After removing the default self-signed certificate from a multi-role server:
- Exchange Management Shell fails with: “The WinRM Shell client cannot process the request”
- Exchange Admin Center presents the authentication page and then fails to open the EAC page
[floated align=”left”]Exchange 2013[/floated] comes out of the box with a self-signed certificate, assigned to the Default and Back End Web sites. The recommended practice is to replace it with a trusted Multiple Domain certificate (UCC), and we demonstrate this in [tip label=”Part 2” style=”1″ href=”https://www.netometer.com/video/tutorials/How-to-Upgrade-Exchange-2007-to-Exchange-2013-Part2″]Screencast: How to Upgrade Exchange 2007 to 2013 P2 
[/tip] of our Exchange 2007 to 2013 upgrade Screencast.
Once you install the new certificate and assign the Exchange services to it, you have to decide what to do with the self-signed certificate which you have just replaced (usually in Exchange Admin Center).
As you will see in this video, deleting the Exchange 2013 self-signed certificate on a multi-role server will get you in trouble. The problem is specific to servers hosting the Mailbox and CAS roles and results in a failure to open Exchange Management Shell (EMS) or Exchange Admin Center (EAC). The fastest way to resolve this issue is to assign a certificate to the Back End website in IIS manager.
- “Discovery Search Mailbox has been corrupted” error when upgrading from Exchange 2007 to Exchange 2013
- Exchange 2013 – Custom Receive HubTransport Connector Problem
- How to Bulk Create Mailboxes in Exchange 2013
- How to Install Exchange 2013