如何修复Get-ExchangeCertificate显示空白输出

Jacki

2023-12-05

我们喜欢检查Exchange Server证书。在交换管理中心登录并检查它们，一切看起来都不错。但是，当我们运行Get-exchangeCertificate cmdlet时，它会显示一个空白输出。为什么会发生这种情况？在本文中，您将学习如何修复Get-ExchangeCertificate CMDLET显示空白输出。

组织中运行了两个交换服务器（EX01-2019/EX02-2019）。让我们来运行Get-exchangeCertificate两个交换服务器上的CMDLET。

Get-ExchangeCertificate

Exchange Server上的输出EX01-2019和EX02-2019显示一个空输出。

Thumbprint                                Services   Subject
----------                                --------   -------

我们为什么要得到这个？在运行Get-ExChangeCertificate CMDLET时，空白输出的解决方案是什么？

用于Get-ExchangeCertificate的解决方案显示空白输出

出现空白输出是因为启用了序列化有效载荷签名，并且交换验证证书丢失或损坏。如果仅丢失或损坏交换验证证书，并且未启用序列化有效载荷签名，则Get-ExChangeCertificate CMDLET将在输出中显示值。

笔记：自2023年11月以来，默认情况下，默认情况下，PowerShell序列化有效载荷的证书签名签名。

要解决此问题，我们必须在Exchange Server上安装新的Exchange Auth证书。

如果您已经拥有Exchange验证证书，并且在运行Get-ExchangeCertificate时显示空白输出，则意味着它已损坏。

重要的：您只是安装了交换验证证书吗？可能需要24小时才能有效。因此，您必须等待稍后检查。

1。检查Microsoft Exchange Server验证证书

非常重要的是，组织配置为Auth证书的证书是有效的（未过期），并且在组织内所有Exchange Server（边缘运输角色和交换管理工具角色除外）都可用。

下载monitorexchangeauthcertificate.ps1PowerShell脚本并将其放在文件夹中C：脚本。

启动Exchange Management Shell并在下面运行命令以检查Exchange Auth证书状态。

笔记：要运行脚本，您必须是组织管理角色组的成员。该脚本必须从运行邮箱角色的Exchange服务器上的高架交换管理Shell（EMS）命令提示符运行。该脚本不能在仅交换管理工具的机器上运行。

C:Scripts.MonitorExchangeAuthCertificate.ps1

该输出表明，交换验证证书需要用新证书代替。

Monitor Exchange Auth Certificate script version 23.11.22.1714
The script was run without parameter therefore, only a check of the Auth Certificate configuration is performed and no change will be made

Current Auth Certificate thumbprint: 4010E939A05777DC08A4196830125B2AF2BDFBC1
Current Auth Certificate is valid for -1 day(s)
Exchange Hybrid was detected in this environment

The actively used Auth Certificate is missing on the following servers:
EX01-2019.exoip.local, EX02-2019.exoip.local

Test result: The Auth Certificate in use must be replaced by a new one.

Log file written to: C:Program FilesMicrosoftExchange ServerV15LoggingAuthCertificateMonitoringAuthCertificateMonitoringLog_20231201153933.txt

2。续订交换验证证书

运行下面的命令以续订Microsoft Exchange Auth证书。

C:scripts.MonitorExchangeAuthCertificate.ps1 -ValidateAndRenewAuthCertificate $true -IgnoreHybridConfig $true -Confirm:$false

输出表明续订动作已成功执行。

Monitor Exchange Auth Certificate script version 23.11.22.1714
Mode: Testing and replacing or importing the Auth Certificate (if required)
Renewal scenario: The Auth Certificate in use must be replaced by a new one.
WARNING: Waiting for service 'Microsoft Exchange Service Host (MSExchangeServiceHost)' to start...

The renewal action was successfully performed - the new Auth Certificate will become active on: 12/01/2023 15:43:41
Please ensure to run the Hybrid Configuration Wizard (HCW) as soon as the new Auth Certificate becomes active.

Log file written to: C:Program FilesMicrosoftExchange ServerV15LoggingAuthCertificateMonitoringAuthCertificateMonitoringLog_20231201154320.txt

笔记：如果您具有Exchange Hybrid配置，则必须在新的验证证书处于活动状态后立即重新运行混合配置向导。在下一步验证Exchange Auth证书之后，请执行此操作。

3。验证交换验证证书

运行monitorexchangeauthcertificate.ps1脚本以检查交换验证证书。

C:ScriptsMonitorExchangeAuthCertificate.ps1

输出表明验证证书有效。

Monitor Exchange Auth Certificate script version 23.11.22.1714
The script was run without parameter therefore, only a check of the Auth Certificate configuration is performed and no change will be made

Current Auth Certificate thumbprint: 6789B2FE30740132E2DDBF147023E7485F476526
Current Auth Certificate is valid for 1826 day(s)
Exchange Hybrid was detected in this environment

Test result: No renewal action is required

Log file written to: C:Program FilesMicrosoftExchange ServerV15LoggingAuthCertificateMonitoringAuthCertificateMonitoringLog_20231201155121.txt

4。运行获得cmdlet

运行Get-exchangeCertificate cmdlet，并验证输出是否以值而不是空白输出出现。

Get-ExchangeCertificate

所有证书都出现在输出中，看起来很棒。

Thumbprint                                Services   Subject
----------                                --------   -------
6789B2FE30740132E2DDBF147023E7485F476526  ....S..    CN=Microsoft Exchange Server Auth Certificate
804F01FADE7DF2AA309277F6BD0F96CF4B3C9B62  IP.WS..    CN=EX02-2019
6BC65424EC1FA8803CDE86F6286518FDB639BFB6  .......    CN=CLIUSR
7EB920C8E05D8DBD0E1CF0C06A584C879F674E60  .......    CN=WMSvc-SHA2-EX02-2019
0014716C6390CFFBA0794248EE248D40129D7020  .......    CN=CLIUSR

5。重播混合配置向导

如果您有交换混合环境，则需要重新运行混合配置向导。

6。检查Exchange Server证书状态

运行交换健康检查器脚本并验证证书状态。

[PS] C:scripts>Get-ExchangeServer | ?{$_.AdminDisplayVersion -Match "^Version 15"} | .HealthChecker.ps1; .HealthChecker.ps1 -BuildHtmlServersReport -HtmlReportFile "ExchangeAllServersReport.html"; .ExchangeAllServersReport.html

安装新的Exchange Auth证书后，这就是它立即外观。所有证书状态似乎未知。