|
| 1 | +--- |
| 2 | +title: Certificate assignment fails and returns error 0xe434352 |
| 3 | +description: This article provides the resolution for error 0xe434352 that occurs during certificate assignment if unsupported characters are used in the domain name of Receive Connectors. |
| 4 | +#customer intent: As an Exchange Server administrator, I want to resolve SMTP (Simple Mail Transfer Protocol) certificate binding issues that are caused by invalid fully-qualified domain names (FQDNs) so that I can maintain system reliability. |
| 5 | +author: cloud-writer |
| 6 | +ms.author: meerak |
| 7 | +manager: dcscontentpm |
| 8 | +audience: ITPro |
| 9 | +ms.topic: troubleshooting |
| 10 | +ms.custom: |
| 11 | + - sap:Administrative Tasks |
| 12 | + - Exchange Server |
| 13 | + - CSSTroubleshoot |
| 14 | +ms.reviewer: igserr, batre, arindamt, v-kccross |
| 15 | +appliesto: |
| 16 | + - Exchange Server SE |
| 17 | + - Exchange Server 2019 |
| 18 | + - Exchange Server 2016 |
| 19 | +search.appverid: MET150 |
| 20 | +ms.date: 01/28/2026 |
| 21 | +--- |
| 22 | + |
| 23 | +# Error 0xe434352 and SMTP certificate assignment fails |
| 24 | + |
| 25 | +## Summary |
| 26 | + |
| 27 | +When you assign certificates to Exchange services, you might encounter error 0xe0434352 during the certificate binding process. The error indicates that one or more Receive Connectors in Microsoft Exchange Server use FQDNs that contain characters not allowed by DNS standards. |
| 28 | + |
| 29 | +## Symptoms |
| 30 | + |
| 31 | +You run the `Enable-ExchangeCertificate` cmdlet to assign a certificate to the SMTP service. The operation fails and returns the following error message: |
| 32 | + |
| 33 | +> The Exchange Certificate operation has failed with an exception on server <*Server Name*>. |
| 34 | +> |
| 35 | +> The error message is: Unknown error (0xe0434352) |
| 36 | +
|
| 37 | +## Cause |
| 38 | + |
| 39 | +This issue occurs if the FQDN of one or more Receive Connectors contains unsupported characters. The connector creation process allows underscores in the domain name. However, underscores violate DNS standards and cause failures during certificate binding. |
| 40 | + |
| 41 | +For more information about domain names, see the following articles: |
| 42 | + |
| 43 | +- [DNS host names](/troubleshoot/windows-server/active-directory/naming-conventions-for-computer-domain-site-ou#dns-host-names) |
| 44 | +- [Unsupported characters for Exchange 2013 object names](/exchange/unsupported-characters-for-exchange-2013-object-names-exchange-2013-help) |
| 45 | + |
| 46 | +## Resolution |
| 47 | + |
| 48 | +To resolve this issue, use the Exchange Management Shell to find connectors that have invalid FQDNs. Run the following PowerShell command: |
| 49 | + |
| 50 | +```powershell |
| 51 | +Get-ReceiveConnector | Select Identity, FQDN |
| 52 | +``` |
| 53 | + |
| 54 | +You can refine your search to look for specific unsupported characters. The following example searches for underscores in FQDNs: |
| 55 | + |
| 56 | +```powershell |
| 57 | +Get-ReceiveConnector | Where-Object { $_.FQDN -like "*_*" } | Select Identity, FQDN |
| 58 | +``` |
| 59 | + |
| 60 | +After you identify the connector that contains unsupported characters, rename it by using supported characters: |
| 61 | + |
| 62 | +```powershell |
| 63 | +Set-ReceiveConnector -Identity "ServerName\ConnectorName" -FQDN ValidFQDN.domain.com |
| 64 | +``` |
| 65 | + |
| 66 | +After you fix the domain name, retry the certificate assignment to verify that you no longer encounter the error: |
| 67 | + |
| 68 | +```powershell |
| 69 | +Enable-ExchangeCertificate -Thumbprint <Thumbprint> -Services SMTP |
| 70 | +``` |
| 71 | + |
| 72 | +## References |
| 73 | + |
| 74 | +For more information about domain name formation and supported characters, see: |
| 75 | + |
| 76 | +- DoD Internet host table specification [RFC 952](https://www.rfc-editor.org/rfc/rfc952) |
| 77 | +- Domain names - Implementation and specification [RFC 1035](https://www.rfc-editor.org/rfc/rfc1035) |
| 78 | +- Requirements for Internet hosts - Application and Support [RFC 1123](https://www.rfc-editor.org/rfc/rfc1123) |
0 commit comments