{"id":178520,"date":"2022-05-23T14:14:22","date_gmt":"2022-05-23T19:14:22","guid":{"rendered":"https:\/\/itblog.ldlnet.net\/?p=178520"},"modified":"2024-05-10T08:36:57","modified_gmt":"2024-05-10T13:36:57","slug":"deprecation-of-certificate-tools-in-exchange-admin-center-gui","status":"publish","type":"post","link":"https:\/\/itblog.ldlnet.net\/index.php\/2022\/05\/23\/deprecation-of-certificate-tools-in-exchange-admin-center-gui\/","title":{"rendered":"Deprecation of Certificate Tools in Exchange Admin Center GUI"},"content":{"rendered":"\n<p>I have been trying to install a new certificate for a few days now on Exchange CU12. I have still not had full success. I was able to get it installed on the initial server where I had to generate a new CSR from PowerShell. I could no longer use the GUI for the Certificate Wizard. Those have been completely removed in CU12 per the following article.<\/p>\n\n\n\n<p>I was able to install the certificate and export it properly after much digging and PowerShell Hell. The post for the process is here. It should help when installing a new certificate onto your Exchange Server.<\/p>\n\n\n\n<hr class=\"wp-block-separator has-css-opacity is-style-wide\"\/>\n\n\n\n<h1 class=\"wp-block-heading\" id=\"page-header\">Changes in Exchange Server PowerShell cmdlets and Exchange Admin Center for UNC path inputs (KB5014278)<\/h1>\n\n\n\n<p>Exchange Server 2019&nbsp;Exchange Server 2016<\/p>\n\n\n\n<p>To prevent misuse of UNC paths by attackers, we are removing parameters that take UNC paths as inputs from the Exchange Server PowerShell cmdlets and the&nbsp;Exchange Admin Center. These changes will affect all cumulative update (CU) releases of Microsoft Exchange Server 2019 (CU12 and later) and Microsoft Exchange Server 2016 (CU23 and later).&nbsp;<\/p>\n\n\n\n<p>These changes are available in the following latest Exchange Server updates:<\/p>\n\n\n\n<p><a href=\"https:\/\/support.microsoft.com\/help\/5011156\" target=\"_blank\" rel=\"noreferrer noopener\">Cumulative Update 12 for Exchange Server 2019<\/a>&nbsp;or&nbsp;<a href=\"https:\/\/docs.microsoft.com\/Exchange\/new-features\/build-numbers-and-release-dates?view=exchserver-2019\" target=\"_blank\" rel=\"noreferrer noopener\">a later cumulative update<\/a>&nbsp;for Exchange Server 2019<\/p>\n\n\n\n<p><a href=\"https:\/\/support.microsoft.com\/help\/5011155\" target=\"_blank\" rel=\"noreferrer noopener\">Cumulative Update 23 for Exchange Server 2016<\/a>&nbsp;or&nbsp;<a href=\"https:\/\/docs.microsoft.com\/Exchange\/new-features\/build-numbers-and-release-dates?view=exchserver-2016\" target=\"_blank\" rel=\"noreferrer noopener\">a later cumulative update<\/a>&nbsp;for Exchange Server 2016<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Changes in Exchange Server cmdlets<\/h2>\n\n\n\n<h3 class=\"wp-block-heading\">Get-AgentTrafficTypeSubscription&nbsp;<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>TransportService &lt;service><\/li>\n\n\n\n<li>Server &lt;server UNC path><\/li>\n<\/ul>\n\n\n\n<p><strong>Change:&nbsp;<\/strong>The parameter Server that takes the UNC path as input is removed from the cmdlet.&nbsp;This restricts&nbsp;usage to the local server on which the cmdlet is run.&nbsp;<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Import-ExchangeCertificate&nbsp;<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>FileName &#8220;&lt;local\/UNC path>&#8221;<\/li>\n\n\n\n<li>Password &lt;password><\/li>\n<\/ul>\n\n\n\n<p><strong>Change:&nbsp;<\/strong>The&nbsp;<em>FileName<\/em>&nbsp;parameter that takes the UNC path as input is removed from the cmdlet. To import the certificate that&#8217;s stored in another UNC path, you must&nbsp;use the&nbsp;<em>FileData<\/em>&nbsp;parameter, as shown in following example:<\/p>\n\n\n\n<p><strong>Import-ExchangeCertificate<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>FileData ([Byte[]]$(Get-Content -Path &#8220;&lt;local or UNC path>&#8221; -Encoding byte))<\/li>\n\n\n\n<li>Password &lt;password><\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Export-ExchangeCertificate&nbsp;<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Thumbprint &lt;thumbprint><\/li>\n\n\n\n<li>FileName &#8220;&lt;local\/UNC path>&#8221;<\/li>\n\n\n\n<li>BinaryEncoded<\/li>\n\n\n\n<li>Password &lt;password><\/li>\n<\/ul>\n\n\n\n<p><strong>Change:&nbsp;<\/strong>The&nbsp;<em>FileName<\/em>&nbsp;parameter that takes the UNC path as input is removed from the cmdlet. To export the certificate to a UNC path, you must use the&nbsp;<em>FileData<\/em>&nbsp;parameter, as shown in the following example:&nbsp;<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>$cert = Export-ExchangeCertificate\n<ul class=\"wp-block-list\">\n<li>Thumbprint &lt;thumbprint><\/li>\n\n\n\n<li>Password &lt;password><\/li>\n\n\n\n<li>BinaryEncoded<\/li>\n<\/ul>\n<\/li>\n\n\n\n<li>Set-Content -Path &#8220;&lt;local or UNC path>&#8221; -Value $cert.FileData -Encoding byte<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">New-ExchangeCertificate&nbsp;<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>GenerateRequest<\/li>\n\n\n\n<li>RequestFile &#8220;&lt;local\/UNC path>&#8221;<\/li>\n\n\n\n<li>SubjectName &#8220;&lt;subject>&#8221;<\/li>\n\n\n\n<li>DomainName &lt;domains><\/li>\n<\/ul>\n\n\n\n<p><strong>Change:<\/strong>&nbsp;The&nbsp;<em>RequestFile<\/em>&nbsp;parameter that&nbsp;takes the UNC path as input is removed from the cmdlet. To export the request file to a UNC path, you must&nbsp;use the&nbsp;<strong>Set-Content<\/strong>&nbsp;cmdlet, as shown in the following example.&nbsp;<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>$request = New-ExchangeCertificate\n<ul class=\"wp-block-list\">\n<li>GenerateRequest<\/li>\n\n\n\n<li>SubjectName &#8220;&lt;subject>&#8221;<\/li>\n\n\n\n<li>DomainName &lt;domains><\/li>\n<\/ul>\n<\/li>\n\n\n\n<li>Set-Content -Path &#8220;&lt;local or UNC path>&#8221; -Value $request<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Get-CalendarDiagnosticLog&nbsp;<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Identity &#8220;Jasen Kozma&#8221;<\/li>\n\n\n\n<li>Subject &#8220;Budget Meeting&#8221;<\/li>\n\n\n\n<li>ExactMatch $true<\/li>\n\n\n\n<li>LogLocation &#8220;C:\\My Documents\\Calendar Diagnostic Export&#8221;<\/li>\n<\/ul>\n\n\n\n<p><strong>Change:&nbsp;<\/strong>The&nbsp;<em>LogLocation<\/em>&nbsp;parameter that&nbsp;takes the UNC path as input is removed from the cmdlet. This restricts&nbsp;the usage to the local server on which the cmdlet is run.&nbsp;&nbsp;<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Get-CalendarDiagnosticAnalysis&nbsp;<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>LogLocation &#8220;C:\\My Documents\\Calendar Diagnostic Export&#8221;<\/li>\n\n\n\n<li>OutputAs HTML<\/li>\n<\/ul>\n\n\n\n<p>| Set-Content -Path &lt;local\/UNC path&gt;&nbsp;<\/p>\n\n\n\n<p><strong>Change:<\/strong>&nbsp;The&nbsp;<em>LogLocation<\/em>&nbsp;parameter that&nbsp;takes the UNC path as input is removed from the cmdlet. You must&nbsp;provide Calendar Diagnostic logs through the&nbsp;<em>CalendarLogs<\/em>&nbsp;parameter, as shown in the following example:<\/p>\n\n\n\n<p>$calitems = Get-CalendarDiagnosticLog -Identity &lt;mailbox user&gt; -Subject &#8220;Budget Meeting&#8221;&nbsp;<\/p>\n\n\n\n<p>Get-CalendarDiagnosticAnalysis&nbsp;&nbsp;<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>CalendarLogs $calitems<\/li>\n\n\n\n<li>OutputAs HTML<\/li>\n<\/ul>\n\n\n\n<p>| Set-Content -Path &lt;local\/UNC path&gt;&nbsp;<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Exchange Admin Center changes&nbsp;<\/h2>\n\n\n\n<h3 class=\"wp-block-heading\">Remove UNC path input for storing Virtual Directory settings during reset&nbsp;<\/h3>\n\n\n\n<p>When you reset a&nbsp;virtual directory, the Exchange Control Panel (ECP) asks for a UNC path that it can&nbsp;copy the current settings to. This process is changed. ECP&nbsp;will no longer allow any UNC path input here.