Office 365"` `-TlsCertificateName` `$tlscertificatename`</div></div></td></tr></tbody></table>

</div></div>To Replace Receive Connector –

<div id="bkmrk-set-receiveconnector"><div><table border="0" cellpadding="0" cellspacing="0"><tbody><tr><td class="code"><div><div>`Set-ReceiveConnector` `"EXCH1\Default Frontend EXCH1"` `-TlsCertificateName` `$tlscertificatename`</div></div></td></tr></tbody></table>

</div></div>if you don’t update receive connector you can see hybrid mail flow stops with TLS error

Reason: \[{LED=450 4.4.317 Cannot connect to remote server \[Message=451 5.7.3 STARTTLS is required to send mail\] \[LastAttemptedServerName=83.0.59.81\] \[LastAttemptedIP=83.0.59.81:25\] \[DX2ARE01FT002.eop-are01.prod.protection.outlook.com\]};{MSG=451 5.7.3 STARTTLS is required to send mail}