Verification of the certificate request fails

[ocgltd]

I am creating a cert request in powershell on an exchange 2019 server as follows:

$binrequest = New-ExchangeCertificate -Server "exchange" -BinaryEncoded -GenerateRequest -FriendlyName "Exchange Certificate 2023" -PrivateKeyExportable $true -SubjectName "c=CA, o=MYDOMAIN, ou=IT, cn=*.MYDOMAIN.COM" -DomainName  exchange.MYDOMAIN.COM,autodiscover.MYDOMAIN.COM  
[System.IO.File]::WriteAllBytes('d:\temporary\exchange2023.req', [System.Text.Encoding]::Unicode.GetBytes($binrequest))

(I have obfoscated my real domain name with MYDOMAIN.COM.) I then move the cert request to my CA (I run XCA 2.5.0), import it and try to generate the cert. However, when I try to sign the above request XCA reports:

"The verification of the certificate request failed. The rollout should be aborted"

If I check the properties of the cert request in XCA I see:

Signature: Failed (sha1WithRSAEncryption)

Is Exch2019 generating an invalid request? Or is this normal for a request since it is not signed?

How do I diagnose this? XCA doesn't provide any additional information of what is wrong.