JoinDomain VMExtensionProvisioningError when deploying WVD (aka Conflict Error)

Deploying WVD Fails with a conflict error and when clicking for more information it presents a conflict and not much else that is useful by way of toubleshooting. Hopefully this helps someone else as it had me head scratching for a little while.. When creating the Host Pool, make sure that you haven't made the fatal error of using the Azure Active Directory Credential INSTEAD of the Local AD Domain Credential.  i.e do not use to domain join, even if it links back to the domain - this is where the conflict arrises.    Instead, use your full internal domain UPN.  Re-deploy your same configuration and you should find it goes through now without any problems. Additional findings.... Albeit my mistake above was an easy one, it does appear the error is directly linked to the domain join process. If you go into your resource groups, locate the session host and MSTSC directly to it.  Try the domain join pr

Renewing a self signed SSL Certificate in Exchange 2007

Ok, so I've actually seen this problem so many times now it's unreal and people are always asking me how to fix it because most other guides on the net make it look way to complicated to properly comprehend. So, here goes. This is how I renew an Exchange 2007 SSL Certificate when you get the notice in Outlook it has expired. N.B - The process for renewing through a verified authority like GoDaddy / 123 Reg is not discussed here.

First thing you'll need to do is logon to your SBS 2008 (Ex2K7) box as the domain administrator and open the Microsoft Exchange Management Shell.

Type the following command:  Get-ExchangeCertificate - This will list all of your existing certificates by Thumbprint and CN (Common Name).

You'll need to know the CN, if you're unsure match it to the certificate error being presented in Outlook. History tells me it's normally the that controls the Ex Cert on SBS.

Now, using the identified Thumbprint of the certificate you require use the following command. (Important that you use the Pipe command to run this all in one.)
Get-ExchangeCertificate –Thumbprint 12345678900000000000000000000000000123456 | New-ExchangeCertificate
Press Y to the overwrite certificate, this doesnt actually overwrite anything. It essentially just sets this new Certificate as the default.

Now, we're nearly there. In the above process you are given a new Thumbprint for your newly renewed SSL Cert. This is the thumbprint we'll be using moving forward.

All you have to do now is enable the SSL Certificate for the services you are going to be using it for. If you're unsure just use the four most common (Particularly on SBS). SMTP, IIS, POP, IMAP.

To do this run the following:
Enable-ExchangeCertificate –Thumbprint 12345678900012345600000012345600000123456 –Services IIS

Enable-ExchangeCertificate –Thumbprint 12345678900012345600000012345600000123456 –Services SMTP

Enable-ExchangeCertificate –Thumbprint 12345678900012345600000012345600000123456 –Services POP

Enable-ExchangeCertificate –Thumbprint 12345678900012345600000012345600000123456 –Services IMAP

I like to do it step by step to make sure it works ok but you can run this command all integrated by seperating the below out with commas. ie. Services IIS, POP, SMTP, IMAP. Sometimes you get a warning on the SBS about another cert taking precendence on TLS connections, again nothing to worry about.

Now test your SSL Certificate, it should all be working and renewed for another year. You can verify the next renewal date by typing:
Get-ExchangeCertificate -Thumbprint 12345678900012345600000012345600000123456 |fl

Last but not least when you are happy it's all working again. Simply remove the old cert by typing:
Remove-ExchangeCertificate -thumbprint 12345678900000000000000000000000000123456
Remember to use the previous thumbprint not the newly created one.

Hopefully that helps a few people and makes this process that at first glance looks terrifying to actually become fairly simple...

Did I solve your problem? Buy me a virtual beer by clicking on a Google ad :). Thanks!


  1. Nice Post! it's helped to creating our self signed SSL certificate for testing.


Post a Comment

Popular posts from this blog

This product type does not match the list of supported product types

SBS 2008 hangs on Applying Computer Settings

LSASS.EXE - System Error / Rebuilding Active Directory Indices. When booting windows server 2003