The SSL certificate could not be checked for revocation when you run the Hybrid Configuration wizard
Original KB number: 3067224
Problem
When you run the Hybrid Configuration wizard, you receive a "The SSL certificate could not be checked for revocation. The server used to check for revocation might be unreachable" error message. The full text of this message resembles the following:
ERROR:Updating hybrid configuration failed with error 'System.Management.Automation.Remoting.PSRemotingTransportException: Connecting to remote server failed with the following error message : The server certificate on the destination computer (ps.outlook.com:443) has the following errors: The SSL certificate could not be checked for revocation. The server used to check for revocation might be unreachable. For more information, see the about_Remote_Troubleshooting Help topic.
at System.Management.Automation.Runspaces.AsyncResult.EndInvoke()
at System.Management.Automation.Runspaces.AsyncResult.EndInvoke()
at System.Management.Automation.Runspaces.Internal.RunspacePoolInternal.EndOpen(IAsyncResult asyncResult)
at System.Management.Automation.Runspaces.RunspacePool.Open()
at System.Management.Automation.RemoteRunspace.Open()
at Microsoft.Exchange.Management.Hybrid.RemotePowershellSession.Connect(PSCredential credentials, CultureInfo sessionUiCulture)
at Microsoft.Exchange.Management.Hybrid.Engine.Execute(ILogger logger, String onPremPowershellHost, PSCredential onPremCredentials, PSCredential tenantCredentials, HybridConfiguration hybridConfiguration)
at Microsoft.Exchange.Management.SystemConfigurationTasks.UpdateHybridConfiguration.InternalProcessRecord()'.
Cause
This problem occurs because Microsoft Exchange Server uses Windows HTTP Services (WinHTTP) to manage all HTTP and HTTPS traffic, and WinHTTP does not use the proxy settings that are set in the web browser.
To view the WinHTTP proxy settings, type the following command at a command prompt, and then press Enter:
netsh winhttp show proxy
Solution
To resolve this issue, use the netsh command-line tool to configure the WinHTTP proxy setting and the fully qualified domain name (FQDN) of the server in the WinHTTP bypass list.
For more information about how to set proxy settings for WinHTTP, see the following resources:
- Netsh Commands for Windows Hypertext Transfer Protocol (WINHTTP)
- Configure Proxy Settings for WinHTTP
- WinHttpDetectAutoProxyConfigUrl function (winhttp.h)
Still need help? Go to Microsoft Community or the Exchange TechNet Forums.
Feedback
Coming soon: Throughout 2024 we will be phasing out GitHub Issues as the feedback mechanism for content and replacing it with a new feedback system. For more information see: https://aka.ms/ContentUserFeedback.
Submit and view feedback for