While configuring an Exchange 2013 organization in a hybrid scenario with Office 365 the Exchange Hybrid wizard stopped and showed the following error message:
Subtask CheckPrereqs execution failed: Configure Mail flow The Secure Mail Certificate on server HYBRID01 is not bound to the SMTP Service at Microsoft.Exchange.Management.Hybrid.MailFlowTask.CheckCertPrereqs()…
This was a dedicated Exchange 2013 server for hybrid connectivity. There were two other Exchange 2013 multi-role servers (in a DAG) and two Exchange 2013 Edge Transport servers for message hygiene, but these were not used for hybrid connectivity.
Although the server was configured properly, with an SSL certificate for the hybrid.exchangelabs.nl FQDN I forgot to bind the SMTP Transport service to this SSL Certificate as shown in the following figure:
A 3rd party SSL certificate (in this case from Digicert) is used to setup a TLS connection between Exchange Online and Exchange on-premises to setup a secure mail flow between the two.
You can use the Get-ExchangeCertificate | Enable-ExchangeCertificate command to bind the SMTP Transport service to the SSL Certificate as well as shown in the following figure:
After binding the SMTP protocol to the SSL certificate the Hybrid Configuration Wizard can be run again and this time it finishes successfully (or at least not fail on the SMTP part 😉