Solved

Event ID 12014 in Event Viewer: Microsoft Exchange could not find a certificate

Posted on 2009-04-13
2
1,013 Views
Last Modified: 2012-05-06
I have the error:
Microsoft Exchange couldn't find a certificate that contains the domain name exchange.abm1.com in the personal store on the local computer. Therefore, it is unable to offer the STARTTLS SMTP verb for any connector with a FQDN parameter of exchange.abm1.com. Verify the connector configuration and the installed certificates to make sure that there is a certificate with a domain name for every connector FQDN.
Source: MSExchangeTransport
Category: TransportService
Computer: Domain-Server

I made sure that the certificate is installed and the FQDN is valid. I'm pretty sure there is something wrong with the certificates, but I can't find the problem.  The FQDN as listed in Exchange is exchange.abm1.com.

My certificates on Exchange are:
CertificateDomains : {mail.abm1.com, exchange.abm1.com, abm1.com}
Services           : IMAP, POP, SMTP
Status             : Valid
Thumbprint         : 1DC8B47E01822682D8ABB0A0B138565E0F41D8A6

CertificateDomains : {domain-server.abm1.local}
Services           : SMTP
Status             : Valid
Thumbprint         : 16688F085DB111FAF419A7255967B6AF7C3CD020

CertificateDomains : {exchange.abm1.com, mail.abm1.com, abm1.com}
Services           : IMAP, POP, IIS, SMTP
Status             : Valid
Thumbprint         : 760F76432B00B3968BEF16D98751445354C20934

CertificateDomains : {mail.abm1.com, abm1.com}
Services           : None
Status             : Invalid
Thumbprint         : FB139ACC67FCD972AA3E74FE96A90D5D31D1A532

CertificateDomains : {mail.abm1.com, exchange.abm1.com, domain-server}
Services           : IMAP, POP
Status             : DateInvalid
Thumbprint         : EDC0224ABCAE5F0FDA90E811A15FB051FF51E84D

I am unable to send to a few domains, but I'm not sure if this is the cause or not.  Thanks!
0
Comment
Question by:BEKtech
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 65

Accepted Solution

by:
Mestha earned 500 total points
ID: 24133799
The first thing I would do is remove the invalid certificates. If they have expired there is no need to have them there.
You have two that are identical, are they both valid? Are they both from commercial providers? Ideally you want to be down to one, at most two certificates on the server.

If you change the FQDN on the Send Connector to one of the other names on the certificate and then restart the Transport Service, what happens then?

Also ensure that your RECEIVE connector FQDN is set to the server's own FQDN - so server.domain.local, not an alias name like mail.example.com (unless your server really is called mail.example.com).

Simon.
0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

After hours on line I found a solution which pointed to the inherited Active Directory permissions . You have to give/allow permissions to the "Exchange trusted subsystem" for the user in the Active Directory...
Check out this step-by-step guide for using the newly updated Experts Exchange mobile app—released on May 30.
The basic steps you have just learned will be implemented in this video. The basic steps are shown to configure an Exchange DAG in a live working Exchange Server Environment and manage the same (Exchange Server 2010 Software is used in a Windows Ser…
Exchange organizations may use the Journaling Agent of the Transport Service to archive messages going through Exchange. However, if the Transport Service is integrated with some email content management application (such as an antispam), the admini…

724 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question