ERROR During Setup /mode:RecoverServer – The internal transport certificate for the local server was damaged or missing in Active Directory. The problem has been fixed…

I was at a customer site who was validating the DR doc for recovering a hub transport server. They had a copy of the production DC in a test lab and had reset the Hub transport computer account in AD. Running Setup.Com /Mode:RecoverServer failed with the following error. [ERROR] The internal transport certificate for the…

I was at a customer site who was validating the DR doc for recovering a hub transport server. They had a copy of the production DC in a test lab and had reset the Hub transport computer account in AD. Running Setup.Com /Mode:RecoverServer failed with the following error.

[ERROR] The internal transport certificate for the local server was damaged or missing in Active Directory. The problem has been fixed. However, if you have existing Edge Subscriptions, you must subscribe all Edge Transport servers again by using the New-EdgeSubscription cmdlet in the Shell.

The issue was that the production network has edge subscriptions whereas it was missing in the lab. As part of the Exchange recovery step, it attempts to re-encrypt the credentials used for edge synchronization process and as the old certificate used for encrypting is missing, it throws the error message.

Though the error says that the problem has been fixed, running setup /m:recoverserver again throws the same error message Winking smile

The solution is to delete the information about about the edge sync credentials used from the Hub transport server. In order to do that, I used ADSIEdit and navigated to Configuration partition –> Services -> Microsoft Exchange –> Org Name –> Administrative Groups –> Exchange Administrative Group (FYDIBOHF23SPDLT) –> Servers –> Hub Server –> right click “properties”.

msExchEdgeSyncCredential

Remove the values for “msExchEdgeSyncCredential” and run the recovery setup again. That solved the issue.

Delete msExchEdgeSyncCredential values

15 Comments

  1. Diego Azevedo says:

    Came across this issue today while recovering an Exchange 2016 CU22. Just don’t understand how this is not yet fixed by Microsoft. In any case, thanks a million!

    1. Rajith Enchiparambil says:

      Glad it helped you Diego.

  2. Denis Gillet says:

    Thank you for this.
    It worked when restoring an Exchange 2019 production server its production environment, but where the Edge certificate wasn’t the default one.

    1. Rajith Enchiparambil says:

      Glad it helped you Denis.

  3. You did it man. This is a very nice shortcut to resolve the issue.

    Thank you.

    1. Rajith Jose Enchiparambil says:

      Glad it was of help Abel.

  4. Ahmad Mazhar says:

    Hey,

    I’m trying to recover ex2k10 server withCAS/HUB roles that crashed few months back and it throws the same error.

    Where do i delete these attributes from ADSIEdit?- The server on which Recovery is performed i assume and should i delete all vaues for EdgeSubscription for that?

    Please advise.

  5. Thank you, save me too!

    1. Rajith Jose Enchiparambil says:

      Glad it helped Hartmann

  6. Hi
    Thanks a lot .
    I encountered this problem,Now the problem has been solved.

    1. Rajith Enchiparambil says:

      Glad it helped Magen

  7. Lesego Moruti says:

    This looks helpful. However when retrying the installation, I get the following error:

    A Setup failure previously occurred while installing the HubTransport role. Either run Setup again for just this role, or remove the role using Control Panel.

    I cannot unistall the role as it says some controls are not valid. How do I complete the installation?

    1. Rajith Enchiparambil says:

      Did you reboot the server after the failure Moruti?

  8. Hi,

    Thanks, this one was helpfull for me.

    Regards

    1. Rajith Enchiparambil says:

      Thanks Nels

Leave a Reply

Your email address will not be published. Required fields are marked *