Solved

error 12014 on Exchange 2010

Posted on 2011-02-28
23
1,673 Views
Last Modified: 2012-05-11
I have a new install of Exchange 2010 logging error 12014 in our event viewer. I tried a resolution I found in Googling the error but it did not work. I also get certificate related errors when I run a Berst Practice scan on my Exchange box. When I run the command "Get-OutlookProvider" I get nothing listed in the Server column. Below is the event log entry and the results from the "Get-OutlookProvider"  command and I have attached a screen shot of EXBP.



Log Name:      Application
Source:        MSExchangeTransport
Date:          2/28/2011 10:00:06 AM
Event ID:      12014
Task Category: TransportService
Level:         Error
Keywords:      Classic
User:          N/A
Computer:      EXCHANGE.MHACS.local
Description:
Microsoft Exchange could not find a certificate that contains the domain name EXCHANGE.havenacademy.org in the personal store on the local computer. Therefore, it is unable to support the STARTTLS SMTP verb for the connector Outgoing internet mail with a FQDN parameter of EXCHANGE.havenacademy.org. If the connector's FQDN is not specified, the computer's FQDN is used. Verify the connector configuration and the installed certificates to make sure that there is a certificate with a domain name for that FQDN. If this certificate exists, run Enable-ExchangeCertificate -Services SMTP to make sure that the Microsoft Exchange Transport service has access to the certificate key.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="MSExchangeTransport" />
    <EventID Qualifiers="49156">12014</EventID>
    <Level>2</Level>
    <Task>12</Task>
    <Keywords>0x80000000000000</Keywords>
    <TimeCreated SystemTime="2011-02-28T15:00:06.000000000Z" />
    <EventRecordID>124755</EventRecordID>
    <Channel>Application</Channel>
    <Computer>EXCHANGE.MHACS.local</Computer>
    <Security />
  </System>
  <EventData>
    <Data>EXCHANGE.havenacademy.org</Data>
    <Data>Outgoing internet mail</Data>
  </EventData>
</Event>
------------------------------------------------------------------------------------------------------------

[PS] C:\Windows\system32>
[PS] C:\Windows\system32>Get-OutlookProvider

Name                          Server                        CertPrincipalName             TTL
----                          ------                        -----------------             ---
EXCH                                                                                      1
EXPR                                                                                      1
WEB                                                                                       1


[PS] C:\Windows\system32>
EXBP-Scan.jpg
0
Comment
Question by:InSearchOf
  • 13
  • 9
23 Comments
 
LVL 10

Expert Comment

by:abhijitmdp
ID: 34998895
On the "Exchange Management Shell" I wrote "Get-ExchangeCertificate"  command..
there are many thumbprints of cretificates (If by mistake you have created multiple certificate requests)
Go to the correct thumbprint from OWA certicate from Internet explorer...
2. After that on the shelll I write  "Enable-ExchangeCertificate -Thumbprint CORRECTTHUMBPRINT -Services "SMTP"    *(These thumbprint numbers ar sample)

In breef, you'll need to assign exchange services on a live, working and a good exchange certificate that you have installed on your servers.

Ref#http://www.microsoft.com/technet/support/ee/transform.aspx?ProdName=Exchange&ProdVer=8.0&EvtID=12014&EvtSrc=MSExchangeTransport

0
 

Author Comment

by:InSearchOf
ID: 34999590
Hmmmm. Ok let me check that. Thanks for the info.
0
 

Author Comment

by:InSearchOf
ID: 34999899
Ok I ran those commands and FQDN on the send is different than the receive. The exchange server is on a dot local domain With statements on the firewall and the zone file for DNS to route traffic to the right place. This was the output of the commands.

         Welcome to the Exchange Management Shell!

Full list of cmdlets: Get-Command
Only Exchange cmdlets: Get-ExCommand
Cmdlets that match a specific string: Help *<string>*
Get general help: Help
Get help for a cmdlet: Help <cmdlet name> or <cmdlet name> -?
Show quick reference guide: QuickRef
Exchange team blog: Get-ExBlog
Show full output for a command: <command> | Format-List

Tip of the day #4:

Did you know that the Identity parameter is a "positional parameter"? That means you can use:

 Get-Mailbox "user" instead of: Get-Mailbox -Identity "user"

It's a neat usability shortcut!

