• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 777
  • Last Modified:

Exchange 2007 Event ID 12014

I have an Exchange 2007 installation that's part of my SBS 2008 Premium server. I occassionally get the Event ID 12014 error message in the application log (I copied the error message in its entirety below). All facets of Exchange are working properly as far as I can see and have been since the server was installed a few months ago. I suspect the issue that I have is that my SSL certificate is for remote.myworkplace.com (applicable setup for SBS) while my server announces itself over SMTP to external resources as myserver.mydomain.com. I suspect this is the root of my issue. I'm not concerned since everything is working (I understand this could possibly impact http over rcp which I don't currently use at the given site). Should I be concerend over this error message? Should I resolve or let it be?

Log Name:      Application
Source:        MSExchangeTransport
Date:          4/27/2009 2:43:36 PM
Event ID:      12014
Task Category: TransportService
Level:         Error
Keywords:      Classic
User:          N/A
Computer:     myserver.mydomain.local
Microsoft Exchange couldn't find a certificate that contains the domain name myserver.mydomain.com in the personal store on the local computer. Therefore, it is unable to support the STARTTLS SMTP verb for the connector Outbound with a FQDN parameter of myserver.mydomain.com. If the connector's FQDN is not specified, the computer's FQDN is used. Verify the connector configuration and the installed certificates to make sure that there is a certificate with a domain name for that FQDN. If this certificate exists, run Enable-ExchangeCertificate -Services SMTP to make sure that the Microsoft Exchange Transport service has access to the certificate key.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
    <Provider Name="MSExchangeTransport" />
    <EventID Qualifiers="49156">12014</EventID>
    <TimeCreated SystemTime="2009-04-27T18:43:36.000Z" />
    <Security />

Open in new window

  • 2
  • 2
  • 2
  • +2
1 Solution
Well, as so often: It depends.
You do not have a certificate with the name of your mail server, and therefore it will not use use TLS (basically encryption of mail traffic at the transport level)
Will it work fine without: Yes it will. Of course it would be better to have a certificate to increase security in some cases, but that is your decision.

Danstr1Author Commented:
Since I have SBS, I need to have an external facing certificate of remote.myserver.com as I currently have. So would the solution in this instance be to obtain a single certificate capable of multiple domain names where I would additionally include myserver.mydomain.com?
Rajith EnchiparambilOffice 365 & Exchange ArchitectCommented:
Simplify Active Directory Administration

Administration of Active Directory does not have to be hard.  Too often what should be a simple task is made more difficult than it needs to be.The solution?  Hyena from SystemTools Software.  With ease-of-use as well as powerful importing and bulk updating capabilities.


To include multiple Domains in the Certificate you will need to create a new Certificate request normally these certificates are known as SAN(UCC) certificates and then contact your certificate vendor.
You can go through the following web site that would help you in creating the Certificate Request

Note: Common name should be the external URL in your case remote.myserver.com and in Subject alternative Name add the name myserver.mydomain.com and autodiscover.mydomain.com (mydomain.com should be the external DNS name for your domain)

Rajith EnchiparambilOffice 365 & Exchange ArchitectCommented:
1) do Get-ExchangeCertificate |fl and paste the results here..........
2) check the 12014 error...and note the fqdn
3) now in order to create a new certificate you do the following :

New-ExchangeCertificate -DomainName mail.abc.com   (you will find the FQDN mail.abc.com on the send or the ceceive connector or go to properties of My computer--> computer name)
-> this wil then ask you if you want to make it default. just put in Y
Your new certificate is thus created............
4) again check : get-ExchangeCertificate
and note the thumbprint : lets say : XXXXXXXXXXXXXXXXXXX
5) then you need to enable the services on the certificate.............

Enable-ExchangeCertificate -Thumbprint XXXXXXXXXXXXXXXXXXX -Services "IMAP,POP,SMTP"
Put in the CORRECT THUMB PRINT FROM POINT (4) To point 5

again do Get-ExchangeCertificate and see  the results

if you have any questions let me know.....



Danstr1Author Commented:

If I do as you recommend above, will this overwrite the existing SSL commercial certificate I own or will it allow me to fix the current certificate issue while continuing to use my existing externall SSL for remote.mydomain.com?

it wont effect.. this is a self assigned certificate we are creating for the FQDN... we are removing none..
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

  • 2
  • 2
  • 2
  • +2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now