Check Failure: No valid hybrid certificate found
- On an on-premises Client Access server or Mailbox server, open the Exchange Management Shell.
- Run the following command:
- In the Hybrid Configuration wizard, you specified a certificate that was to be used for secure mail transport.Locate the information for that certificate.
- Make sure that the following parameter values are set for the certificate:
- IsSelfSigned parameter: This parameter value should be False.
- RootCAType parameter: This parameter value should be Third Party.
- Services parameter: This parameter value should be IIS, SMTP (at a minimum).
- NotAfter parameter: This parameter value is the certificate expiration date. The date should not be expired.
Note If IIS, SMTP, or both are missing from the Services parameter, enable the services. To do this, run the following command:
Enable-ExchangeCertificate –Services IIS,SMTP -thumbprint <ThumbprintOfHybridCertificate>
If you experience issues with the Hybrid Configuration wizard, you can run the Exchange Hybrid Configuration Diagnostic. This diagnostic is an automated troubleshooting tool. Run it on the server on which the Hybrid Configuration wizard failed. The tool collects the Hybrid Configuration wizard logs and parses them for you. If you're experiencing a known issue, you receive a message that states what went wrong. The message includes a link to an article that contains the solution. Currently, the diagnostic is supported only in Internet Explorer.
Still need help? Go to Microsoft Community or the Exchange TechNet Forums.
Article ID: 3064938 - Last Review: 21 Dec 2016 - Revision: 1