ExamTopics Logo
Mail Us[email protected]
Menu
Microsoft Discussions
exam questions

Exam MS-203 All Questions

View all questions & answers for the MS-203 exam
Go to Exam

Exam MS-203 topic 2 question 15 discussion

Actual exam question from Microsoft's MS-203
Question #: 15
Topic #: 2
[All MS-203 Questions]

You have a hybrid deployment that contains a Microsoft Exchange Online tenant and an on-premises Exchange Server 2019 server named Server1.
Server1 uses a certificate from a third-party certification authority (CA). The certificate is enabled for the SMTP service.
You replace the certificate with a new certificate.
You discover that delivery fails for all email messages sent from Server1 to your Microsoft 365 tenant.
You receive the following error message for all the queued email messages: `450 4.4.101 Proxy session setup failed on Frontend with 451 4.4.0 Primary target IP address responded with 451 5.7.3 STARTTLS is required to send mail.`
You need to ensure that the messages are delivered successfully from Server1 to the Microsoft 365 tenant.
What should you do?

  • A. From the Exchange admin center, update the certificate thumbprint in the properties of a connector
  • B. From Server1, regenerate the certificate and select Make private keys exportable
  • C. From the firewall, disable SMTP content inspection
  • D. From Server1, enable the new certificate for the IMAP4 service
Show Suggested Answer Hide Answer
Suggested Answer: A 🗳️
by Kariimu at June 9, 2021, 1:15 a.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
PuneetRana05
Highly Voted 3 years, 2 months ago
C is definitely not a correct answer
upvoted 7 times
...
HGD545
Highly Voted 2 years, 9 months ago
On the test Nov 3,2021
upvoted 6 times
...
Amir1909
Most Recent 8 months, 2 weeks ago
A is correct
upvoted 1 times
...
bullet091
12 months ago
Selected Answer: A
It's a bit of strange wording to say "update the thumbprint" but realistically you are updating the connector with the new certificate, which would in-turn update the thumbprint the connector refers to. So I believe the answer is A. I don't think C would ever be the right course of action, you can't just start disabling security features on your firewall because the new certificate isn't applied correctly in Exchange yet.
upvoted 2 times
...
BigTone
1 year ago
Selected Answer: A
The answer is A, Check this URL https://learn.microsoft.com/en-us/exchange/troubleshoot/email-delivery/cannot-receive-mail-with-new-certificate
upvoted 2 times
...
KerrAvon
1 year, 2 months ago
A since its the certificate on the connector. C implies a Firewall/UTM device. Re running the HCW after renewing the certificate works as it modifies the connector with the new certificate for you.
upvoted 1 times
...
CarlosTech99
1 year, 2 months ago
Selected Answer: A
Option C, disabling SMTP content inspection on the firewall, may also help in certain scenarios where the firewall is interfering with the SMTP traffic. However, the recommended solution in this case is to update the certificate thumbprint in the connector properties. Therefore, the best course of action is to update the certificate thumbprint in the properties of the connector from the Exchange admin center.
upvoted 1 times
...
reyrey
1 year, 5 months ago
A makes no sense. C is the right answer
upvoted 1 times
...
randomstranger
1 year, 5 months ago
Selected Answer: A
I think it's A, I had this problem before after updating a cert and rerunning the hcw fixed it.
upvoted 3 times
...
empperador
2 years, 3 months ago
C is a valid andwer: http://azuredummies.com/2016/06/21/451-5-7-3-starttls-is-required-to-send-mail-office-365/
upvoted 1 times
...
Kodeblack
2 years, 3 months ago
ON exam - 4/18/2022 All 3 case studies were also on exam
upvoted 1 times
...
kazaki
2 years, 5 months ago
Selected Answer: C
Actually we must enable the certificate smtp for the connector then set the certificate name then rerun HCW So actually non of answers are correct except the firewall answer cause maybe it is related to new thumb on firewall so C is the only remaining answer Rerun the Hybrid Configuration wizard to update the receive connector on the hybrid server that has the newly installed certificate information.
upvoted 4 times
...
maxustermann
2 years, 6 months ago
Selected Answer: A
I will go with A
upvoted 3 times
...
JerT
2 years, 6 months ago
Answer C is a valid answer https://social.technet.microsoft.com/Forums/en-US/0cf2f11d-857a-42fd-9f43-7cb70bfe2a7a/573-starttls-is-required-to-send-mail?forum=Exch2016GD
upvoted 2 times
...
learnerearner
2 years, 7 months ago
I will go with A as well. even though MS doc mention powershell, we can also ran the HCW to update the thumbprint i believe
upvoted 5 times
...
Cbruce
3 years, 1 month ago
No answer is correct. The thumbprint needs updated on SMTP, but it must be done through PowerShell not in the console.
upvoted 2 times
J4U
2 years, 10 months ago
Can't we enable the SMTP services for the new certificate and remove it from old certificate. This should automatically update the thumbprint as well. I also go with A.
upvoted 1 times
...
...
Kariimu
3 years, 2 months ago
Answer is A https://docs.microsoft.com/en-us/exchange/troubleshoot/email-delivery/cannot-receive-mail-with-new-certificate
upvoted 4 times
Abdou1604
2 years, 5 months ago
using powershell : example for EX2016SRV1 server : #Get the new certificat Thumbprint [PS]cert= C:\>Get-ExchangeCertificate -Thumbprint DE67EC3C8D679AA35D17678FEC51907272B1BAE2 #Get the issuer and the subject [PS] C:\>$tlscertificatename = "<i>$($cert.Issuer)<s>$($cert.Subject)" #Set the connector with the values [PS] C:\>Set-ReceiveConnector "EX2016SRV1\Client Frontend EX2016SRV1" -TlsCertificateName $tlscertificatename
upvoted 3 times
...
terences
3 years, 2 months ago
you have to use powershell, you cannot link the thumbprint of a cert to a connector from the exchange admin center
upvoted 5 times
Harshul
2 years, 7 months ago
The TlsCertificateName property is set correctly when the Hybrid Configuration wizard (HCW) is run after a new Exchange certificate is installed. https://docs.microsoft.com/en-us/exchange/troubleshoot/email-delivery/cannot-receive-mail-with-new-certificate
upvoted 3 times
...
...
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel