• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1804
  • Last Modified:

error 12014 on Exchange 2010

I have a new install of Exchange 2010 logging error 12014 in our event viewer. I tried a resolution I found in Googling the error but it did not work. I also get certificate related errors when I run a Berst Practice scan on my Exchange box. When I run the command "Get-OutlookProvider" I get nothing listed in the Server column. Below is the event log entry and the results from the "Get-OutlookProvider"  command and I have attached a screen shot of EXBP.

Log Name:      Application
Source:        MSExchangeTransport
Date:          2/28/2011 10:00:06 AM
Event ID:      12014
Task Category: TransportService
Level:         Error
Keywords:      Classic
User:          N/A
Computer:      EXCHANGE.MHACS.local
Microsoft Exchange could not find a certificate that contains the domain name EXCHANGE.havenacademy.org in the personal store on the local computer. Therefore, it is unable to support the STARTTLS SMTP verb for the connector Outgoing internet mail with a FQDN parameter of EXCHANGE.havenacademy.org. If the connector's FQDN is not specified, the computer's FQDN is used. Verify the connector configuration and the installed certificates to make sure that there is a certificate with a domain name for that FQDN. If this certificate exists, run Enable-ExchangeCertificate -Services SMTP to make sure that the Microsoft Exchange Transport service has access to the certificate key.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
    <Provider Name="MSExchangeTransport" />
    <EventID Qualifiers="49156">12014</EventID>
    <TimeCreated SystemTime="2011-02-28T15:00:06.000000000Z" />
    <Security />
    <Data>Outgoing internet mail</Data>

[PS] C:\Windows\system32>
[PS] C:\Windows\system32>Get-OutlookProvider

Name                          Server                        CertPrincipalName             TTL
----                          ------                        -----------------             ---
EXCH                                                                                      1
EXPR                                                                                      1
WEB                                                                                       1

[PS] C:\Windows\system32>
  • 13
  • 9
3 Solutions
On the "Exchange Management Shell" I wrote "Get-ExchangeCertificate"  command..
there are many thumbprints of cretificates (If by mistake you have created multiple certificate requests)
Go to the correct thumbprint from OWA certicate from Internet explorer...
2. After that on the shelll I write  "Enable-ExchangeCertificate -Thumbprint CORRECTTHUMBPRINT -Services "SMTP"    *(These thumbprint numbers ar sample)

In breef, you'll need to assign exchange services on a live, working and a good exchange certificate that you have installed on your servers.


InSearchOfAuthor Commented:
Hmmmm. Ok let me check that. Thanks for the info.
InSearchOfAuthor Commented:
Ok I ran those commands and FQDN on the send is different than the receive. The exchange server is on a dot local domain With statements on the firewall and the zone file for DNS to route traffic to the right place. This was the output of the commands.

         Welcome to the Exchange Management Shell!

Full list of cmdlets: Get-Command
Only Exchange cmdlets: Get-ExCommand
Cmdlets that match a specific string: Help *<string>*
Get general help: Help
Get help for a cmdlet: Help <cmdlet name> or <cmdlet name> -?
Show quick reference guide: QuickRef
Exchange team blog: Get-ExBlog
Show full output for a command: <command> | Format-List

Tip of the day #4:

Did you know that the Identity parameter is a "positional parameter"? That means you can use:

 Get-Mailbox "user" instead of: Get-Mailbox -Identity "user"

It's a neat usability shortcut!

VERBOSE: Connecting to EXCHANGE.MHACS.local
VERBOSE: Connected to EXCHANGE.MHACS.local.
[PS] C:\Windows\system32>Get-ExchangeCertificate | FL *

PSComputerName       : exchange.mhacs.local
RunspaceId           : 064bdb1e-8c81-4ca5-bc72-4ccf657a3140
AccessRules          : {System.Security.AccessControl.CryptoKeyAccessRule, System.Security.AccessControl.CryptoKeyAcces
                       sRule, System.Security.AccessControl.CryptoKeyAccessRule, System.Security.AccessControl.CryptoKe
CertificateDomains   : {EXCHANGE, EXCHANGE.MHACS.local}
CertificateRequest   :
IisServices          : {IIS://EXCHANGE/W3SVC/1}
IsSelfSigned         : True
KeyIdentifier        : 32CDD58C484BFC188B8935F9D374272BF90D8815
RootCAType           : None
Services             : IMAP, POP, IIS, SMTP
Status               : Valid
SubjectKeyIdentifier :
PrivateKeyExportable : False
PublicKeySize        : 2048
ServicesStringForm   : IP.WS.
Archived             : False
Extensions           : {System.Security.Cryptography.Oid, System.Security.Cryptography.Oid, System.Security.Cryptograph
                       y.Oid, System.Security.Cryptography.Oid}
FriendlyName         : Microsoft Exchange
IssuerName           : System.Security.Cryptography.X509Certificates.X500DistinguishedName
NotAfter             : 8/11/2015 10:21:06 AM
NotBefore            : 8/11/2010 10:21:06 AM
HasPrivateKey        : True
PrivateKey           : System.Security.Cryptography.RSACryptoServiceProvider
PublicKey            : System.Security.Cryptography.X509Certificates.PublicKey
RawData              : {48, 130, 3, 16, 48, 130, 1, 248, 160, 3, 2, 1, 2, 2, 16, 38...}
SerialNumber         : 267DAF656A3164A04D8F8C92B65A899B
SubjectName          : System.Security.Cryptography.X509Certificates.X500DistinguishedName
SignatureAlgorithm   : System.Security.Cryptography.Oid
Thumbprint           : 6CBEE0A300306B3498B37B3673409EC77406B5A6
Version              : 3
Handle               : 457287984
Issuer               : CN=EXCHANGE
Subject              : CN=EXCHANGE

[PS] C:\Windows\system32>
[PS] C:\Windows\system32>Get-ReceiveConnector | FL name, fqdn, objectClass

Name        : Default EXCHANGE
Fqdn        : EXCHANGE.MHACS.local
ObjectClass : {top, msExchSmtpReceiveConnector}

Name        : Client EXCHANGE
Fqdn        : EXCHANGE.MHACS.local
ObjectClass : {top, msExchSmtpReceiveConnector}

[PS] C:\Windows\system32>
[PS] C:\Windows\system32>Get-SendConnector | FL name, fqdn, objectClass

Name        : Outgoing internet mail
Fqdn        : EXCHANGE.havenacademy.org
ObjectClass : {top, msExchConnector, mailGateway, msExchRoutingSMTPConnector}

[PS] C:\Windows\system32>
[PS] C:\Windows\system32>
Creating Active Directory Users from a Text File

If your organization has a need to mass-create AD user accounts, watch this video to see how its done without the need for scripting or other unnecessary complexities.

Satya PathakLead Technical ConsultantCommented:
now you can restart the transport service and check it , if event are still occure on the server , i would also suggest you to please check the server incomming and outgoing connector. if you modify any please its require to ran transport service.
InSearchOfAuthor Commented:
I have not done anything yet. Should my receive and send connects be the same? Look at my last posting. Thanks
OK, Got the issue,

The names you are using on your certificate is not  correct, As your correct certificate has only EXCHANGE and EXCHANGE.MHACS.local domains name configured and you are also using EXCHANGE.havenacademy.org domain name and this name is not present in your certificate. You'll need to use a UCC5 certificate, where you can use alternative names.
You can go through below site to generate a certificate request with alternative names,
In theis site at the column of "Subject Alternative Names" you can use ";" semi-colon to make a gap between two names.
Download a new certificate and attach this with your existing exchange environment. This will not require any downtime or server reboot. Users will may get some certificate alert when you delete current certificate, but after the successfull installation of new certificate that error will also remove automatically.
InSearchOfAuthor Commented:
Ok thanks for the info. Let me go thru the steps and post back. Thanks again
InSearchOfAuthor Commented:
Ok, I created the cert and copied and pasted it to Exchange command shell. I am new to exchange 2010. How do I delete the old one and install the new one?
You should follow below link to download and install/uninstall a certificate in your exchange

InSearchOfAuthor Commented:
Thanks. I will check it out.
InSearchOfAuthor Commented:
Ok. That did the trick. It shrank my log files and I was able to move my database. Thanks guys
InSearchOfAuthor Commented:
Sorry, wrong post.
InSearchOfAuthor Commented:
I keep getting an error when I copy and paste to command shell after generating:

A positional parameter cannot be found that accepts argument '-Path'.
    + CategoryInfo          : InvalidArgument: (:) [New-ExchangeCertificate], ParameterBindingException
    + FullyQualifiedErrorId : PositionalParameterNotFound,New-ExchangeCertificate
I think you misunderstood my posts,
Follow below attached file for generating a certificate request with Exchange 2010 server and use the generated .csr file to download a new certificate from your certificate provider.

Also you can check below links for referance
InSearchOfAuthor Commented:
It goes all the way through until I "Complete pending request".  I get "Source file is corrupt or not Base64 properly encoded". I have tried a few times with the same result.
Can you post the screen shot of your cert settings and the error. There is must be something wrong
InSearchOfAuthor Commented:
OK. These are the screen shots at different step.
I think you are very new to exchange...
********The file you generated is only a certificate request not a certificate********

You'll need to open this file in notepad and copy the content of this file without modifying aything there, and then go to your certificate provider's web site (i.e. GoDaddy) and generate a certificate using the copied codes. After getting a certificate from them download that certificate to your servers and complete certificate pending request.
InSearchOfAuthor Commented:
Yes you are right I am new to Exchange. Can I do this on on the digicert link you provided or do I need CA provider like GoDaddy?
First of all you'll need to create a certificate request on servers and then contact any CA providers. There are many CA providers like GoDaddy, Verysign etc. You can shoose any of them.
InSearchOfAuthor Commented:
Ok. Thanks for all your. I really appreciate it.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Easily manage email signatures in Office 365

Managing email signatures in Office 365 can be a challenging task if you don't have the right tool. CodeTwo Email Signatures for Office 365 will help you implement a unified email signature look, no matter what email client is used by users. Test it for free!

  • 13
  • 9
Tackle projects and never again get stuck behind a technical roadblock.
Join Now