Contact Us

|

Careers

|

Change Locale
close

Important Notice about Certificate Expiration for Exchange 2013 Hybrid Customers

Microsoft | Posted on March 1, 2016

 

If you’re running Exchange 2013 and you’ve configured a hybrid deployment with Office 365, this post contains important information that might impact you. Please evaluate this information and take any necessary action before April 15, 2016.

On 19th February 2016, the Microsoft Exchange Team issued a technical advisory notice on the Exchange Team Blog.

On April 15 2016, the Office 365 TLS certificate will be renewed in the Office 365 datacenter. This certificate is used by Office 365 to provide TLS encryption between Office 365 and external SMTP servers. The new certificate, which will help improve the security of mail sent to and from Office 365, will be issued by a new Certificate Authority and it will have a new Issuer and Subject.

This change has the potential to stop hybrid mailflow between Office 365 and your on-premises Exchange servers if one of the following conditions applies to you:

  • Your on-premises Exchange servers are running Exchange 2013 Cumulative Update 8 (CU8) or lower.
  • You’ve upgraded the Exchange 2013 servers that handle hybrid mailflow to Exchange 2013 CU9 or higher. However, since upgrading to CU9, you HAVE NOT re-run the Hybrid Configuration wizard.

If one of the previous conditions applies to your organization, hybrid mailflow between Office 365 and your organization will stop working after April 15, 2016.  This only affects hybrid mailflow. Regular mailflow and TLS encryption is NOT affected.

Solution:

1. Use Hybrid Configuration Wizard (HCW)

  • If you are running Exchange 2013 CU8 or lower, follow these instructions to update to the latest version of Exchange 2013
  • When you update Exchange 2013, download the new HCW and run the wizard (Instructions are here)

2. Manual Update (if #1 fails)

  • Open Exchange Management Shell and within each Exchange 2013 server (hybrid mail flow only), run the following commands:

$rc=Get-ReceiveConnector |where {$_.TlsDomainCapabilities -like “*<I>*”}
Set-ReceiveConnector -Identity $rc.Identity -TlsDomainCapabilities “mail.protection.outlook.com:AcceptCloudServicesMail

3. Let Softchoice help you

  • We have Microsoft Exchange experts who can assist you with this, by scheduling a short virtual engagement to walk through this update with you or perform it for you. This typically doesn’t take longer than 2 hours.
  • We also recommend to take this opportunity to do a broader assessment of your Office 365 Exchange Online and On Premise hybrid deployment. We call this a Health Analyzer service that is designed to audit your features and functions configurations. Based on the results of that check, we then will provide you with recommendations and best practices. This engagement will typically last a day to 3 days depending on the scale of your environment and is typically done remotely.
  • Download this to learn more about our Office 365 services.

Related Articles

Culture | October 10, 2019 by Alex Macks

Softchoice’s co-op students are hired for their fresh ideas and wealth of knowledge they bring to our Softchoice teams. Ranjit Singh wrapped up his third consecutive co-op term with Softchoice in Summer 2019. He now works part-time as a .NET Developer while completing his last semester at Sheridan College in the Software Development and Network […]

Innovation Executive Forum | September 13, 2019 by Karen Bader

Enterprises today understand the requirement to combat slow and low end-user adoption, especially when the solutions are intended to transform the way people work, as with new communications and collaboration tools. For years, Softchoice has been offering end-to-end, turnkey adoption services, helping businesses across North America unlock more value, quickly, from their key collaboration investments. […]

Uncategorized | August 28, 2019 by Susana Byun

Here are your top 10 must-read Microsoft announcements from August 2019 curated by Softchoice: