Warning – Update to Office 365 Certificate could break your Exchange 2013 Hybrid


In a blog post published on 19th February the Exchange Team blog announced that an upcoming certificate renewal for Office 365 on 15th April 2016 will break Hybrid mail flow in certain circumstances. These are:

  • If you are running Exchange 2013 CU8 or earlier.
  • You have upgraded to Exchange 2013 CU9 or later, but have not re-run the Hybrid Configuration Wizard.

If you are in one of the above scenarios DON’T PANIC, there is an easy fix! If you  meet scenario 2 and have already upgraded to Exchange 2013 CU9 then simply download the latest HCW here and run. This will resolve the issue.

If you have yet to upgrade then you should upgrade your Exchange 2013 server to the latest update and then re-run the HCW as above.

There is also a workaround if updating is simply not an option (?) which is running the the following PowerShell commands from EMS on each Exchange server that is used for Hybrid mail flow:

$rc=Get-ReceiveConnector |where {$_.TlsDomainCapabilities -like "*<I>*"}
Set-ReceiveConnector -Identity $rc.Identity -TlsDomainCapabilities "mail.protection.outlook.com:AcceptCloudServicesMail

You can read the full blog post by the Exchange Team here.

If you have any questions, comments or suggestions please either leave a comment below, Tweet me @MikeParker365 or email me at blog@mikeparker365.co.uk.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s