Problems with certificate renewal Exchange 2010 / Exchange 2013 coexistence, Failed to enable constraints


I have a LAB, with Exchange 2010 / Exchange 2013 in coexitence:

  • 1 Exchange 2010 CHM
  • 2 DAG servers with FrontEnd and Backend roles and HAProxy load balancer

I have selected renew Exchange Certificate from EMC and got certificate request. Requested certificatee renewal on Startcom Certification authority -> Completed pending request


When I was trying to renew certificate for SMTP / TLS, I started to get error message on the Picture.


It was not possible to do anything with certificates in EMC, because list was empty.


  • Run EMS
  • List certificates
Get-ExchangeCertificate | Select Status,Thumbprint,Notafter,Services | ft -Autosize
  • In the list you will see pending requests

List of certificates

  • Complete pending request
Import-ExchangeCertificate -FileData ([Byte[]]$(Get-Content -Path Z:Z_DOKUMENTYSALONOVI.CZSMTP_certifikat_renewal_2013_2.cer -Encoding byte -ReadCount 0))
completed pending request
  • Check certificate if it is valid
Get-ExchangeCertificate <Thumbprint> |fl ; Thumprint from previous command
  • Assign services to certificate (Requires confirmation to overwrite existing SMTP certificate)
Get-ExchangeCertificate <Thumbprint> | Enable-ExchangeCertificate -Services SMTP
Assigning Services
  • Once CSR is completed an all certificates are in place, it is possible to access  certificates in EMC again.