jlnajarro
asked on
Unable to add UM service to Enable-ExchangeCertificate command when enabling UCC certificate.
I get the following error when attempting to add UM Service in Exchange Management Shell.
Command used: Enable-ExchangeCertificate -Thumbprint DEE76DEE4D6993A89E47CECDB2 DA2800B7B9 8066 -Services "POP, IMAP, IIS, SMTP, UM"
Enable-ExchangeCertificate : Service is not installed.
Parameter name: Services
At line:1 char:27
+ Enable-ExchangeCertificate <<<< -Thumbprint DEE76DEE4D6993A89E47CECDB2 DA2800B7B9 8066 -Services "POP, IMAP, IIS, SMTP, UM"
Please advise.
Command used: Enable-ExchangeCertificate
Enable-ExchangeCertificate
Parameter name: Services
At line:1 char:27
+ Enable-ExchangeCertificate
Please advise.
ASKER
Yes , UM is installed on server. The issue was related to a syntax error , documentation that I was using indicated a switch that I was typing without the space.
Was that a Technet article you were following, or something else? If it was Technet I will see if I can get it replaced. There are quite a few minor typos in the Technet content.
The command that you are using above looks correct, so I am curious what you/documentation had added that was causing the problem.
Simon.
The command that you are using above looks correct, so I am curious what you/documentation had added that was causing the problem.
Simon.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Annoyingly, I have discovered the answer to this over the last weekend.
You can only assign an SSL certificate to the UM role if the certificate has the server's real name listed. Therefore if you are trying to assign a single name certificate that was issued to mail.domain.com, but the server is called exch.domain.local then it will not accept it.
Therefore if you are using Unified Messaging you must use a SAN/UC certificate with the following URLs:
mail.domain.com (the name to match the MX records, reverse DNS etc, for TLS support)
autodiscover.domain.com
servername.domain.local (the server's real internal name)
servername (the server's NETBIOS name).
I will be blogging on this shortly.
Simon.
You can only assign an SSL certificate to the UM role if the certificate has the server's real name listed. Therefore if you are trying to assign a single name certificate that was issued to mail.domain.com, but the server is called exch.domain.local then it will not accept it.
Therefore if you are using Unified Messaging you must use a SAN/UC certificate with the following URLs:
mail.domain.com (the name to match the MX records, reverse DNS etc, for TLS support)
autodiscover.domain.com
servername.domain.local (the server's real internal name)
servername (the server's NETBIOS name).
I will be blogging on this shortly.
Simon.
I am having a problem with UM also. I do have the SAN/UC and the certificate does list the internal server name as well as servername.domain.local
ajdratch - this is an old question. Unlike a forum it is not possible to "bump" questions back up the list. The only people who will see your post are those that have already participated. Instead you should post your question as a new question in the Exchange Server Zone which will allow other experts the chance to see the question and respond.
Simon
Exchange Server Zone Advisor.
Simon
Exchange Server Zone Advisor.
Asking the obvious - but do you have UM installed on the server?
Simon.