wakebrdr77
asked on
Event ID 12014
I'm running Exchange 2007, I have the Exchange Server on one box and the Edge Transport on another box.
I'm receiving this error in the Event Logs:
EVENT # 51762
EVENT LOG Application
EVENT TYPE Error
SOURCE MSExchangeTransport
CATEGORY TransportService
EVENT ID 12014
COMPUTERNAME MY_SERVER
DATE / TIME 4/23/2009 8:25:26 AM
MESSAGE Microsoft Exchange couldn't find a certificate that contains the domain name mail.vetted-intl.com in the personal store on the local computer. Therefore, it is unable to support the STARTTLS SMTP verb for the connector edgesync - inbound to default-first-site-name with a FQDN parameter of mail.vetted-intl.com. If the connector's FQDN is not specified, the computer's FQDN is used. Verify the connector configuration and the installed certificates to make sure that there is a certificate with a domain name for that FQDN. If this certificate exists, run Enable-ExchangeCertificate -Services SMTP to make sure that the Microsoft Exchange Transport service has access to the certificate key.
I just recently had to renew my SSL Certificate about a month ago, but it appears these errors have been happening before my renewal. I was receiving this error on both the Exchange Server and Edge Transport Server.
I ran the "Enable-ExchangeCertificat e -Thumbprint 2afd26617915932ad096c48eb3 b847fc7457 662 -Services "SMTP" command on the Exchange Server so that error does not appear anymore on the Exchange Server.
I ran the Start-EdgeSynchronization cmdlet in the Exchange Management Shell to force the replication and have also waited one full day.
When I run the get-ExchangeCertificate cmdlet on the Edge Transport Server, I do not have the certificate for my mail.mycompany.com.
I'm receiving this error in the Event Logs:
EVENT # 51762
EVENT LOG Application
EVENT TYPE Error
SOURCE MSExchangeTransport
CATEGORY TransportService
EVENT ID 12014
COMPUTERNAME MY_SERVER
DATE / TIME 4/23/2009 8:25:26 AM
MESSAGE Microsoft Exchange couldn't find a certificate that contains the domain name mail.vetted-intl.com in the personal store on the local computer. Therefore, it is unable to support the STARTTLS SMTP verb for the connector edgesync - inbound to default-first-site-name with a FQDN parameter of mail.vetted-intl.com. If the connector's FQDN is not specified, the computer's FQDN is used. Verify the connector configuration and the installed certificates to make sure that there is a certificate with a domain name for that FQDN. If this certificate exists, run Enable-ExchangeCertificate
I just recently had to renew my SSL Certificate about a month ago, but it appears these errors have been happening before my renewal. I was receiving this error on both the Exchange Server and Edge Transport Server.
I ran the "Enable-ExchangeCertificat
I ran the Start-EdgeSynchronization cmdlet in the Exchange Management Shell to force the replication and have also waited one full day.
When I run the get-ExchangeCertificate cmdlet on the Edge Transport Server, I do not have the certificate for my mail.mycompany.com.
create new exchange certificate with domain name "ail.vetted-intl.com " with SMTP service
New-ExchangeCertificate -DomainName ail.vetted-intl.com
Enable-ExchangeCertificate -Thumbprint <copy and paste the thumbprint> -Services SMTP
restart MS exchaneg transport service
reference :
http://technet.microsoft.com/en-us/library/aa998327.aspx
http://technet.microsoft.com/en-us/library/aa997231.aspx
Enable-ExchangeCertificate
restart MS exchaneg transport service
reference :
http://technet.microsoft.com/en-us/library/aa998327.aspx
http://technet.microsoft.com/en-us/library/aa997231.aspx
ASKER
Do I do this on my Edge or Exchange?
if the event ID 12014 is generating on Hub you need to do this on HUB, if it is on Edge
then you need to create the certificate then re-subscribe the edge subscription.
then you need to create the certificate then re-subscribe the edge subscription.
ASKER
I'm sorry for not following you. The event ID 12014 is on the Edge. The Hub already has the new certificate (I'm assuming because I ran the I ran the "Enable-ExchangeCertificat e -Thumbprint 2afd26617915932ad096c48eb3 b847fc7457 662 -Services "SMTP" command on the Exchange Server.
ASKER
I think I may have fixed the problem with your solutions after I thought about it for a few minutes. I'm waiting to get an alert to see if the Event ID 12014 shows up again. I'll keep you posted.
