• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1795
  • Last Modified:

Event ID 12014

I'm running Exchange 2007, I have the Exchange Server on one box and the Edge Transport on another box.

I'm receiving this error in the Event Logs:

EVENT #      51762
EVENT LOG      Application
EVENT TYPE      Error
SOURCE      MSExchangeTransport
CATEGORY      TransportService
EVENT ID      12014
COMPUTERNAME        MY_SERVER
DATE / TIME        4/23/2009 8:25:26 AM
MESSAGE      Microsoft Exchange couldn't find a certificate that contains the domain name mail.vetted-intl.com in the personal store on the local computer. Therefore, it is unable to support the STARTTLS SMTP verb for the connector edgesync - inbound to default-first-site-name with a FQDN parameter of mail.vetted-intl.com. If the connector's FQDN is not specified, the computer's FQDN is used. Verify the connector configuration and the installed certificates to make sure that there is a certificate with a domain name for that FQDN. If this certificate exists, run Enable-ExchangeCertificate -Services SMTP to make sure that the Microsoft Exchange Transport service has access to the certificate key.

I just recently had to renew my SSL Certificate about a month ago, but it appears these errors have been happening before my renewal.  I was receiving this error on both the Exchange Server and Edge Transport Server.

I ran the "Enable-ExchangeCertificate -Thumbprint 2afd26617915932ad096c48eb3b847fc7457662 -Services "SMTP" command on the Exchange Server so that error does not appear anymore on the Exchange Server.

I ran the Start-EdgeSynchronization cmdlet in the Exchange Management Shell to force the replication and have also waited one full day.

When I run the get-ExchangeCertificate cmdlet on the Edge Transport Server, I do not have the certificate for my mail.mycompany.com.
0
wakebrdr77
Asked:
wakebrdr77
  • 7
  • 6
1 Solution
 
muzzi_inCommented:
create new exchange certificate with domain name "ail.vetted-intl.com " with SMTP service



0
 
muzzi_inCommented:
New-ExchangeCertificate -DomainName ail.vetted-intl.com

Enable-ExchangeCertificate -Thumbprint <copy and paste the thumbprint> -Services SMTP

restart MS exchaneg transport service

reference :
http://technet.microsoft.com/en-us/library/aa998327.aspx 
http://technet.microsoft.com/en-us/library/aa997231.aspx
0
 
wakebrdr77Author Commented:
Do I do this on my Edge or Exchange?
0
Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

 
muzzi_inCommented:
if the event ID 12014 is generating on Hub you need to do this on HUB, if it is on Edge

then you need to create the certificate then re-subscribe the edge subscription.
 
0
 
wakebrdr77Author Commented:
I'm sorry for not following you. The event ID 12014 is on the Edge.  The Hub already has the new certificate (I'm assuming because I ran the I ran the "Enable-ExchangeCertificate -Thumbprint 2afd26617915932ad096c48eb3b847fc7457662 -Services "SMTP" command on the Exchange Server.

0
 
wakebrdr77Author Commented:
I think I may have fixed the problem with your solutions after I thought about it for a few minutes. I'm waiting to get an alert to see if the Event ID 12014 shows up again.  I'll keep you posted.
0
 
wakebrdr77Author Commented:
The message seems to have disappeared but now I'm getting Event ID 1005 saying that my certificate could not be decrypted by using the certificate with thumbprint XXXXXXXXXXXXXXXXXXXXXXXXXX The exception is The data to be decrypted exceeds the maximum for this modulus of 128 bytes.. To resolve this problem, unsubscribe and resubscribe your Edge Transport server.

I'm not sure what to do here and how to do it.
0
 
muzzi_inCommented:
Event 1005 is generating on which server HUB or Edge,

run the this command and get me the details

get-exchangecertificate | FL

0
 
wakebrdr77Author Commented:
It is being generated on the Edge.
0
 
wakebrdr77Author Commented:
AccessRules        : {System.Security.AccessControl.CryptoKeyAccessRule, System
                     .Security.AccessControl.CryptoKeyAccessRule, System.Securi
                     ty.AccessControl.CryptoKeyAccessRule}
CertificateDomains : {mail.mycompany.com}
HasPrivateKey      : True
IsSelfSigned       : False
Issuer             : E=server-certs@thawte.com, CN=Thawte Server CA, OU=Certifi
                     cation Services Division, O=Thawte Consulting cc, L=Cape T
                     own, S=Western Cape, C=ZA
NotAfter           : 7/31/2011 7:59:59 PM
NotBefore          : 7/30/2008 8:00:00 PM
PublicKeySize      : 1024
RootCAType         : ThirdParty
SerialNumber       : 52CDXXXXXXXXXXXXXXXXXXXXXXXXXXXX
Services           : SMTP
Status             : Valid
Subject            : CN=mail.mycompany.com, OU=Domain Validated, OU=Thawte SS
                     L123 certificate, OU=Go to https://www.thawte.com/reposito
                     ry/index.html, O=mail.mycompany.com
Thumbprint         : B489XXXXXXXXXXXXXXXXXXXXXXXXXXXXX

AccessRules        : {System.Security.AccessControl.CryptoKeyAccessRule, System
                     .Security.AccessControl.CryptoKeyAccessRule, System.Securi
                     ty.AccessControl.CryptoKeyAccessRule}
CertificateDomains : {myserver, myserver.mycompany.com}
HasPrivateKey      : True
IsSelfSigned       : True
Issuer             : CN=myserver
NotAfter           : 7/26/2009 5:30:08 PM
NotBefore          : 7/26/2008 5:30:08 PM
PublicKeySize      : 2048
RootCAType         : None
SerialNumber       : F8541XXXXXXXXXXXXXXXXXXXXXXXXXXX
Services           : SMTP
Status             : Valid
Subject            : CN=myserver
Thumbprint         : 4239XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
0
 
muzzi_inCommented:
over here findings are:

the First certificate has issues from third party that is thawte.com which have SMTP service enabled,

the other one has self signed certificate which also have SMTP service enabled,

now my Questions is, are you using third party certificate OWA or TLS, if it is for owa then ok....

if we are not using third party certificate fro TLS, then you no need to worried about it   because our self signed certificate will expire after 7/26/2009, so till the time use it, cone it expired then create new one.

still you want to completely remove the event ID then follow this :

http://social.technet.microsoft.com/Forums/en-US/exchangesvrtransport/thread/33753446-0a17-4648-8132-829c9de11e11

0
 
muzzi_inCommented:
any update
0
 
wakebrdr77Author Commented:
I had to remove the ADAM certificate from the Edge Server.  I then had to recreate the subscription and restart both servers.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell┬« is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

  • 7
  • 6
Tackle projects and never again get stuck behind a technical roadblock.
Join Now