We have established hybrid connection between O365 and on Premises Exchange 2016 CU9, everything has been working fine, until recently the mail flow between O365 and on premises Exchange 2016 stopped working. Here is what we have done recently, CU update from CU7 to CU9 at on premises Exchange 2016, switched Godaddy certificate with COMODO RSA Domain Validation Security Server CA. I opened support with O365 support, they didn't provide me much help.
I went to O365 admin portal, mail flow, connectors, and outbound connector and do validation for the connector from O365 to on Premises Exchange 2016 server, and got the following error:
I did some community support search and find out a Microsoft KB that makes sense to me. here is the link
https://support.microsoft.com/en-us/help/2989382/can-t-receive-mail-in-a-hybrid-environment-after-you-install-a-new-cer
I checked our Default frontend transport receiveconnector, and found out the certificate was bound to our old Godaddy certification, so I followed Microsoft above link,
- Run the following commands:
Get-ReceiveConnector "ServerName\Default Frontend ReceiveConnector" | Set-ReceiveConnector -TlsCertificateName $null
Get-ReceiveConnector "ServerName\Default Frontend ReceiveConnector" | Set-ReceiveConnector -TlsDomainCapabilities $null
- Rerun the Hybrid Configuration wizard to update the receive connector on the hybrid server with the certificate information.
- recheck the receiveconnector's TLS binding, it has updated with new certificate.
Get-ReceiveConnector "ServerName\Default Frontend ReceiveConnector" |ft identity, TlsCertificateName, TlsDomainCapabilities
-TlsCertificateName
We found out the new certificate are updated on all Exchange 2016 receiveconnectors and right tls domain is bound on it. Bingo. All mail flow are starting working again.
