I was at a customer site who was validating the DR doc for recovering a hub transport server. They had a copy of the production DC in a test lab and had reset the Hub transport computer account in AD. Running Setup.Com /Mode:RecoverServer failed with the following error.
[ERROR] The internal transport certificate for the local server was damaged or missing in Active Directory. The problem has been fixed. However, if you have existing Edge Subscriptions, you must subscribe all Edge Transport servers again by using the New-EdgeSubscription cmdlet in the Shell.
The issue was that the production network has edge subscriptions whereas it was missing in the lab. As part of the Exchange recovery step, it attempts to re-encrypt the credentials used for edge synchronization process and as the old certificate used for encrypting is missing, it throws the error message.
Though the error says that the problem has been fixed, running setup /m:recoverserver again throws the same error message 
The solution is to delete the information about about the edge sync credentials used from the Hub transport server. In order to do that, I used ADSIEdit and navigated to Configuration partition –> Services -> Microsoft Exchange –> Org Name –> Administrative Groups –> Exchange Administrative Group (FYDIBOHF23SPDLT) –> Servers –> Hub Server –> right click “properties”.
Remove the values for “msExchEdgeSyncCredential” and run the recovery setup again. That solved the issue.
Came across this issue today while recovering an Exchange 2016 CU22. Just don’t understand how this is not yet fixed by Microsoft. In any case, thanks a million!
Glad it helped you Diego.
Thank you for this.
It worked when restoring an Exchange 2019 production server its production environment, but where the Edge certificate wasn’t the default one.
Glad it helped you Denis.
You did it man. This is a very nice shortcut to resolve the issue.
Thank you.
Glad it was of help Abel.
Hey,
I’m trying to recover ex2k10 server withCAS/HUB roles that crashed few months back and it throws the same error.
Where do i delete these attributes from ADSIEdit?- The server on which Recovery is performed i assume and should i delete all vaues for EdgeSubscription for that?
Please advise.
Thank you, save me too!
Glad it helped Hartmann
Hi
Thanks a lot .
I encountered this problem,Now the problem has been solved.
Glad it helped Magen
This looks helpful. However when retrying the installation, I get the following error:
A Setup failure previously occurred while installing the HubTransport role. Either run Setup again for just this role, or remove the role using Control Panel.
I cannot unistall the role as it says some controls are not valid. How do I complete the installation?
Did you reboot the server after the failure Moruti?
Hi,
Thanks, this one was helpfull for me.
Regards
Thanks Nels