When assigning SSL certificates to the Exchange UM services (Microsoft Exchange Unified Messaging and Unified Messaging call router), an error message appears if the corresponding settings are not made beforehand.
The following error message is displayed if an attempt is made to bind a certificate to the UM services without changing the start mode:
Ein spezieller RPC-Fehler ist auf Server FWEX1 aufgetreten: Das Zertifikat mit dem Fingerabdruck ‚89563B4B0BAE9F9747DC9A33BE63E55FD2723405‘ kann nicht für Microsoft Exchange Unified Messaging aktiviert werden, da es zurzeit nur für die Ausführung im TCP-Modus festgelegt ist. Ändern Sie den Modus in ‚TLS‘ oder ‚Dual‘, und führen Sie dieses Cmdlet erneut aus.
The following commands change the start mode of the services accordingly so that SSL certificates can be bound to the services:
Get-UMService | Set-UMService -UMStartupMode Dual Set-UMCallRouterSettings -Server FWEX1 -UMStartupMode DUAL Set-UMCallRouterSettings -Server FWEX2 -UMStartupMode DUAL
As soon as the commands have been executed, the certificate can be assigned to the UM services; once this has been done, the two services must be restarted on the servers.
Note: It is not absolutely necessary to configure SSL certificates for the Unified Messaging services. If you do not want to use certificates for the UM services, you can leave the configuration as default and simply omit the UM services when assigning a new certificate.
This article also applies to Exchange 2016.