<\/p>\n\n\n\n<figure class=\"wp-block-image\"><img decoding=\"async\" src=\"https:\/\/support.content.office.net\/en-us\/media\/69f94fd9-c03e-41d9-a017-26feca61c5fd.jpg\" alt=\"Screenshot of Office 365 Exchange Admin Center window\"\/><\/figure>\n\n\n\n<p>Instead,&nbsp;ECP&nbsp;will ask for the file name to export the settings from the user. This information will be&nbsp;stored in the ..\/V15\/Config\/Backup&nbsp;folder on&nbsp;the server through which&nbsp;ECP is accessed. If the folder doesn&#8217;t exist, it will be created by ECP.<\/p>\n\n\n\n<figure class=\"wp-block-image\"><img decoding=\"async\" src=\"https:\/\/support.content.office.net\/en-us\/media\/c69e68d5-a94c-41ec-b919-e5b515ac0897.jpg\" alt=\"Screenshot of Office 365 Exchange Admin Center window\"\/><\/figure>\n\n\n\n<h3 class=\"wp-block-heading\">Removal of Import &amp; Export Exchange Certificate<\/h3>\n\n\n\n<p>In the previous versions of Exchange Server, there was an option to import or export the Exchange certificate through ECP.<\/p>\n\n\n\n<figure class=\"wp-block-image\"><img decoding=\"async\" src=\"https:\/\/support.content.office.net\/en-us\/media\/fd16e4df-e99f-4578-ad20-067e3c6a0d55.jpg\" alt=\"Screenshot of Office 365 Exchange Admin Center window\"\/><\/figure>\n\n\n\n<p>This option is&nbsp;removed. You must now&nbsp;use a PowerShell cmdlet to import or export the Exchange certificate.<\/p>\n\n\n\n<figure class=\"wp-block-image\"><img decoding=\"async\" src=\"https:\/\/support.content.office.net\/en-us\/media\/86219fe2-50de-4374-83c6-fc23138f0eec.jpg\" alt=\"Screenshot of Office 365 Exchange Admin Center window\"\/><\/figure>\n\n\n\n<h3 class=\"wp-block-heading\">Removal of Complete Exchange Certificate Request<\/h3>\n\n\n\n<p>In previous versions of Exchange Server, there was an option to complete the Exchange certificate by using ECP. This prompted&nbsp;admins to provide&nbsp;UNC path input.<\/p>\n\n\n\n<figure class=\"wp-block-image\"><img decoding=\"async\" src=\"https:\/\/support.content.office.net\/en-us\/media\/b351991a-503e-4aa8-973f-a7acb745f010.jpg\" alt=\"Screenshot of Office 365 Exchange Admin Center window\"\/><\/figure>\n\n\n\n<p>This option is&nbsp;removed from&nbsp;ECP. You must now&nbsp;use a PowerShell cmdlet to do&nbsp;this.<\/p>\n\n\n\n<figure class=\"wp-block-image\"><img decoding=\"async\" src=\"https:\/\/support.content.office.net\/en-us\/media\/d9b00f06-03e3-46d7-bf5e-cd878b034ba1.jpg\" alt=\"Screenshot of Office 365 Exchange Admin Center window\"\/><\/figure>\n\n\n\n<h3 class=\"wp-block-heading\">Removal of New Exchange Certificate Request from CA<\/h3>\n\n\n\n<p>In previous version of Exchange Server, there was an option to request a new Exchange certificate from the certificate authority (CA) by using ECP. This prompted admins to provide&nbsp;UNC path input.<\/p>\n\n\n\n<figure class=\"wp-block-image\"><img decoding=\"async\" src=\"https:\/\/support.content.office.net\/en-us\/media\/bbc167fb-00aa-430e-a824-11edff3a76b5.jpg\" alt=\"Screenshot of Office 365 Exchange Admin Center window\"\/><\/figure>\n\n\n\n<p>This option is removed from ECP. You must now use a PowerShell cmdlet to do this.<\/p>\n\n\n\n<figure class=\"wp-block-image\"><img decoding=\"async\" src=\"https:\/\/support.content.office.net\/en-us\/media\/25b308bb-1832-4c6e-877d-0b44bb5933ec.jpg\" alt=\"Screenshot of Office 365 Exchange Admin Center window\"\/><\/figure>\n\n\n\n<h3 class=\"wp-block-heading\">Removal of Renew Exchange Certificate Request<\/h3>\n\n\n\n<p>In Previous version of Exchange Server, there was an option to Renew Exchange Certificate Request using ECP which led to admins providing UNC path input.