When using a native move request to migrate to Exchange 2013 the following process takes place.
A native move needs to be executed to migrate mailboxes from EX2010 to EX2013. MAgE executes a native move as follows: Execute PowerShell: New-MoveRequest -Identity ea9666a5-5f9b-4c05-bb7c-8b0b8e6b2412 -TargetDatabase cdd1a700-043b-4adf-94a2-511d5ee63cca -RemoteGlobalCatalog server.domain.com -RemoteCredential [TEICH\svctwbqmm] -TargetDeliveryDomain server1.domain.com -BatchName QMMEX(2BB01037-E212-4872-8363-D15DB47FF6A3), TargetDB(cdd1a700-043b-4adf-94a2-511d5ee63cca) -BadItemLimit 0 -SuspendWhenReadyToComplete -Remote -RemoteHostName server3.child.domain.com
Upon executing the Native Move, the following PowerShell error appears: Error System.Management.Automation.RemoteException: The call to 'https://server3.child.domain.com/EWS/mrsproxy.svc' failed. Error details: Could not establish trust relationship for the SSL/TLS secure channel with authority 'server.child.domain.com'. --> The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel. --> The remote certificate is invalid according to the validation procedure.. A certificate error is suspected, because it may be missing on the CAS array in the target (EX2013).
You must export the source Exchange CAS Server certificate to the target Exchange CAS Server. This can also be a wild card certificate or SAN cert with the name spaces used by the source Exchange Organization. In the example of the error message you need to import the server certificate for server3.child.domain.com to the target CAS servers.
You can use the Import-ExchangeCertificate cmdlet for the following purposes:
To import a certificate or chain of certificates from a PKCS #7 file that has been issued by a certification authority (CA). PKCS #7 is the Cryptographic Message Syntax Standard, a syntax used for digitally signing or encrypting data using public key cryptography, including certificates.
To import an existing certificate and private key from a PKCS #12 (.pfx or .p12) file to the certificate store on the local computer. PKCS #12 is the Personal Information Exchange Syntax Standard, a file format used to store certificates with corresponding private keys protected with a password. The standard is specified by RSA Laboratories. For more information, see the PKCS #12: Personal Information Exchange Syntax Standard website.
The certificate may be published in Active Directory for the purposes of direct trust by using mutual TLS if the following conditions are true:
The certificate is marked as an SMTP TLS certificate.
The Subject Name on the certificate matches the fully qualified domain name (FQDN) of the local computer.
The certificate may be published in Active Directory by Edge Subscription if the following conditions are true:
You import the certificate to an Edge Transport server.
The certificate has an FQDN that matches the server FQDN.
The Import-ExchangeCertificate cmdlet imports either a certificate that's issued from an outstanding request or a PKCS #12 file.
You need to be assigned permissions before you can run this cmdlet. Although all parameters for this cmdlet are listed in this topic, you may not have access to some parameters if they're not included in the permissions assigned to you. To see what permissions you need, see the "Certificate management" entry in the Exchange and Shell infrastructure permissions topic.
Example 1. This example imports an existing certificate and private key from the PKCS #12 file ExportedCert.pfx.
Import-ExchangeCertificate -FileData ([Byte[]]$(Get-Content -Path c:\certificates\ExportedCert.pfx -Encoding byte -ReadCount 0)) -Password:(Get-Credential).password
Example 2. This example imports a chain of certificates from the PKCS #7 file IssuedCert.p7b.
Import-ExchangeCertificate -FileData ([Byte[]]$(Get-Content -Path c:\certificates\IssuedCert.p7b -Encoding byte -ReadCount 0))
© 2024 Quest Software Inc. ALL RIGHTS RESERVED. 使用条款 隐私 Cookie Preference Center