?
Solved

Event ID 12014

Posted on 2009-04-23
13
Medium Priority
?
1,760 Views
Last Modified: 2012-05-06
I'm running Exchange 2007, I have the Exchange Server on one box and the Edge Transport on another box.

I'm receiving this error in the Event Logs:

EVENT #      51762
EVENT LOG      Application
EVENT TYPE      Error
SOURCE      MSExchangeTransport
CATEGORY      TransportService
EVENT ID      12014
COMPUTERNAME        MY_SERVER
DATE / TIME        4/23/2009 8:25:26 AM
MESSAGE      Microsoft Exchange couldn't find a certificate that contains the domain name mail.vetted-intl.com in the personal store on the local computer. Therefore, it is unable to support the STARTTLS SMTP verb for the connector edgesync - inbound to default-first-site-name with a FQDN parameter of mail.vetted-intl.com. If the connector's FQDN is not specified, the computer's FQDN is used. Verify the connector configuration and the installed certificates to make sure that there is a certificate with a domain name for that FQDN. If this certificate exists, run Enable-ExchangeCertificate -Services SMTP to make sure that the Microsoft Exchange Transport service has access to the certificate key.

I just recently had to renew my SSL Certificate about a month ago, but it appears these errors have been happening before my renewal.  I was receiving this error on both the Exchange Server and Edge Transport Server.

I ran the "Enable-ExchangeCertificate -Thumbprint 2afd26617915932ad096c48eb3b847fc7457662 -Services "SMTP" command on the Exchange Server so that error does not appear anymore on the Exchange Server.

I ran the Start-EdgeSynchronization cmdlet in the Exchange Management Shell to force the replication and have also waited one full day.

When I run the get-ExchangeCertificate cmdlet on the Edge Transport Server, I do not have the certificate for my mail.mycompany.com.
0
Comment
Question by:wakebrdr77
  • 7
  • 6
13 Comments
 
LVL 6

Expert Comment

by:muzzi_in
ID: 24214685
create new exchange certificate with domain name "ail.vetted-intl.com " with SMTP service



0
 
LVL 6

Expert Comment

by:muzzi_in
ID: 24214729
New-ExchangeCertificate -DomainName ail.vetted-intl.com

Enable-ExchangeCertificate -Thumbprint <copy and paste the thumbprint> -Services SMTP

restart MS exchaneg transport service

reference :
http://technet.microsoft.com/en-us/library/aa998327.aspx 
http://technet.microsoft.com/en-us/library/aa997231.aspx
0
 

Author Comment

by:wakebrdr77
ID: 24214868
Do I do this on my Edge or Exchange?
0
Free recovery tool for Microsoft Active Directory

Veeam Explorer for Microsoft Active Directory provides fast and reliable object-level recovery for Active Directory from a single-pass, agentless backup or storage snapshot — without the need to restore an entire virtual machine or use third-party tools.

 
LVL 6

Expert Comment

by:muzzi_in
ID: 24214968
if the event ID 12014 is generating on Hub you need to do this on HUB, if it is on Edge

then you need to create the certificate then re-subscribe the edge subscription.
 
0
 

Author Comment

by:wakebrdr77
ID: 24215114
I'm sorry for not following you. The event ID 12014 is on the Edge.  The Hub already has the new certificate (I'm assuming because I ran the I ran the "Enable-ExchangeCertificate -Thumbprint 2afd26617915932ad096c48eb3b847fc7457662 -Services "SMTP" command on the Exchange Server.

0
 

Author Comment

by:wakebrdr77
ID: 24215278
I think I may have fixed the problem with your solutions after I thought about it for a few minutes. I'm waiting to get an alert to see if the Event ID 12014 shows up again.  I'll keep you posted.
0
 

Author Comment

by:wakebrdr77
ID: 24215747
The message seems to have disappeared but now I'm getting Event ID 1005 saying that my certificate could not be decrypted by using the certificate with thumbprint XXXXXXXXXXXXXXXXXXXXXXXXXX The exception is The data to be decrypted exceeds the maximum for this modulus of 128 bytes.. To resolve this problem, unsubscribe and resubscribe your Edge Transport server.

