|
| 1 | +--- |
| 2 | +title: Certificate assignment fails due to invalid FQDN in Exchange |
| 3 | +description: This article provides the resolution for error 0xe434352 that occurs during certificate assignment when unsupported characters are used in the domain name of Receive Connectors. |
| 4 | +#customer intent: As an Exchange Server admin, I want to resolve certificate binding issues caused by invalid fully-qualified domain names (FQDNs) so that I can maintain system reliability. |
| 5 | +author: cloud-writer |
| 6 | +ms.author: meerak |
| 7 | +manager: dcscontentpm |
| 8 | +audience: ITPro |
| 9 | +ms.topic: troubleshooting |
| 10 | +ms.custom: |
| 11 | + - sap:Administrative Tasks |
| 12 | + - Exchange Server |
| 13 | + - CSSTroubleshoot |
| 14 | +ms.reviewer: igserr, batre, arindamt, v-kccross |
| 15 | +appliesto: |
| 16 | + - Exchange Server SE |
| 17 | + - Exchange Server 2019 |
| 18 | + - Exchange Server 2016 |
| 19 | +search.appverid: MET150 |
| 20 | +ms.date: 01/28/2026 |
| 21 | +--- |
| 22 | + |
| 23 | +# SMTP certificate assignment fails with error 0xe434352 because of unsupported characters in the FQDN |
| 24 | + |
| 25 | +## Summary |
| 26 | + |
| 27 | +When you assign certificates to Exchange Server services, you might encounter error 0xe0434352 during the certificate binding process. This error typically indicates that one or more Receive Connectors in your Exchange environment use FQDNs that contain characters not supported by DNS standards. |
| 28 | + |
| 29 | +## Symptoms |
| 30 | + |
| 31 | +You run the `Enable-ExchangeCertificate` cmdlet to assign a certificate to the SMTP service. The operation fails with the following message: |
| 32 | + |
| 33 | +> The Exchange Certificate operation has failed with an exception on server <*Server Name*>. |
| 34 | +> The error message is: Unknown error (0xe0434352) |
| 35 | +
|
| 36 | +:::image type="content" source="media/certificate-assignment-fails-error-0xe0434352-unsupported-characters/unknown-error-0xe0434352.png" alt-text="A screenshot showing error message 0xe434352."::: |
| 37 | + |
| 38 | +## Cause |
| 39 | + |
| 40 | +This issue occurs when the FQDN of one or more Receive Connectors contains unsupported characters, such as underscores. The connector creation process allows underscores in the domain name, but these characters violate DNS standards and cause failures during certificate binding. |
| 41 | + |
| 42 | +For more information about domain names, see the following articles: |
| 43 | + |
| 44 | +- [DNS host names](../../../support/windows-server/active-directory/naming-conventions-for-computer-domain-site-ou.md#dns-host-names) |
| 45 | +- [Unsupported characters for Exchange 2013 object names](/exchange/unsupported-characters-for-exchange-2013-object-names-exchange-2013-help) |
| 46 | + |
| 47 | +## Resolution |
| 48 | + |
| 49 | +To resolve this issue, use the Exchange Management Shell to find connectors with invalid FQDNs. |
| 50 | + |
| 51 | +```powershell |
| 52 | +Get-ReceiveConnector | Select Identity, FQDN |
| 53 | +``` |
| 54 | + |
| 55 | +You can refine your search to look for specific unsupported characters. The following example searches for underscores in FQDNs. |
| 56 | + |
| 57 | +```powershell |
| 58 | +Get-ReceiveConnector | Where-Object { $_.FQDN -like "*_*" } | Select Identity, FQDN |
| 59 | +``` |
| 60 | + |
| 61 | +After you identify the connector with unsupported characters, rename it using supported characters to fix the problem. |
| 62 | + |
| 63 | +```powershell |
| 64 | +Set-ReceiveConnector -Identity "ServerName\ConnectorName" -FQDN ValidFQDN.domain.com |
| 65 | +``` |
| 66 | + |
| 67 | +After you fix the domain name, retry the certificate assignment to confirm that you no longer receive the error. |
| 68 | + |
| 69 | +```powershell |
| 70 | +Enable-ExchangeCertificate -Thumbprint <Thumbprint> -Services SMTP |
| 71 | +``` |
| 72 | + |
| 73 | +## References |
| 74 | + |
| 75 | +For more information about domain name formation and supported characters, see: |
| 76 | + |
| 77 | +- DoD Internet host table specification [RFC 952](https://www.rfc-editor.org/rfc/rfc952) |
| 78 | +- Domain names - Implementation and specification [RFC 1035](https://www.rfc-editor.org/rfc/rfc1035) |
| 79 | +- Requirements for Internet hosts - Application and Support [RFC 1123](https://www.rfc-editor.org/rfc/rfc1123) |
0 commit comments