Exchange 2007 Event ID 12014

Posted on 2009-04-27
Last Modified: 2012-05-06
I have an Exchange 2007 installation that's part of my SBS 2008 Premium server. I occassionally get the Event ID 12014 error message in the application log (I copied the error message in its entirety below). All facets of Exchange are working properly as far as I can see and have been since the server was installed a few months ago. I suspect the issue that I have is that my SSL certificate is for (applicable setup for SBS) while my server announces itself over SMTP to external resources as I suspect this is the root of my issue. I'm not concerned since everything is working (I understand this could possibly impact http over rcp which I don't currently use at the given site). Should I be concerend over this error message? Should I resolve or let it be?

Log Name:      Application

Source:        MSExchangeTransport

Date:          4/27/2009 2:43:36 PM

Event ID:      12014

Task Category: TransportService

Level:         Error

Keywords:      Classic

User:          N/A

Computer:     myserver.mydomain.local


Microsoft Exchange couldn't find a certificate that contains the domain name in the personal store on the local computer. Therefore, it is unable to support the STARTTLS SMTP verb for the connector Outbound with a FQDN parameter of If the connector's FQDN is not specified, the computer's FQDN is used. Verify the connector configuration and the installed certificates to make sure that there is a certificate with a domain name for that FQDN. If this certificate exists, run Enable-ExchangeCertificate -Services SMTP to make sure that the Microsoft Exchange Transport service has access to the certificate key.

Event Xml:

<Event xmlns="">


    <Provider Name="MSExchangeTransport" />

    <EventID Qualifiers="49156">12014</EventID>




    <TimeCreated SystemTime="2009-04-27T18:43:36.000Z" />




    <Security />







Open in new window

Question by:Danstr1
    LVL 14

    Expert Comment

    Well, as so often: It depends.
    You do not have a certificate with the name of your mail server, and therefore it will not use use TLS (basically encryption of mail traffic at the transport level)
    Will it work fine without: Yes it will. Of course it would be better to have a certificate to increase security in some cases, but that is your decision.


    Author Comment

    Since I have SBS, I need to have an external facing certificate of as I currently have. So would the solution in this instance be to obtain a single certificate capable of multiple domain names where I would additionally include
    LVL 24

    Expert Comment

    LVL 6

    Expert Comment


    To include multiple Domains in the Certificate you will need to create a new Certificate request normally these certificates are known as SAN(UCC) certificates and then contact your certificate vendor.
    You can go through the following web site that would help you in creating the Certificate Request

    Note: Common name should be the external URL in your case and in Subject alternative Name add the name and ( should be the external DNS name for your domain)

    LVL 24

    Expert Comment

    LVL 17

    Accepted Solution

    1) do Get-ExchangeCertificate |fl and paste the results here..........
    2) check the 12014 error...and note the fqdn
    3) now in order to create a new certificate you do the following :

    New-ExchangeCertificate -DomainName   (you will find the FQDN on the send or the ceceive connector or go to properties of My computer--> computer name)
    -> this wil then ask you if you want to make it default. just put in Y
    Your new certificate is thus created............
    4) again check : get-ExchangeCertificate
    and note the thumbprint : lets say : XXXXXXXXXXXXXXXXXXX
    5) then you need to enable the services on the certificate.............

    Enable-ExchangeCertificate -Thumbprint XXXXXXXXXXXXXXXXXXX -Services "IMAP,POP,SMTP"
    Put in the CORRECT THUMB PRINT FROM POINT (4) To point 5

    again do Get-ExchangeCertificate and see  the results

    if you have any questions let me know.....




    Author Comment


    If I do as you recommend above, will this overwrite the existing SSL commercial certificate I own or will it allow me to fix the current certificate issue while continuing to use my existing externall SSL for

    LVL 17

    Expert Comment

    it wont effect.. this is a self assigned certificate we are creating for the FQDN... we are removing none..

    Featured Post

    Enabling OSINT in Activity Based Intelligence

    Activity based intelligence (ABI) requires access to all available sources of data. Recorded Future allows analysts to observe structured data on the open, deep, and dark web.

    Join & Write a Comment

    Get an idea of what you should include in an email disclaimer with these Top 5 email disclaimer tips.
    "Migrate" an SMTP relay receive connector to a new server using info from an old server.
    In this video we show how to create an email address policy in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.:  First we need to log into the Exchange Admin Center. Navigate to the Mail Flow…
    This video discusses moving either the default database or any database to a new volume.

    745 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    16 Experts available now in Live!

    Get 1:1 Help Now