I'm not sure what to do here and how to do it.
0
 
LVL 6

Expert Comment

by:muzzi_in
ID: 24217596
Event 1005 is generating on which server HUB or Edge,

run the this command and get me the details

get-exchangecertificate | FL

0
 

Author Comment

by:wakebrdr77
ID: 24217726
It is being generated on the Edge.
0
 

Author Comment

by:wakebrdr77
ID: 24217757
AccessRules        : {System.Security.AccessControl.CryptoKeyAccessRule, System
                     .Security.AccessControl.CryptoKeyAccessRule, System.Securi
                     ty.AccessControl.CryptoKeyAccessRule}
CertificateDomains : {mail.mycompany.com}
HasPrivateKey      : True
IsSelfSigned       : False
Issuer             : E=server-certs@thawte.com, CN=Thawte Server CA, OU=Certifi
                     cation Services Division, O=Thawte Consulting cc, L=Cape T
                     own, S=Western Cape, C=ZA
NotAfter           : 7/31/2011 7:59:59 PM
NotBefore          : 7/30/2008 8:00:00 PM
PublicKeySize      : 1024
RootCAType         : ThirdParty
SerialNumber       : 52CDXXXXXXXXXXXXXXXXXXXXXXXXXXXX
Services           : SMTP
Status             : Valid
Subject            : CN=mail.mycompany.com, OU=Domain Validated, OU=Thawte SS
                     L123 certificate, OU=Go to https://www.thawte.com/reposito
                     ry/index.html, O=mail.mycompany.com
Thumbprint         : B489XXXXXXXXXXXXXXXXXXXXXXXXXXXXX

AccessRules        : {System.Security.AccessControl.CryptoKeyAccessRule, System
                     .Security.AccessControl.CryptoKeyAccessRule, System.Securi
                     ty.AccessControl.CryptoKeyAccessRule}
CertificateDomains : {myserver, myserver.mycompany.com}
HasPrivateKey      : True
IsSelfSigned       : True
Issuer             : CN=myserver
NotAfter           : 7/26/2009 5:30:08 PM
NotBefore          : 7/26/2008 5:30:08 PM
PublicKeySize      : 2048
RootCAType         : None
SerialNumber       : F8541XXXXXXXXXXXXXXXXXXXXXXXXXXX
Services           : SMTP
Status             : Valid
Subject            : CN=myserver
Thumbprint         : 4239XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
0
 
LVL 6

Accepted Solution

by:
muzzi_in earned 2000 total points
ID: 24227341
over here findings are:

the First certificate has issues from third party that is thawte.com which have SMTP service enabled,

the other one has self signed certificate which also have SMTP service enabled,

now my Questions is, are you using third party certificate OWA or TLS, if it is for owa then ok....

if we are not using third party certificate fro TLS, then you no need to worried about it   because our self signed certificate will expire after 7/26/2009, so till the time use it, cone it expired then create new one.

still you want to completely remove the event ID then follow this :

http://social.technet.microsoft.com/Forums/en-US/exchangesvrtransport/thread/33753446-0a17-4648-8132-829c9de11e11

0
 
LVL 6

Expert Comment

by:muzzi_in
ID: 24262429
any update
0
 

Author Comment

by:wakebrdr77
ID: 24278313
I had to remove the ADAM certificate from the Edge Server.  I then had to recreate the subscription and restart both servers.
0

Featured Post

Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article will help to fix the below errors for MS Exchange Server 2016 I. Certificate error "name on the security certificate is invalid or does not match the name of the site" II. Out of Office not working III. Make Internal URLs and Externa…
Exchange administrators are always vigilant about Exchange crashes and disasters that are possible any time. It is quite essential to identify the symptoms of a possible Exchange issue and be prepared with a proper recovery plan. There are multiple…
In this video we show how to create a mailbox database in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Servers >> Data…
The basic steps you have just learned will be implemented in this video. The basic steps are shown to configure an Exchange DAG in a live working Exchange Server Environment and manage the same (Exchange Server 2010 Software is used in a Windows Ser…
Suggested Courses
Course of the Month13 days, 15 hours left to enroll

807 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question