Solved

Event ID 12014 in Event Viewer: Microsoft Exchange could not find a certificate

Posted on 2009-04-13
2
1,008 Views
Last Modified: 2012-05-06
I have the error:
Microsoft Exchange couldn't find a certificate that contains the domain name exchange.abm1.com in the personal store on the local computer. Therefore, it is unable to offer the STARTTLS SMTP verb for any connector with a FQDN parameter of exchange.abm1.com. Verify the connector configuration and the installed certificates to make sure that there is a certificate with a domain name for every connector FQDN.
Source: MSExchangeTransport
Category: TransportService
Computer: Domain-Server

I made sure that the certificate is installed and the FQDN is valid. I'm pretty sure there is something wrong with the certificates, but I can't find the problem.  The FQDN as listed in Exchange is exchange.abm1.com.

My certificates on Exchange are:
CertificateDomains : {mail.abm1.com, exchange.abm1.com, abm1.com}
Services           : IMAP, POP, SMTP
Status             : Valid
Thumbprint         : 1DC8B47E01822682D8ABB0A0B138565E0F41D8A6

CertificateDomains : {domain-server.abm1.local}
Services           : SMTP
Status             : Valid
Thumbprint         : 16688F085DB111FAF419A7255967B6AF7C3CD020

CertificateDomains : {exchange.abm1.com, mail.abm1.com, abm1.com}
Services           : IMAP, POP, IIS, SMTP
Status             : Valid
Thumbprint         : 760F76432B00B3968BEF16D98751445354C20934

CertificateDomains : {mail.abm1.com, abm1.com}
Services           : None
Status             : Invalid
Thumbprint         : FB139ACC67FCD972AA3E74FE96A90D5D31D1A532

CertificateDomains : {mail.abm1.com, exchange.abm1.com, domain-server}
Services           : IMAP, POP
Status             : DateInvalid
Thumbprint         : EDC0224ABCAE5F0FDA90E811A15FB051FF51E84D

I am unable to send to a few domains, but I'm not sure if this is the cause or not.  Thanks!
0
Comment
Question by:BEKtech
2 Comments
 
LVL 65

Accepted Solution

by:
Mestha earned 500 total points
ID: 24133799
The first thing I would do is remove the invalid certificates. If they have expired there is no need to have them there.
You have two that are identical, are they both valid? Are they both from commercial providers? Ideally you want to be down to one, at most two certificates on the server.

If you change the FQDN on the Send Connector to one of the other names on the certificate and then restart the Transport Service, what happens then?

Also ensure that your RECEIVE connector FQDN is set to the server's own FQDN - so server.domain.local, not an alias name like mail.example.com (unless your server really is called mail.example.com).

Simon.
0

Featured Post

How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

Join & Write a Comment

Easy CSR creation in Exchange 2007,2010 and 2013
Check out this infographic on what you need to make a good email signature that will work perfectly for your organization.
In this video we show how to create a Shared Mailbox in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Recipients >> Sha…
In this video we show how to create a Contact in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Recipients >> Contact ta…

759 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

19 Experts available now in Live!

Get 1:1 Help Now