VERBOSE: Connecting to EXCHANGE.MHACS.local
VERBOSE: Connected to EXCHANGE.MHACS.local.
[PS] C:\Windows\system32>Get-ExchangeCertificate | FL *


PSComputerName       : exchange.mhacs.local
RunspaceId           : 064bdb1e-8c81-4ca5-bc72-4ccf657a3140
AccessRules          : {System.Security.AccessControl.CryptoKeyAccessRule, System.Security.AccessControl.CryptoKeyAcces
                       sRule, System.Security.AccessControl.CryptoKeyAccessRule, System.Security.AccessControl.CryptoKe
                       yAccessRule}
CertificateDomains   : {EXCHANGE, EXCHANGE.MHACS.local}
CertificateRequest   :
IisServices          : {IIS://EXCHANGE/W3SVC/1}
IsSelfSigned         : True
KeyIdentifier        : 32CDD58C484BFC188B8935F9D374272BF90D8815
RootCAType           : None
Services             : IMAP, POP, IIS, SMTP
Status               : Valid
SubjectKeyIdentifier :
PrivateKeyExportable : False
PublicKeySize        : 2048
ServicesStringForm   : IP.WS.
Archived             : False
Extensions           : {System.Security.Cryptography.Oid, System.Security.Cryptography.Oid, System.Security.Cryptograph
                       y.Oid, System.Security.Cryptography.Oid}
FriendlyName         : Microsoft Exchange
IssuerName           : System.Security.Cryptography.X509Certificates.X500DistinguishedName
NotAfter             : 8/11/2015 10:21:06 AM
NotBefore            : 8/11/2010 10:21:06 AM
HasPrivateKey        : True
PrivateKey           : System.Security.Cryptography.RSACryptoServiceProvider
PublicKey            : System.Security.Cryptography.X509Certificates.PublicKey
RawData              : {48, 130, 3, 16, 48, 130, 1, 248, 160, 3, 2, 1, 2, 2, 16, 38...}
SerialNumber         : 267DAF656A3164A04D8F8C92B65A899B
SubjectName          : System.Security.Cryptography.X509Certificates.X500DistinguishedName
SignatureAlgorithm   : System.Security.Cryptography.Oid
Thumbprint           : 6CBEE0A300306B3498B37B3673409EC77406B5A6
Version              : 3
Handle               : 457287984
Issuer               : CN=EXCHANGE
Subject              : CN=EXCHANGE



[PS] C:\Windows\system32>
[PS] C:\Windows\system32>Get-ReceiveConnector | FL name, fqdn, objectClass


Name        : Default EXCHANGE
Fqdn        : EXCHANGE.MHACS.local
ObjectClass : {top, msExchSmtpReceiveConnector}

Name        : Client EXCHANGE
Fqdn        : EXCHANGE.MHACS.local
ObjectClass : {top, msExchSmtpReceiveConnector}



[PS] C:\Windows\system32>
[PS] C:\Windows\system32>Get-SendConnector | FL name, fqdn, objectClass


Name        : Outgoing internet mail
Fqdn        : EXCHANGE.havenacademy.org
ObjectClass : {top, msExchConnector, mailGateway, msExchRoutingSMTPConnector}



[PS] C:\Windows\system32>
[PS] C:\Windows\system32>
0
 
LVL 20

Assisted Solution

by:SatyaPathak
SatyaPathak earned 166 total points
ID: 35001846
now you can restart the transport service and check it , if event are still occure on the server , i would also suggest you to please check the server incomming and outgoing connector. if you modify any please its require to ran transport service.
0
 

Author Comment

by:InSearchOf
ID: 35001968
I have not done anything yet. Should my receive and send connects be the same? Look at my last posting. Thanks
0
 
LVL 10

Accepted Solution

by:
abhijitmdp earned 334 total points
ID: 35005447
OK, Got the issue,

The names you are using on your certificate is not  correct, As your correct certificate has only EXCHANGE and EXCHANGE.MHACS.local domains name configured and you are also using EXCHANGE.havenacademy.org domain name and this name is not present in your certificate. You'll need to use a UCC5 certificate, where you can use alternative names.
You can go through below site to generate a certificate request with alternative names,
https://www.digicert.com/easy-csr/exchange2007.htm
In theis site at the column of "Subject Alternative Names" you can use ";" semi-colon to make a gap between two names.
0
 
LVL 10

Expert Comment

by:abhijitmdp
ID: 35005455
Download a new certificate and attach this with your existing exchange environment. This will not require any downtime or server reboot. Users will may get some certificate alert when you delete current certificate, but after the successfull installation of new certificate that error will also remove automatically.
0
 
