Important Notice about Certificate Expiration for Exchange 2013 Hybrid Customers

 Important Office 365 Certificate Update for Exchange 2013 with hybrid deployments

If you’re running Exchange 2013 and you’ve configured a hybrid deployment with Office 365, this post contains important information that might impact you. Please evaluate this information and take any necessary action before April 15, 2016.

On 19th February 2016, the Microsoft Exchange Team issued a technical advisory notice on the Exchange Team Blog.

On April 15 2016, the Office 365 TLS certificate will be renewed in the Office 365 datacenter. This certificate is used by Office 365 to provide TLS encryption between Office 365 and external SMTP servers. The new certificate, which will help improve the security of mail sent to and from Office 365, will be issued by a new Certificate Authority and it will have a new Issuer and Subject.

This change has the potential to stop hybrid mailflow between Office 365 and your on-premises Exchange servers if one of the following conditions applies to you:

  • Your on-premises Exchange servers are running Exchange 2013 Cumulative Update 8 (CU8) or lower.
  • You’ve upgraded the Exchange 2013 servers that handle hybrid mailflow to Exchange 2013 CU9 or higher. However, since upgrading to CU9, you HAVE NOT re-run the Hybrid Configuration wizard.

If one of the previous conditions applies to your organization, hybrid mailflow between Office 365 and your organization will stop working after April 15, 2016.  This only affects hybrid mailflow. Regular mailflow and TLS encryption is NOT affected.

Solution:

1. Use Hybrid Configuration Wizard (HCW)

  • If you are running Exchange 2013 CU8 or lower, follow these instructions to update to the latest version of Exchange 2013
  • When you update Exchange 2013, download the new HCW and run the wizard (Instructions are here)

2. Manual Update (if #1 fails)

  • Open Exchange Management Shell and within each Exchange 2013 server (hybrid mail flow only), run the following commands:

$rc=Get-ReceiveConnector |where {$_.TlsDomainCapabilities -like “*<I>*”}
Set-ReceiveConnector -Identity $rc.Identity -TlsDomainCapabilities “mail.protection.outlook.com:AcceptCloudServicesMail

3. Let Softchoice help you

  • We have Microsoft Exchange experts who can assist you with this, by scheduling a short virtual engagement to walk through this update with you or perform it for you. This typically doesn’t take longer than 2 hours.
  • We also recommend to take this opportunity to do a broader assessment of your Office 365 Exchange Online and On Premise hybrid deployment. We call this a Health Analyzer service that is designed to audit your features and functions configurations. Based on the results of that check, we then will provide you with recommendations and best practices. This engagement will typically last a day to 3 days depending on the scale of your environment and is typically done remotely.
  • Download this to learn more about our Office 365 services.

What Microsoft Exchange 2003, NSYNC and the Atkins Diet Have in Common

What Microsoft Exchange 2003, NSYNC and the Atkins Diet Have in Common

The April 8, 2014 end-of-extended-support date is approaching for Exchange 2003. How is your organization preparing?

As the saying goes, all good things must come to an end. And while there may be debate over what “good” actually means, Exchange 2003 is going the way of your favorite boy band or fad diet.

What Exchange 2003 going EOL really means
This is not a case of migrating/upgrading simply for the sake of having the “newest thing”. End of extended support means that Microsoft will no longer provide updates, patches, and customer support.

[Read more…]