[2 days left] What’s wrong with your cloud strategy? Learn why multicloud solutions matter with Nimble Storage.Register Now


error 12014 on Exchange 2010

Posted on 2011-02-28
Medium Priority
Last Modified: 2012-05-11
I have a new install of Exchange 2010 logging error 12014 in our event viewer. I tried a resolution I found in Googling the error but it did not work. I also get certificate related errors when I run a Berst Practice scan on my Exchange box. When I run the command "Get-OutlookProvider" I get nothing listed in the Server column. Below is the event log entry and the results from the "Get-OutlookProvider"  command and I have attached a screen shot of EXBP.

Log Name:      Application
Source:        MSExchangeTransport
Date:          2/28/2011 10:00:06 AM
Event ID:      12014
Task Category: TransportService
Level:         Error
Keywords:      Classic
User:          N/A
Computer:      EXCHANGE.MHACS.local
Microsoft Exchange could not find a certificate that contains the domain name EXCHANGE.havenacademy.org in the personal store on the local computer. Therefore, it is unable to support the STARTTLS SMTP verb for the connector Outgoing internet mail with a FQDN parameter of EXCHANGE.havenacademy.org. If the connector's FQDN is not specified, the computer's FQDN is used. Verify the connector configuration and the installed certificates to make sure that there is a certificate with a domain name for that FQDN. If this certificate exists, run Enable-ExchangeCertificate -Services SMTP to make sure that the Microsoft Exchange Transport service has access to the certificate key.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
    <Provider Name="MSExchangeTransport" />
    <EventID Qualifiers="49156">12014</EventID>
    <TimeCreated SystemTime="2011-02-28T15:00:06.000000000Z" />
    <Security />
    <Data>Outgoing internet mail</Data>

[PS] C:\Windows\system32>
[PS] C:\Windows\system32>Get-OutlookProvider

Name                          Server                        CertPrincipalName             TTL
----                          ------                        -----------------             ---
EXCH                                                                                      1
EXPR                                                                                      1
WEB                                                                                       1

[PS] C:\Windows\system32>
Question by:InSearchOf
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 13
  • 9
LVL 10

Expert Comment

ID: 34998895
On the "Exchange Management Shell" I wrote "Get-ExchangeCertificate"  command..
there are many thumbprints of cretificates (If by mistake you have created multiple certificate requests)
Go to the correct thumbprint from OWA certicate from Internet explorer...
2. After that on the shelll I write  "Enable-ExchangeCertificate -Thumbprint CORRECTTHUMBPRINT -Services "SMTP"    *(These thumbprint numbers ar sample)

In breef, you'll need to assign exchange services on a live, working and a good exchange certificate that you have installed on your servers.



Author Comment

ID: 34999590
Hmmmm. Ok let me check that. Thanks for the info.

Author Comment

ID: 34999899
Ok I ran those commands and FQDN on the send is different than the receive. The exchange server is on a dot local domain With statements on the firewall and the zone file for DNS to route traffic to the right place. This was the output of the commands.

         Welcome to the Exchange Management Shell!

Full list of cmdlets: Get-Command
Only Exchange cmdlets: Get-ExCommand
Cmdlets that match a specific string: Help *<string>*
Get general help: Help
Get help for a cmdlet: Help <cmdlet name> or <cmdlet name> -?
Show quick reference guide: QuickRef
Exchange team blog: Get-ExBlog
Show full output for a command: <command> | Format-List

Tip of the day #4:

Did you know that the Identity parameter is a "positional parameter"? That means you can use:

 Get-Mailbox "user" instead of: Get-Mailbox -Identity "user"

It's a neat usability shortcut!

