RequiredTls flag should be set to true if TlsCertificateName is specified error when running Hybrid Configuration wizard

Original KB number:   3062283

Symptoms

When you run the Hybrid Configuration wizard, you receive the following error message:

Execution of the Set-HybridMailflow cmdlet had thrown an exception. This may indicate invalid parameters in your Hybrid Configuration settings.

RequiredTls flag should be set to true if TlsCertificateName is specified.

at Microsoft.Exchange.Management.Hybrid.RemotePowershellSession.RunCommand(String cmdlet Dictionary`2 parameters Boolean ignoreNotFoundErrors)

Cause

The problem can occur if the send connector or receive connector has a Transport Layer Security (TLS) name that's not in the certificate. This can happen if the certificate changed and caused mismatched names for the connector.

Resolution

Rerun the Hybrid Configuration wizard. When you're prompted to specify the fully qualified domain name (FQDN) of the on-premises server that is running Microsoft Exchange Server, make sure that the name that you enter is on a certificate that's bound to the Simple Mail Transfer Protocol (SMTP) service.

More information

To determine which certificate and domain name can be used, follow these steps:

1. Open Exchange Management Shell on the on-premises Exchange server, and then run the following command:

   Get-ExchangeCertificate |fl Services,CertificateDomains,thumbprint,IsSelfSigned
   

2. Look for certificates in which the Services value is SMTP.

3. Look for certificates in which the IsSelfSigned parameter is set to False.

4. Examine the CertificateDomains values that remain, and then look for the domain name that you configured for external DNS.

Still need help? Go to Microsoft Community or the Microsoft Q&A.