After removing the default self-signed certificate from a multi-role server:
- Exchange Management Shell fails with: “The WinRM Shell client cannot process the request”
- Exchange Admin Center presents the authentication page and then fails to open the EAC page
Once you install the new certificate and assign the Exchange services to it, you have to decide what to do with the self-signed certificate which you have just replaced (usually in Exchange Admin Center).
As you will see in this video, deleting the Exchange 2013 self-signed certificate on a multi-role server will get you in trouble. The problem is specific to servers hosting the Mailbox and CAS roles and results in a failure to open Exchange Management Shell (EMS) or Exchange Admin Center (EAC). The fastest way to resolve this issue is to assign a certificate to the Back End website in IIS manager.