error 12014 on Exchange 2010

Posted on 2011-02-28
Last Modified: 2012-05-11
I have a new install of Exchange 2010 logging error 12014 in our event viewer. I tried a resolution I found in Googling the error but it did not work. I also get certificate related errors when I run a Berst Practice scan on my Exchange box. When I run the command "Get-OutlookProvider" I get nothing listed in the Server column. Below is the event log entry and the results from the "Get-OutlookProvider"  command and I have attached a screen shot of EXBP.

Log Name:      Application
Source:        MSExchangeTransport
Date:          2/28/2011 10:00:06 AM
Event ID:      12014
Task Category: TransportService
Level:         Error
Keywords:      Classic
User:          N/A
Computer:      EXCHANGE.MHACS.local
Microsoft Exchange could not find a certificate that contains the domain name in the personal store on the local computer. Therefore, it is unable to support the STARTTLS SMTP verb for the connector Outgoing internet mail with a FQDN parameter of If the connector's FQDN is not specified, the computer's FQDN is used. Verify the connector configuration and the installed certificates to make sure that there is a certificate with a domain name for that FQDN. If this certificate exists, run Enable-ExchangeCertificate -Services SMTP to make sure that the Microsoft Exchange Transport service has access to the certificate key.
Event Xml:
<Event xmlns="">
    <Provider Name="MSExchangeTransport" />
    <EventID Qualifiers="49156">12014</EventID>
    <TimeCreated SystemTime="2011-02-28T15:00:06.000000000Z" />
    <Security />
    <Data>Outgoing internet mail</Data>

[PS] C:\Windows\system32>
[PS] C:\Windows\system32>Get-OutlookProvider

Name                          Server                        CertPrincipalName             TTL
----                          ------                        -----------------             ---
EXCH                                                                                      1
EXPR                                                                                      1
WEB                                                                                       1

[PS] C:\Windows\system32>
Question by:InSearchOf
  • 13
  • 9
LVL 10

Expert Comment

ID: 34998895
On the "Exchange Management Shell" I wrote "Get-ExchangeCertificate"  command..
there are many thumbprints of cretificates (If by mistake you have created multiple certificate requests)
Go to the correct thumbprint from OWA certicate from Internet explorer...
2. After that on the shelll I write  "Enable-ExchangeCertificate -Thumbprint CORRECTTHUMBPRINT -Services "SMTP"    *(These thumbprint numbers ar sample)

In breef, you'll need to assign exchange services on a live, working and a good exchange certificate that you have installed on your servers.



Author Comment

ID: 34999590
Hmmmm. Ok let me check that. Thanks for the info.

Author Comment

ID: 34999899
Ok I ran those commands and FQDN on the send is different than the receive. The exchange server is on a dot local domain With statements on the firewall and the zone file for DNS to route traffic to the right place. This was the output of the commands.

         Welcome to the Exchange Management Shell!

Full list of cmdlets: Get-Command
Only Exchange cmdlets: Get-ExCommand
Cmdlets that match a specific string: Help *<string>*
Get general help: Help
Get help for a cmdlet: Help <cmdlet name> or <cmdlet name> -?
Show quick reference guide: QuickRef
Exchange team blog: Get-ExBlog
Show full output for a command: <command> | Format-List

Tip of the day #4:

Did you know that the Identity parameter is a "positional parameter"? That means you can use:

 Get-Mailbox "user" instead of: Get-Mailbox -Identity "user"

It's a neat usability shortcut!

VERBOSE: Connecting to EXCHANGE.MHACS.local
VERBOSE: Connected to EXCHANGE.MHACS.local.
[PS] C:\Windows\system32>Get-ExchangeCertificate | FL *

PSComputerName       : exchange.mhacs.local
RunspaceId           : 064bdb1e-8c81-4ca5-bc72-4ccf657a3140
AccessRules          : {System.Security.AccessControl.CryptoKeyAccessRule, System.Security.AccessControl.CryptoKeyAcces
                       sRule, System.Security.AccessControl.CryptoKeyAccessRule, System.Security.AccessControl.CryptoKe
CertificateDomains   : {EXCHANGE, EXCHANGE.MHACS.local}
CertificateRequest   :
IisServices          : {IIS://EXCHANGE/W3SVC/1}
IsSelfSigned         : True
KeyIdentifier        : 32CDD58C484BFC188B8935F9D374272BF90D8815
RootCAType           : None
Services             : IMAP, POP, IIS, SMTP
Status               : Valid
SubjectKeyIdentifier :
PrivateKeyExportable : False
PublicKeySize        : 2048
ServicesStringForm   : IP.WS.
Archived             : False
Extensions           : {System.Security.Cryptography.Oid, System.Security.Cryptography.Oid, System.Security.Cryptograph
                       y.Oid, System.Security.Cryptography.Oid}
FriendlyName         : Microsoft Exchange
IssuerName           : System.Security.Cryptography.X509Certificates.X500DistinguishedName
NotAfter             : 8/11/2015 10:21:06 AM
NotBefore            : 8/11/2010 10:21:06 AM
HasPrivateKey        : True
PrivateKey           : System.Security.Cryptography.RSACryptoServiceProvider
PublicKey            : System.Security.Cryptography.X509Certificates.PublicKey
RawData              : {48, 130, 3, 16, 48, 130, 1, 248, 160, 3, 2, 1, 2, 2, 16, 38...}
SerialNumber         : 267DAF656A3164A04D8F8C92B65A899B
SubjectName          : System.Security.Cryptography.X509Certificates.X500DistinguishedName
SignatureAlgorithm   : System.Security.Cryptography.Oid
Thumbprint           : 6CBEE0A300306B3498B37B3673409EC77406B5A6
Version              : 3
Handle               : 457287984
Issuer               : CN=EXCHANGE
Subject              : CN=EXCHANGE

