Share via

How to fix error Error: CommunicationErrorTransientException:Could not establish trust relationship for the SSL/TLS secure channel with authority

Paulina Lukas 0 Reputation points
2025-02-21T13:03:24.82+00:00

we are running a ybrid environment , we create user mailboxes on our on prem exchange and than migrate the mailbox to exchange online , we have been doing that succesfully up until last week , when it started fsiling for all mailboxes , it stay for the whole day on sync and says completed with below error . the mailbox fails to migrate .

Error: CommunicationErrorTransientException: The call to 'https://owa.mtc.com.na/EWS/mrsproxy.svc' failed. Error details: Could not establish trust relationship for the SSL/TLS secure channel with authority 'owa.mtc.com.na'. --> The SSL connection could not be established, see inner exception. --> The remote certificate was rejected by the provided RemoteCertificateValidationCallback.. --> Could not establish trust relationship for the SSL/TLS secure channel with authority 'owa.mtc.com.na'. --> The SSL connection could not be established, see inner exception. --> The remote certificate was rejected by the provided RemoteCertificateValidationCallback.

Microsoft Exchange Hybrid Management
Microsoft Exchange Hybrid Management
Microsoft Exchange: Microsoft messaging and collaboration software.Hybrid Management: Organizing, handling, directing or controlling hybrid deployments.
2,250 questions

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Kaiyue Gong (Shanghai Wicresoft Co Ltd) 710 Reputation points Microsoft External Staff
    2025-02-24T08:15:18.6833333+00:00

    Hi @Paulina Lukas,

    Thank you for posting your question in the Microsoft Q&A forum.

    According to your description, your issue is with SSL/TLS trust issues while migrating mailboxes. The error mentions that RemoteCertificateValidationCallback rejects the certificate. This usually means that there is a problem with the SSL certificate on the Exchange server. Here are some suggestions to help you.

    1. Verify the validity of the certificate. Ensure that the SSL certificate on owa.mtc.com.na is not expired. Verify that the certificate is from a trusted Certificate Authority (CA). Ensure that the subject name or subject alternative name (SAN) of the certificate matches your domain name. In addition, most trusted certificates require you to install at least one other chain/intermediate certificate to link your SSL certificate to the trusted source. However, this process depends on the browser you are using. For example, Internet Explorer can automatically download intermediate certificates, but Mozilla Firefox cannot.
    2. Ensure that TLS 1.2 is enabled on your internal Exchange server, as older versions such as TLS 1.0 and 1.1 are considered insecure and may be rejected.
    3. Ensure that no firewalls/proxies are intercepting traffic and invalidating certificates. Make sure port 443 is open and not blocked.

    For more detailed information on troubleshooting SSL related issues, refer to the documentation:

    https://learn.microsoft.com/en-us/troubleshoot/developer/webapps/iis/www-authentication-authorization/troubleshooting-ssl-related-issues-server-certificate?source=recommendations

    If the answer is helpful, please click on “Accept answer” as it could help other members of the Microsoft Q&A community who have similar questions and are looking for solutions.

    Thank you for your support and understanding.

    0 comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.