When accessing the certificates from a remote Exchange Server via the Exchange Admin Center you may receive the following error.
Cannot connect to the remote procedure call service on the server named <server name>. Verify that a valid computer name was used and the Microsoft Exchange Service Host service is started.
What makes this error difficult to troubleshoot are the other areas of remote management (such as managing the virtual directories of another server) work as expected.
This error also occurs in the Exchange Management Shell when running the Get-ExchangeCertificate command.
C:\> Get-ExchangeCertificate -Server EX16-02 Cannot connect to the remote procedure call service on the server named EX16-02. Verify that a valid computer name was used and the Microsoft Exchange Service Host service is started.
When running the Hybrid Configuration Wizard you may also receive an error stating that no valid certificates could be found for securing hybrid mail transport. However, further troubleshooting reveals the certificate does exist on all servers and is correctly assigned.
No valid certificate could be found to use for securing hybrid mail transport. The certificate must be installed on all servers where Send or Receive connectors are hosted.
Despite the evidence pointing towards an RPC issue, or possibly even a remote management issue, this is actually an issue with DNS suffixes.
Fixing Cannot connect to the Remote Procedure Call service
To fix the issue we need to verify the DNS suffixes in the network adapter properties on each Exchange server. To do this, click Start and search for ncpa.cpl. This launches the network control panel where all network adapters will be listed.
Right-click on your active network adapter and select Properties from the context menu.
From the Properties dialog double click on Internet Protocol Version 4 (TCP/IPv4).
From the Internet Protocol dialog click the Advanced button.
From the Advanced TCP/IP Settings dialog click the DNS tab. The area we need to focus on is the lower half of this properties page.
In most cases, this dialog will be configured with the options Append primary and connection-specific DNS suffixes, and Append parent suffixes of the primary DNS suffix. This is the default out-of-the-box configuration for a Windows operating system, including a domain-joined server.
However, depending on the environment, it is possible that Append these DNS suffixes are selected. If this is the case it is imperative that the correct DNS suffixes have been entered.
In our example, we only have foo.com on our list. We are missing the DNS suffix for our domain where our Exchange servers reside. This is where the problem lies.
We have two possible resolutions to this issue. We can either select Append primary and connection-specific DNS suffixes (and Append parent suffixes of the primary DNS suffix) or, we need to click the Add button and enter the missing DNS suffixes.
Once you have made the necessary corrections click Ok to save the configuration of each dialog. Relaunch the Exchange Admin Center and you should now be able to view the certificates of the remote servers. This will also clear up the same error in the Exchange Management Shell, as well as the error in the Hybrid Configuration Wizard.
Have you seen this issue before? What did you do to fix it? Drop a comment below or join the conversation on Twitter @SuperTekBoy