Personalized Community is here!
Quickly customize your community to find the content you seek.
Have questions on moving to the cloud? Visit the Dynamics 365 Migration Community today! Microsoft’s extensive network of Dynamics AX and Dynamics CRM experts can help.
2021 Release Wave 2Discover the latest updates and new features releasing from October 2021 through March 2022.
2021 release wave 2 plan
The FastTrack program is designed to help you accelerate your Dynamics 365 deployment with confidence.
FastTrack Community | FastTrack Program | Finance and Operations TechTalks | Customer Engagement TechTalks | Upcoming TechTalks | All TechTalks
Hi Guys, new to CRM administration. We are using CRM On-Prem Dynamics CRM 2016 (220.127.116.115)
I am getting below error when logging in to CRM.
"Please update your certificate or Exchange Online integration will stop functioning in 22 Days."
Not sure how to update the certificate and wherein the system??
Can anyone please help? Any steps on how to solve this? Thanks
Do you have an IT department and do you know whether your environment is using ADFS to authenticate users in CRM? It could the certificate for your domain is expiring soon. I've recently updated my exchange certificate and I've also recently had to update my ADFS server from 2.0 to 3.0. It's a bit a of pain. If this is your issue, you will need to get the cert renewed which can take a week or longer to be validated. Then, you will need someone with administrative access to get on the server running your ADFS.
Hey Nidnani,The message states "Please update your certificate or Exchange Online integration will stop functioning in <number> days." To resolve this issue, update the x509 digital certificate issued by a trusted certificate authority used to authenticate between Dynamics 365 (on-premises) and Exchange Online or SharePoint Online.https://docs.microsoft.com/en-us/previous-versions/dynamicscrm-2016/administering-dynamics-365/dn946906(v=crm.8)#exchange-online-security-certificate-expiration-error-message-displayed-in-dynamics-365-on-premises-or-dynamics-365-for-outlookOnce, you have the new certificate, you may follow this documentation in order to re-configure server-based authentication between Dynamics 365 (on-premises) and Exchange Online ::Set up server-based authentication with Microsoft Dynamics 365 and Exchange Online ::https://docs.microsoft.com/en-us/dynamics365/customerengagement/on-premises/deploy/connect-dynamics-365-on-premises-exchange-online#set-up-server-based-authentication-with-microsoft-dynamics-365-and-exchange-onlinePlease mark my comment as answered if this helped to mitigate this issue. :-)
Hi Saurabh, thanks a lot for detailed response.
Might be a silly question but its all new to me. Could you please tell, how to get the new certificate?
As you are using Exchange online, the Digital certificate being used for server based authentication must have been issued by Trusted Certificate Authorities like DigiCert, GeoTrust, Symantec, Comodo etc.
Here is an example article from DigiCert CA on renewing existing certificate, depending upon the Certificate Authority, this process would differ a little however, more or less it remains the same just the websites user experience differs .
Since, the number of days left for the certificate expiration is too near, I would suggest you to connect with your security team who manages SSL/TLS digital certificates for your org so that this can be renewed on time.
The process of getting a new certificate issued mainly include these very common steps ::
1. Create a Certificate Signing Request (CSR)
A CSR is a file that you (or your server administrator) need to generate on the server that needs the certificate. You will generate it with a matching private key file that must remain on the server. The CSR contains the matching public key and other information like your organization's name, location, and domain name. If there are any mistakes in that information, you can correct them on the next step.
2. Validate domain name ownership with your certificate authority using TXT/CNAME etc. type DNS records.
3. Submit the CSR over to your CA website.
4. After some time (Usually takes 30 minutes for me but may take upto 24 hours as well for some CAs), the digital certificate would be issued by your CA.
Please mark my comments as answered if this helped. :-)
Thank you, Saurabh. I really appreciate your help!
Because of expiring our wildcard with the SAME subject name I had to renew. but I read somewhere that the subject name may not be the same. To configure the new certificate you must delete the old one in de crm config, but I am not able to do that.
In my certificate store I only had 1 certificate and thats the new wildcard. How can a delete to old S2STokenIssuer certificate in a simple way?
Yes its finally working now..
Just remove the old S2SToken certificate with:
and then try to create a new trust with the new certificate with those steps:
Business Applications communities