Video: Exchange 2013 – Removing the Default Self-Signed Certificate Problem
Free Video :Exchange 2013 – Common Errors and Mistakes
After removing the default self-signed certificate from a multi-role server:
- Exchange Management Shell fails with: “The WinRM Shell client cannot process the request”
- Exchange Admin Center presents the authentication page and then fails to open the EAC page
Exchange 2013
comes out of the box with a self-signed certificate, assigned to the Default and Back End Web sites. The recommended practice is to replace it with a trusted Multiple Domain certificate (UCC), and we demonstrate this in Part 2Screencast: How to Upgrade Exchange 2007 to 2013 P2 
Once you install the new certificate and assign the Exchange services to it, you have to decide what to do with the self-signed certificate which you have just replaced (usually in Exchange Admin Center).
As you will see in this video, deleting the Exchange 2013 self-signed certificate on a multi-role server will get you in trouble. The problem is specific to servers hosting the Mailbox and CAS roles and results in a failure to open Exchange Management Shell (EMS) or Exchange Admin Center (EAC). The fastest way to resolve this issue is to assign a certificate to the Back End website in IIS manager.
Comments are closed.