The new Cumulative Updates for Exchange now require that your auth-certificate is valid. The current Exchange script fails to do so.
As it happens I have already added this (which is very simple) to the deployment for a client using the Salesforce for Outlook plugin which had the same requirement.
I have modified the script to be as follows
# This is an example script and it will be overwritten when the next update is installed.
# To use this script copy it to another location and modify as required
# This script enables the use of the newly retrieved and stored certificate with common Exchange services
# For more script info see https://docs.certifytheweb.com/docs/script-hooks.html
param($result)
# enable powershell snap-in for Exchange 2010 upwards
Add-PSSnapIn Microsoft.Exchange.Management.PowerShell.E2010
# tell Exchange which services to use this certificate for, force accept certificate to avoid command line prompt
Enable-ExchangeCertificate -Thumbprint $result.ManagedItem.CertificateThumbprintHash -Services POP,IMAP,SMTP,IIS -Force
$dt = Get-Date
Set-AuthConfig -NewCertificateThumbprint $result.ManagedItem.CertificateThumbprintHash -NewCertificateEffectiveDate $dt -Force
Set-AuthConfig -PublishCertificate
Set-AuthConfig -ClearPreviousCertificate
Some might want to restart some of the webapp pools which could be accomplished easily by adding the following to the end of the script.
Restart-WebAppPool MSExchangeOWAAppPool
Restart-WebAppPool MSExchangeECPAppPool
I must admit I would like to modify the script to remove old certs like the script for Win-Acme can. Here is the magic from Win-Acme. The only part I don’t fully understand is the [1] in Get-ExchangeCertificate -DomainName $Certificate.Subject.split("=")[1] `. Hopefully I can add that to the script and then I will truly be happy:-)
if ($LeaveOldExchangeCerts -ne 1)
{
Write-Host "Old Exchange certificates being cleaned up"
try
{
Get-ExchangeCertificate -DomainName $Certificate.Subject.split("=")[1] `
| Where-Object -FilterScript {
$_.Thumbprint -ne $NewCertThumbprint
} `
| Remove-ExchangeCertificate -Confirm:$false
}
catch
{
Write-Error "Error cleaning up old certificates Get-ExchangeCertificate/Remove-ExchangeCertificate"
}