Generate a new certificate request:
$data = New-ExchangeCertificate -GenerateRequest -SubjectName "cn=mx03.domain.com" -domainname mx03.domain.com, sr-XXXXX.domain.lan, sr-XXXXX -friendlyname mx03.domain.com -PrivateKeyExportable $true
Set-Content -Path "c:\Temp\mailcert.req" -Value $Data
Import the request into the PKI website http://servername/certsrv
Request a new Certificate
Get-exchangecertificate | fl
The problem right now is we do not refresh the certificate used by ADAM when issue a new subscription, so if you have created a new certificate, we keep presenting the old one. Ok, so here's what you need to do to get ADAM to present the new one:
1. On the Hub, Remove the Subscription
2. On the Edge, Remove the cert used by ADAM to establish secure
connections. You can do this by following the following steps:
- a. Open up an empty mmc console (Run -> mmc)
- b. Select File -> Add / Remove Snap-in
- c. Hit Add
- d. Select "Certificates" from the List of Snap-Ins available, and
- hit Add.
- e. Select "Service Account" on the "Certificates Snap-In" page,
- click next.
- f. Select "Local Computer" on the "Select Computer" page, click
- next.
- g. Select "Microsoft Exchange ADAM" from the list of services,
- click Finish.
- h. Close the "Add Snap-in" dialog.
- i. Navigate to "Certifcates – Service" ->
- "ADAM_MSExchange\Personal" -> Certificates
- j. You should see a single certificate here. Remove it.
3. On the Edge, Unsubscribe, then create a new subscription file
(you should see a new certificate show up at this point on the ADAM cert container from the step above) by calling new-edgesubscription
New-EdgeSubscription -FileName "Path to file".xml
4. Re-start the "Microsoft Exchange ADAM" service.
5.Export the file to the Hub server.
6.On the Hub server import the new subscription.7.Create a new Edge subscription in the EMC
Then you have to wait a few minutes.
To check if synchronization works run;
start-edgesynchronization
test-edgesynchronization