ASKER
The message seems to have disappeared but now I'm getting Event ID 1005 saying that my certificate could not be decrypted by using the certificate with thumbprint XXXXXXXXXXXXXXXXXXXXXXXXXX The exception is The data to be decrypted exceeds the maximum for this modulus of 128 bytes.. To resolve this problem, unsubscribe and resubscribe your Edge Transport server.
I'm not sure what to do here and how to do it.
I'm not sure what to do here and how to do it.
Event 1005 is generating on which server HUB or Edge,
run the this command and get me the details
get-exchangecertificate | FL
run the this command and get me the details
get-exchangecertificate | FL
ASKER
It is being generated on the Edge.
ASKER
AccessRules : {System.Security.AccessCon trol.Crypt oKeyAccess Rule, System
.Security.AccessControl.Cr yptoKeyAcc essRule, System.Securi
ty.AccessControl.CryptoKey AccessRule }
CertificateDomains : {mail.mycompany.com}
HasPrivateKey : True
IsSelfSigned : False
Issuer : E=server-certs@thawte.com, CN=Thawte Server CA, OU=Certifi
cation Services Division, O=Thawte Consulting cc, L=Cape T
own, S=Western Cape, C=ZA
NotAfter : 7/31/2011 7:59:59 PM
NotBefore : 7/30/2008 8:00:00 PM
PublicKeySize : 1024
RootCAType : ThirdParty
SerialNumber : 52CDXXXXXXXXXXXXXXXXXXXXXX XXXXXX
Services : SMTP
Status : Valid
Subject : CN=mail.mycompany.com, OU=Domain Validated, OU=Thawte SS
L123 certificate, OU=Go to https://www.thawte.com/reposito
ry/index.html, O=mail.mycompany.com
Thumbprint : B489XXXXXXXXXXXXXXXXXXXXXX XXXXXXX
AccessRules : {System.Security.AccessCon trol.Crypt oKeyAccess Rule, System
.Security.AccessControl.Cr yptoKeyAcc essRule, System.Securi
ty.AccessControl.CryptoKey AccessRule }
CertificateDomains : {myserver, myserver.mycompany.com}
HasPrivateKey : True
IsSelfSigned : True
Issuer : CN=myserver
NotAfter : 7/26/2009 5:30:08 PM
NotBefore : 7/26/2008 5:30:08 PM
PublicKeySize : 2048
RootCAType : None
SerialNumber : F8541XXXXXXXXXXXXXXXXXXXXX XXXXXX
Services : SMTP
Status : Valid
Subject : CN=myserver
Thumbprint : 4239XXXXXXXXXXXXXXXXXXXXXX XXXXXXXXXX
.Security.AccessControl.Cr
ty.AccessControl.CryptoKey
CertificateDomains : {mail.mycompany.com}
HasPrivateKey : True
IsSelfSigned : False
Issuer : E=server-certs@thawte.com,
cation Services Division, O=Thawte Consulting cc, L=Cape T
own, S=Western Cape, C=ZA
NotAfter : 7/31/2011 7:59:59 PM
NotBefore : 7/30/2008 8:00:00 PM
PublicKeySize : 1024
RootCAType : ThirdParty
SerialNumber : 52CDXXXXXXXXXXXXXXXXXXXXXX
Services : SMTP
Status : Valid
Subject : CN=mail.mycompany.com, OU=Domain Validated, OU=Thawte SS
L123 certificate, OU=Go to https://www.thawte.com/reposito
ry/index.html, O=mail.mycompany.com
Thumbprint : B489XXXXXXXXXXXXXXXXXXXXXX
AccessRules : {System.Security.AccessCon
.Security.AccessControl.Cr
ty.AccessControl.CryptoKey
CertificateDomains : {myserver, myserver.mycompany.com}
HasPrivateKey : True
IsSelfSigned : True
Issuer : CN=myserver
NotAfter : 7/26/2009 5:30:08 PM
NotBefore : 7/26/2008 5:30:08 PM
PublicKeySize : 2048
RootCAType : None
SerialNumber : F8541XXXXXXXXXXXXXXXXXXXXX
Services : SMTP
Status : Valid
Subject : CN=myserver
Thumbprint : 4239XXXXXXXXXXXXXXXXXXXXXX
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
any update
ASKER
I had to remove the ADAM certificate from the Edge Server. I then had to recreate the subscription and restart both servers.