The Certificate Chain Did Not End In A Trusted Root; The Server Is Not Sending All Required Intermediate Certificates…

MS Exchange

I was asked to look at a Customer’s Exchange 2010 ActiveSync publishing rule in TMG 2010, as the ActiveSync test in the Microsoft Exchange Connectivity test site was failing with the error “The Certificate Chain Did Not End In A Trusted Root”.

Cert Error

OWA publishing was working fine with the same SAN certificate from Digicert. I quickly ran the Digicert “Certificate Tester” tool, which I had written about in my previous article. Digicert threw an error as well, but this time it was much more clear as to which certificate was causing the issue. The error was “the server is not sending all required intermediate certificates”.

Certificate error

The problem is that the certificate doesn’t have all required certificates (root and intermediate) in the chain. There are two ways to solve this issue. If you would have used the “Export Certificate” option from your CAS server and imported it into TMG, it is likely that it doesn’t have all the required certificates. To rectify the issue, export the certificate from the “Certificates snap-in (Local Computer)”, selecting the option “Include all certificates in the certification path, if possible”.

Include all certs

Another easier fix is to use the DigiCertUtil tool, which I had written about in my pervious article. All certificates available in your machine will be listed while running the tool. Click on the “Repair” button to fix the certificate chain.

Repair Cert

Important point to note is that you HAVE to restart the server for the changes to take effect. Even though, you see the full certificate chain in the certificate after the repair, the server has to be restarted.

Other Popular Articles

MS Exchange

Scripting Agent Initialization Failed: “File is not found” Error During Exchange 2016 Setup

MS Exchange

EAC Access While Co-Existing Exchange 2013 With 2010

MS Exchange

Delete All Calendar Entries In An Exchange 2010 Mailbox

  1. HI Rajith,

    Am use self-signed certificate for the 0365 migration, when I do a test connectivity for outlook connectivity from online getting this error, can you help me to resolve this issue. I have installed the certificate in trusted root and trusted publisher also.

    Certificate trust validation failed.
    ” The certificate chain didn’t end in a trusted root. Root”


Leave a Comment

Set Microsoft Edge As Default Browser Using Intune

The video below goes through the process of setting up Microsoft Edge as the default browser on a Windows 11 machine using Intune.

Set Microsoft Edge As Default Browser On Windows 11 Using Intune

Getting Started With Entra ID

The video below is aimed at complete beginners who can master the Identity portion of Entra ID in about 90 minutes.

Getting Started With Entra ID - Complete Beginner's Guide

How To Remove Teams Sharing Toolbar While Presenting

The new version of Microsoft Teams bring the ‘annoying’ sharing toolbar in the top middle of the screen while you are presenting in a Teams meeting. There is no way to remove the toolbar which come in between various tabs in a browser or applications that you want to move around.

The video below explains a workaround to remove this sharing toolbar for good while presenting. Hopefully Microsoft will add an option within the app to remove this in the near future.

How To Remove Teams Sharing Toolbar While Presenting