"The SSL certificate could not be checked for revocation" error when you run the Hybrid Configuration wizard

Applies to: Exchange OnlineExchange Server 2013 EnterpriseExchange Server 2013 Standard Edition


When you run the Hybrid Configuration wizard, you receive a "The SSL certificate could not be checked for revocation. The server used to check for revocation might be unreachable" error message. The full text of this message resembles the following: 
ERROR:Updating hybrid configuration failed with error 'System.Management.Automation.Remoting.PSRemotingTransportException: Connecting to remote server failed with the following error message : The server certificate on the destination computer (ps.outlook.com:443) has the following errors: The SSL certificate could not be checked for revocation. The server used to check for revocation might be unreachable. For more information, see the about_Remote_Troubleshooting Help topic.
at System.Management.Automation.Runspaces.AsyncResult.EndInvoke()
at System.Management.Automation.Runspaces.AsyncResult.EndInvoke()
at System.Management.Automation.Runspaces.Internal.RunspacePoolInternal.EndOpen(IAsyncResult asyncResult)
at System.Management.Automation.Runspaces.RunspacePool.Open()
at System.Management.Automation.RemoteRunspace.Open()
at Microsoft.Exchange.Management.Hybrid.RemotePowershellSession.Connect(PSCredential credentials, CultureInfo sessionUiCulture)
at Microsoft.Exchange.Management.Hybrid.Engine.Execute(ILogger logger, String onPremPowershellHost, PSCredential onPremCredentials, PSCredential tenantCredentials, HybridConfiguration hybridConfiguration)
at Microsoft.Exchange.Management.SystemConfigurationTasks.UpdateHybridConfiguration.InternalProcessRecord()'.


This problem occurs because Microsoft Exchange Server uses Windows HTTP Services (WinHTTP) to manage all HTTP and HTTPS traffic, and WinHTTP does not use the proxy settings that are set in the web browser.  

To view the WinHTTP proxy settings, type the following command at a command prompt, and then press Enter:
netsh winhttp show proxy 


To resolve this issue, use the netsh command-line tool to configure the WinHTTP proxy setting and the fully qualified domain name (FQDN) of the server in the WinHTTP bypass list.

For more information about how to set proxy settings for WinHTTP, see the following resources:


If you experience issues with the Hybrid Configuration wizard, you can run the Exchange Hybrid Configuration Diagnostic. This diagnostic is an automated troubleshooting experience. Run it on the same server on which the Hybrid Configuration wizard failed. Doing this collects the Hybrid Configuration wizard logs and parses them for you. If you're experiencing a known issue, a message is displayed that tells you what went wrong. The message includes a link to an article that contains the solution. Currently, the diagnostic is supported only in Internet Explorer.

Still need help? Go to Microsoft Community or the Exchange TechNet Forums.