Changing an expired SSL certificate is easy in Exchange 2016 using the EMC. A simple click or two, and boom… new certificate!
Unless you have integrated Skype for Business IM into your OWA.
Symptoms
1st Symptom: User Complaints
2nd Symptom: Your exchange logs the following event:
The certificate specified by the InstantMessagingCertificateThumbprint parameter of the Outlook Web App virtual directory wasn’t found in the local certificate store.
Certificate thumbprint:
Yup.. you have a couple of more steps to complete.
STEP#1: Get the new thumbprint
- Launch Exchange Management Shell as an Administrator
- Execute
Get-ExchangeCertificate - Copy the Thumbprint of the certificate that has registered the “W” service
NOTE: That same certificate may have registered other services like the certificate example below, which has registered IPUWSC services.
STEP#2: Update the OWA virtual directory with the new thumbprint
- Launch Exchange Management Shell as an
Administrator - Execute
get-owavirtualdirectory | Set-OwaVirtualDirectory -InstantMessagingCertificateThumbprint [THE NEW THUMBPRINT]
STEP#3: Update the OWA configuration file
- Open the OWA configuration file located at
C:\Program Files\Microsoft\Exchange Server\V15\ClientAccess\OWA\web.config - Search the configuration file for “IMCertificateThumbprint”
Important: If the key does not exist in the web.config, proceed to STEP#3A below - Change the key thumbprint to the new thumbprint value
<add key=”IMCertificateThumbprint” value=”[THE NEW THUMBPRINT” /> - Restart IIS and test IM in OWA
- Your Done! Stop here!
STEP#3A: Update Setting Overrides
- Launch Exchange Management Shell as an Administrator
- Execute
Get-SettingOverride
- You should get an output like the following
Closely note the following values
– Id {In the example above, the value is OWA-SKYPE-INTEGRATION
– Parameters, specifically the IMServerName value {In the example above, the value is SRVSKYPE15FE.corp.armgasys.com - Execute
Set-SettingOverride -Identity [ID NAME] -Parameters @(“IMServerName=[SERVER NAME]”,”IMCertificateThumbprint=[THE NEW THUMBPRINT]”) - Make sure everything is refreshed by executing the following command
Get-ExchangeDiagnosticInfo -Server $ENV:COMPUTERNAME -Process Microsoft.Exchange.Directory.TopologyService -Component VariantConfiguration -Argument Refresh - Restart IIS and test IM in OWA
Good Luck!