Learn how to a build a cloud-first strategyRegister Now

  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1016
  • Last Modified:

Event ID 12014 in Event Viewer: Microsoft Exchange could not find a certificate

I have the error:
Microsoft Exchange couldn't find a certificate that contains the domain name exchange.abm1.com in the personal store on the local computer. Therefore, it is unable to offer the STARTTLS SMTP verb for any connector with a FQDN parameter of exchange.abm1.com. Verify the connector configuration and the installed certificates to make sure that there is a certificate with a domain name for every connector FQDN.
Source: MSExchangeTransport
Category: TransportService
Computer: Domain-Server

I made sure that the certificate is installed and the FQDN is valid. I'm pretty sure there is something wrong with the certificates, but I can't find the problem.  The FQDN as listed in Exchange is exchange.abm1.com.

My certificates on Exchange are:
CertificateDomains : {mail.abm1.com, exchange.abm1.com, abm1.com}
Services           : IMAP, POP, SMTP
Status             : Valid
Thumbprint         : 1DC8B47E01822682D8ABB0A0B138565E0F41D8A6

CertificateDomains : {domain-server.abm1.local}
Services           : SMTP
Status             : Valid
Thumbprint         : 16688F085DB111FAF419A7255967B6AF7C3CD020

CertificateDomains : {exchange.abm1.com, mail.abm1.com, abm1.com}
Services           : IMAP, POP, IIS, SMTP
Status             : Valid
Thumbprint         : 760F76432B00B3968BEF16D98751445354C20934

CertificateDomains : {mail.abm1.com, abm1.com}
Services           : None
Status             : Invalid
Thumbprint         : FB139ACC67FCD972AA3E74FE96A90D5D31D1A532

CertificateDomains : {mail.abm1.com, exchange.abm1.com, domain-server}
Services           : IMAP, POP
Status             : DateInvalid
Thumbprint         : EDC0224ABCAE5F0FDA90E811A15FB051FF51E84D

I am unable to send to a few domains, but I'm not sure if this is the cause or not.  Thanks!
1 Solution
The first thing I would do is remove the invalid certificates. If they have expired there is no need to have them there.
You have two that are identical, are they both valid? Are they both from commercial providers? Ideally you want to be down to one, at most two certificates on the server.

If you change the FQDN on the Send Connector to one of the other names on the certificate and then restart the Transport Service, what happens then?

Also ensure that your RECEIVE connector FQDN is set to the server's own FQDN - so server.domain.local, not an alias name like mail.example.com (unless your server really is called mail.example.com).


Featured Post

NEW Veeam Agent for Microsoft Windows

Backup and recover physical and cloud-based servers and workstations, as well as endpoint devices that belong to remote users. Avoid downtime and data loss quickly and easily for Windows-based physical or public cloud-based workloads!

Tackle projects and never again get stuck behind a technical roadblock.
Join Now