<\/p>\n\n\n\n<figure class=\"wp-block-image\"><img decoding=\"async\" src=\"https:\/\/support.content.office.net\/en-us\/media\/8c61e3e9-5ded-44d7-9910-640ae5978f3f.jpg\" alt=\"Screenshot of Office 365 Exchange Admin Center window\"\/><\/figure>\n\n\n\n<p>This option is&nbsp;removed from&nbsp;ECP. You must now&nbsp;use a PowerShell cmdlet to do&nbsp;this.<\/p>\n\n\n\n<figure class=\"wp-block-image\"><img decoding=\"async\" src=\"https:\/\/support.content.office.net\/en-us\/media\/c2022a8f-7700-43dc-8751-236e108579d8.jpg\" alt=\"Screenshot of Office 365 Exchange Admin Center window\"\/><\/figure>\n\n\n\n<p><\/p>\n\n\n\n<h2 class=\"wp-block-heading has-text-align-center\">CONTINUE TO FOLLOW ME AND FIND OUT THE WORKAROUND!<\/h2>\n\n\n\n<p class=\"has-small-font-size\">REFERENCES:<br><a href=\"https:\/\/support.microsoft.com\/en-us\/topic\/changes-in-exchange-server-powershell-cmdlets-and-exchange-admin-center-for-unc-path-inputs-kb5014278-36af1640-4389-4ff1-b805-d1d63715a0dd\">Changes in Exchange Server PowerShell cmdlets and Exchange Admin Center for UNC path inputs (KB5014278) (microsoft.com)<\/a><\/p>\n\n\n\n<h2 class=\"wp-block-heading\">About Lance Lingerfelt<\/h2>\n\n\n\n<div class=\"wp-block-media-text is-stacked-on-mobile\" style=\"grid-template-columns:22% auto\"><figure class=\"wp-block-media-text__media\"><img loading=\"lazy\" decoding=\"async\" width=\"468\" height=\"412\" src=\"https:\/\/itblog.ldlnet.net\/wp-content\/uploads\/2024\/03\/ProfLDL1.jpg\" alt=\"Lance Lingerfelt Profile Photo\" class=\"wp-image-196223 size-full\"\/><\/figure><div class=\"wp-block-media-text__content\">\n<p class=\"has-small-font-size\">Lance Lingerfelt is an M365 Specialist and Evangelist with over 20 years of experience in the Information Technology field. Having worked in enterprise environments to small businesses, he is able to adapt and provide the best IT Training and Consultation possible. With a focus on AI, the M365 Stack, and Healthcare, he continues to give back to the community with training, public speaking events, and this blog.<\/p>\n<\/div><\/div>\n","protected":false},"excerpt":{"rendered":"<p>I have been trying to install a new certificate for a few days now on Exchange CU12. I have still not had<\/p>\n<p class=\"link-more\"><a class=\"myButt \" href=\"https:\/\/itblog.ldlnet.net\/index.php\/2022\/05\/23\/deprecation-of-certificate-tools-in-exchange-admin-center-gui\/\">Read More<\/a><\/p>\n","protected":false},"author":1,"featured_media":939,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[4,2,266],"tags":[9,149,151,148],"class_list":["post-178520","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-exchange","category-general","category-security-and-compliance","tag-exchange","tag-exchange-2016","tag-exchange-2019","tag-exchange-upgrade","odd"],"_links":{"self":[{"href":"https:\/\/itblog.ldlnet.net\/index.php\/wp-json\/wp\/v2\/posts\/178520","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/itblog.ldlnet.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/itblog.ldlnet.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/itblog.ldlnet.net\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/itblog.ldlnet.net\/index.php\/wp-json\/wp\/v2\/comments?post=178520"}],"version-history":[{"count":8,"href":"https:\/\/itblog.ldlnet.net\/index.php\/wp-json\/wp\/v2\/posts\/178520\/revisions"}],"predecessor-version":[{"id":196308,"href":"https:\/\/itblog.ldlnet.net\/index.php\/wp-json\/wp\/v2\/posts\/178520\/revisions\/196308"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/itblog.ldlnet.net\/index.php\/wp-json\/wp\/v2\/media\/939"}],"wp:attachment":[{"href":"https:\/\/itblog.ldlnet.net\/index.php\/wp-json\/wp\/v2\/media?parent=178520"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/itblog.ldlnet.net\/index.php\/wp-json\/wp\/v2\/categories?post=178520"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/itblog.ldlnet.net\/index.php\/wp-json\/wp\/v2\/tags?post=178520"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}