Update Send Connector SSL Certificate for Hybrid Configuration

​Recently had a customer with an Exchange 2013 Hybrid config require updating an expired SSL certificate.  When they imported the new certificate and assigned it SMTP services, mail flow from on-premises to Office 365 stopped.

This was because the on-premises send connector to Office 365 was still configured to look for that expired certificate (which had also been deleted already).

The fix was to perform the following:

  1. Open Exchange Management Shell on the on-premises Exchange server
  2. Run Get-ExchangeCertificate, and note the Thumbprint of the correct certificate to be used. 
  3. Run $cert = Get-ExchangeCertificate -Thumbprint <thumbprint>
  4. Set a new variable and assign it the concatenated values of the Issuer and Subject values of the certificate (must also include <I> and <S> before each field):
    $TLSCert = (‘<I>’+$cert.issuer+'<S>’+$cert.subject)
  5. Update the send connector with the new values
    Set-SendConnector -Identity “Send Connector Name” -TLSCertificateName $TLSCert

After completing this, any queued mail destined for the Office 365 tenant should begin flowing


Determine Office 365 Public Folder Hierarchy Limit

​Last month, in June 2014, the Exchange Team announced that Office 365 would soon have the public folder hierarchy folder count limit raised from 10,000 folders to 100,000 folders.  This limit increase would begin to take effect in July, 2014.

But how can you tell what your tenant’s current folder count limit is?

  1. Open a remote PowerShell session to your Office 365 tenant
  2. Run the following command:
    Get-Mailbox -PublicFolder | Get-MailboxStatistics | fl FolderHierarchy*

The command will return the following results:

FolderHierarchyChildrenCountWarningQuota : 9000
FolderHierarchyChildrenCountReceiveQuota : 10000

FolderHierarchyDepthWarningQuota         : 250
FolderHierarchyDepthReceiveQuota         : 300

Once the FolderHierarchyChildrenCountReceiveQuota is raised to 100000, you’ll know your tenant has been updated.

If your tenant does not have a public folder mailbox created yet, you can run the command without the -PublicFolder parameter and replace it with any mailbox identity.