LVL 10

Expert Comment

by:abhijitmdp
ID: 35005457
0
 

Author Comment

by:InSearchOf
ID: 35006160
Ok thanks for the info. Let me go thru the steps and post back. Thanks again
0
 

Author Comment

by:InSearchOf
ID: 35007244
Ok, I created the cert and copied and pasted it to Exchange command shell. I am new to exchange 2010. How do I delete the old one and install the new one?
0
 
LVL 10

Expert Comment

by:abhijitmdp
ID: 35010385
You should follow below link to download and install/uninstall a certificate in your exchange
http://www.digicert.com/ssl-certificate-installation-microsoft-exchange-2010.htm

0
Are your corporate email signatures appalling?

Is it scary how unprofessional your email signatures look? Do users create their own terrible designs and give themselves stupid job titles? You can make this a lot easier for yourself by choosing an email signature management solution from Exclaimer today.

 

Author Comment

by:InSearchOf
ID: 35012652
Thanks. I will check it out.
0
 

Author Comment

by:InSearchOf
ID: 35012828
Ok. That did the trick. It shrank my log files and I was able to move my database. Thanks guys
0
 

Author Comment

by:InSearchOf
ID: 35012832
Sorry, wrong post.
0
 

Author Comment

by:InSearchOf
ID: 35014686
I keep getting an error when I copy and paste to command shell after generating:

A positional parameter cannot be found that accepts argument '-Path'.
    + CategoryInfo          : InvalidArgument: (:) [New-ExchangeCertificate], ParameterBindingException
    + FullyQualifiedErrorId : PositionalParameterNotFound,New-ExchangeCertificate
0
 
LVL 10

Assisted Solution

by:abhijitmdp
abhijitmdp earned 334 total points
ID: 35015659
I think you misunderstood my posts,
Follow below attached file for generating a certificate request with Exchange 2010 server and use the generated .csr file to download a new certificate from your certificate provider.
 Exchange-2010-Certificate.docx

Also you can check below links for referance
http://www.msexchange.org/articles_tutorials/videos/exchange-server-2010/video-certificate-wizard-Exchange-2010.html
http://msexchangegeek.com/2009/05/13/exchange-2010-emc-and-certificates-management-part-1/
0
 

Author Comment

by:InSearchOf
ID: 35016800
It goes all the way through until I "Complete pending request".  I get "Source file is corrupt or not Base64 properly encoded". I have tried a few times with the same result.
0
 
LVL 10

Expert Comment

by:abhijitmdp
ID: 35017204
Can you post the screen shot of your cert settings and the error. There is must be something wrong
0
 

Author Comment

by:InSearchOf
ID: 35017640
OK. These are the screen shots at different step.
CERT.jpg
CERT2.jpg
CERT3.jpg
CERT4.jpg
CERT5.jpg
CERT6.jpg
0
 
LVL 10

Expert Comment

by:abhijitmdp
ID: 35018393
I think you are very new to exchange...
Hmmm
********The file you generated is only a certificate request not a certificate********

You'll need to open this file in notepad and copy the content of this file without modifying aything there, and then go to your certificate provider's web site (i.e. GoDaddy) and generate a certificate using the copied codes. After getting a certificate from them download that certificate to your servers and complete certificate pending request.
0
 

Author Comment

by:InSearchOf
ID: 35021029
Yes you are right I am new to Exchange. Can I do this on on the digicert link you provided or do I need CA provider like GoDaddy?
0
 
LVL 10

Expert Comment

by:abhijitmdp
ID: 35025845
First of all you'll need to create a certificate request on servers and then contact any CA providers. There are many CA providers like GoDaddy, Verysign etc. You can shoose any of them.
0
 

Author Comment

by:InSearchOf
ID: 35026247
Ok. Thanks for all your. I really appreciate it.
0

Featured Post

What Security Threats Are You Missing?

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

Join & Write a Comment

Utilizing an array to gracefully append to a list of EmailAddresses
Exchange server is not supported in any cloud-hosted platform (other than Azure with Azure Premium Storage).
This tutorial will give a an overview on how to deploy remote agents in Backup Exec 2012 to new servers. Click on the Backup Exec button in the upper left corner. From here, are global settings for the application such as connecting to a remote Back…
This tutorial will walk an individual through setting the global and backup job media overwrite and protection periods in Backup Exec 2012. Log onto the Backup Exec Central Administration Server. Examine the services. If all or most of them are stop…

744 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

14 Experts available now in Live!

Get 1:1 Help Now