If the emails remain on the Exchange server and cannot be forwarded to the smarthost for sending, it may be because the certificate bound to the corresponding connector no longer exists or has been expired. Of course, it is also possible that the expected subject alternate name (SAN) is missing or incorrect. In that case you may receive an error stating:

454 4.7.5 The certificate specified in TlsCertificateName of the SendConnector could not be found

You can verify whether you have such an issue by checking the mail queue:

Get-Queue

In case you have a lot of mails stuck in one of your mail queues you can further investigate the affected queue by running:

Get-Queue <queue name>

e.g. Get-Queue "SERV-MAIL\3| fl

Having a look at the LastError property reveals the aforementioned error.

In my case the outbound Office 365 Send Connector was involved. In order to fix this I had to issue the following commands:

$TLSCert = Get-ExchangeCertificate -Thumbprint <thumbprint of valid certificate>
$TLSCertName = “$($TLSCert.Issuer)$($TLSCert.Subject)”
Get-SendConnector -identity “<send connector name>” | Set-SendConnector -TlsCertificateName $TLSCertName
Restart-Service MSExchangeTransport

You have to replace the thumbprint accordingly, i.e. matching your own certificate’s thumbprint.

Run Get-ExchangeCertificate cmdlet

The procedure would be the same for all other Send Connectors or Receive Connectors.

By the time you go back to Queue viewer the queues should have started to empty.

Further reading:

https://docs.microsoft.com/en-us/exchange/troubleshoot/email-delivery/mails-issues-occur-after-april-15-2016

https://www.petenetlive.com/KB/Article/0001631

Microsoft Exchange 2016 – 454 4.7.5 The certificate specified in TlsCertificateName of the SendConnector could not be found
Tagged on:     

Leave a Reply

Consent Management Platform by Real Cookie Banner