[PS] C:\Windows\system32>
[PS] C:\Windows\system32>Get-ReceiveConnector | FL name, fqdn, objectClass

Name        : Default EXCHANGE
Fqdn        : EXCHANGE.MHACS.local
ObjectClass : {top, msExchSmtpReceiveConnector}

Name        : Client EXCHANGE
Fqdn        : EXCHANGE.MHACS.local
ObjectClass : {top, msExchSmtpReceiveConnector}

[PS] C:\Windows\system32>
[PS] C:\Windows\system32>Get-SendConnector | FL name, fqdn, objectClass

Name        : Outgoing internet mail
Fqdn        :
ObjectClass : {top, msExchConnector, mailGateway, msExchRoutingSMTPConnector}

[PS] C:\Windows\system32>
[PS] C:\Windows\system32>
LVL 20

Assisted Solution

by:Satya Pathak
Satya Pathak earned 166 total points
ID: 35001846
now you can restart the transport service and check it , if event are still occure on the server , i would also suggest you to please check the server incomming and outgoing connector. if you modify any please its require to ran transport service.

Author Comment

ID: 35001968
I have not done anything yet. Should my receive and send connects be the same? Look at my last posting. Thanks
LVL 10

Accepted Solution

abhijitmdp earned 334 total points
ID: 35005447
OK, Got the issue,

The names you are using on your certificate is not  correct, As your correct certificate has only EXCHANGE and EXCHANGE.MHACS.local domains name configured and you are also using domain name and this name is not present in your certificate. You'll need to use a UCC5 certificate, where you can use alternative names.
You can go through below site to generate a certificate request with alternative names,
In theis site at the column of "Subject Alternative Names" you can use ";" semi-colon to make a gap between two names.
LVL 10

Expert Comment

ID: 35005455
Download a new certificate and attach this with your existing exchange environment. This will not require any downtime or server reboot. Users will may get some certificate alert when you delete current certificate, but after the successfull installation of new certificate that error will also remove automatically.
LVL 10

Expert Comment

ID: 35005457

Author Comment

ID: 35006160
Ok thanks for the info. Let me go thru the steps and post back. Thanks again

Author Comment

ID: 35007244
Ok, I created the cert and copied and pasted it to Exchange command shell. I am new to exchange 2010. How do I delete the old one and install the new one?
LVL 10

Expert Comment

ID: 35010385
You should follow below link to download and install/uninstall a certificate in your exchange

NAS Cloud Backup Strategies

This article explains backup scenarios when using network storage. We review the so-called “3-2-1 strategy” and summarize the methods you can use to send NAS data to the cloud


Author Comment

ID: 35012652
Thanks. I will check it out.

Author Comment

ID: 35012828
Ok. That did the trick. It shrank my log files and I was able to move my database. Thanks guys

Author Comment

ID: 35012832
Sorry, wrong post.

Author Comment

ID: 35014686
I keep getting an error when I copy and paste to command shell after generating:

A positional parameter cannot be found that accepts argument '-Path'.
    + CategoryInfo          : InvalidArgument: (:) [New-ExchangeCertificate], ParameterBindingException
    + FullyQualifiedErrorId : PositionalParameterNotFound,New-ExchangeCertificate
LVL 10

Assisted Solution

abhijitmdp earned 334 total points
ID: 35015659
I think you misunderstood my posts,
Follow below attached file for generating a certificate request with Exchange 2010 server and use the generated .csr file to download a new certificate from your certificate provider.

Also you can check below links for referance

Author Comment

ID: 35016800
It goes all the way through until I "Complete pending request".  I get "Source file is corrupt or not Base64 properly encoded". I have tried a few times with the same result.
LVL 10

Expert Comment

ID: 35017204
Can you post the screen shot of your cert settings and the error. There is must be something wrong

Author Comment

ID: 35017640
OK. These are the screen shots at different step.
LVL 10

Expert Comment

ID: 35018393
I think you are very new to exchange...
********The file you generated is only a certificate request not a certificate********

You'll need to open this file in notepad and copy the content of this file without modifying aything there, and then go to your certificate provider's web site (i.e. GoDaddy) and generate a certificate using the copied codes. After getting a certificate from them download that certificate to your servers and complete certificate pending request.

Author Comment

ID: 35021029
Yes you are right I am new to Exchange. Can I do this on on the digicert link you provided or do I need CA provider like GoDaddy?
LVL 10

Expert Comment

ID: 35025845
First of all you'll need to create a certificate request on servers and then contact any CA providers. There are many CA providers like GoDaddy, Verysign etc. You can shoose any of them.

Author Comment

ID: 35026247
Ok. Thanks for all your. I really appreciate it.

Featured Post

Ransomware-A Revenue Bonanza for Service Providers

Ransomware – malware that gets on your customers’ computers, encrypts their data, and extorts a hefty ransom for the decryption keys – is a surging new threat.  The purpose of this eBook is to educate the reader about ransomware attacks.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
RSOP Red "X" 7 26
Distribution grouop does not get message from website 8 24
exchange, outlook 2 26
Move for SBS 2011 to Office 365 3 18
Learn to move / copy / export exchange contacts to iPhone without using any software. Also see the issues in configuration of exchange with iPhone to migrate contacts.
Find out what you should include to make the best professional email signature for your organization.
This tutorial will give a an overview on how to deploy remote agents in Backup Exec 2012 to new servers. Click on the Backup Exec button in the upper left corner. From here, are global settings for the application such as connecting to a remote Back…
This tutorial will walk an individual through locating and launching the BEUtility application to properly change the service account username and\or password in situation where it may be necessary or where the password has been inadvertently change…

911 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

19 Experts available now in Live!

Get 1:1 Help Now