Exchange 2013: Wild Card Certificates and Hybrid Configuration Wizard

Exchange 2013: Wild Card Certificates and Hybrid Configuration Wizard

As part of the latest migration to the Cloud I ran into some issues with my Exchange Hybrid Migration Wizard. This seems to be an obscure error but a lot of people out there who use a Wild Card Certificate for their server might run into this issue. The Wizard will use the common name of the certificate in order to determine the FQDN it needs to use for the connectors. As you can imagine, the wizard won’t be able to use *.CloudIngenium.com as it is not a valid FQDN.

Error sample:

Update-HybridConfiguration
Failed

Error:
Updating hybrid configuration failed with error ‘Subtask Configure execution failed: Configure Mail Flow

Execution of the New-SendConnector cmdlet had thrown an exception. This may indicate invalid parameters in your Hybrid Configuration settings.

Cannot process argument transformation on parameter ‘Fqdn’. Cannot convert value “*.CloudIngenium.com” to type “Microsoft.Exchange.Data.Fqdn”. Error: “”*.CloudIngenium.com” isn’t a valid SMTP domain.”
at System.Management.Automation.PowerShell.CoreInvoke[TOutput](IEnumerable input, PSDataCollection`1 output, PSInvocationSettings settings)
at System.Management.Automation.PowerShell.Invoke(IEnumerable input, PSInvocationSettings settings)
at System.Management.Automation.PowerShell.Invoke()
at Microsoft.Exchange.Management.Hybrid.RemotePowershellSession.RunCommand(String cmdlet, Dictionary`2 parameters, Boolean ignoreNotFoundErrors)
‘.

Additional troubleshooting information is available in the Update-HybridConfiguration log file located at C:\Program Files\Microsoft\Exchange Server\V14\Logging\Update-HybridConfiguration\HybridConfiguration.log.

Exchange Management Shell command attempted:
Update-HybridConfiguration -OnPremisesCredentials ‘System.Management.Automation.PSCredential’ -TenantCredentials ‘System.Management.Automation.PSCredential’

Elapsed Time: 00:07:13

 

Solution (more like a workaround)

If you obtain a certificate with the FQDN you wish to use, then the wizard can use that and set it up. You can change it later on via IIS. Many of the public CAs out there offer a free 30 day trial or sample you could use.