VERBOSE: Connecting to EXCHANGE.MHACS.local
VERBOSE: Connected to EXCHANGE.MHACS.local.
[PS] C:\Windows\system32>Get-ExchangeCertificate | FL *

PSComputerName       : exchange.mhacs.local
RunspaceId           : 064bdb1e-8c81-4ca5-bc72-4ccf657a3140
AccessRules          : {System.Security.AccessControl.CryptoKeyAccessRule, System.Security.AccessControl.CryptoKeyAcces
                       sRule, System.Security.AccessControl.CryptoKeyAccessRule, System.Security.AccessControl.CryptoKe
CertificateDomains   : {EXCHANGE, EXCHANGE.MHACS.local}
CertificateRequest   :
IisServices          : {IIS://EXCHANGE/W3SVC/1}
IsSelfSigned         : True
KeyIdentifier        : 32CDD58C484BFC188B8935F9D374272BF90D8815
RootCAType           : None
Services             : IMAP, POP, IIS, SMTP
Status               : Valid
SubjectKeyIdentifier :
PrivateKeyExportable : False
PublicKeySize        : 2048
ServicesStringForm   : IP.WS.
Archived             : False
Extensions           : {System.Security.Cryptography.Oid, System.Security.Cryptography.Oid, System.Security.Cryptograph
                       y.Oid, System.Security.Cryptography.Oid}
FriendlyName         : Microsoft Exchange
IssuerName           : System.Security.Cryptography.X509Certificates.X500DistinguishedName
NotAfter             : 8/11/2015 10:21:06 AM
NotBefore            : 8/11/2010 10:21:06 AM
HasPrivateKey        : True
PrivateKey           : System.Security.Cryptography.RSACryptoServiceProvider
PublicKey            : System.Security.Cryptography.X509Certificates.PublicKey
RawData              : {48, 130, 3, 16, 48, 130, 1, 248, 160, 3, 2, 1, 2, 2, 16, 38...}
SerialNumber         : 267DAF656A3164A04D8F8C92B65A899B
SubjectName          : System.Security.Cryptography.X509Certificates.X500DistinguishedName
SignatureAlgorithm   : System.Security.Cryptography.Oid
Thumbprint           : 6CBEE0A300306B3498B37B3673409EC77406B5A6
Version              : 3
Handle               : 457287984
Issuer               : CN=EXCHANGE
Subject              : CN=EXCHANGE

[PS] C:\Windows\system32>
[PS] C:\Windows\system32>Get-ReceiveConnector | FL name, fqdn, objectClass

Name        : Default EXCHANGE
Fqdn        : EXCHANGE.MHACS.local
ObjectClass : {top, msExchSmtpReceiveConnector}

Name        : Client EXCHANGE
Fqdn        : EXCHANGE.MHACS.local
ObjectClass : {top, msExchSmtpReceiveConnector}

[PS] C:\Windows\system32>
[PS] C:\Windows\system32>Get-SendConnector | FL name, fqdn, objectClass

Name        : Outgoing internet mail
Fqdn        : EXCHANGE.havenacademy.org
ObjectClass : {top, msExchConnector, mailGateway, msExchRoutingSMTPConnector}

[PS] C:\Windows\system32>
[PS] C:\Windows\system32>
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

LVL 20

Assisted Solution

by:Satya Pathak
Satya Pathak earned 664 total points
ID: 35001846
now you can restart the transport service and check it , if event are still occure on the server , i would also suggest you to please check the server incomming and outgoing connector. if you modify any please its require to ran transport service.

Author Comment

ID: 35001968
I have not done anything yet. Should my receive and send connects be the same? Look at my last posting. Thanks
LVL 10

Accepted Solution

abhijitmdp earned 1336 total points
ID: 35005447
OK, Got the issue,

The names you are using on your certificate is not  correct, As your correct certificate has only EXCHANGE and EXCHANGE.MHACS.local domains name configured and you are also using EXCHANGE.havenacademy.org domain name and this name is not present in your certificate. You'll need to use a UCC5 certificate, where you can use alternative names.
You can go through below site to generate a certificate request with alternative names,
In theis site at the column of "Subject Alternative Names" you can use ";" semi-colon to make a gap between two names.
LVL 10

Expert Comment

ID: 35005455
Download a new certificate and attach this with your existing exchange environment. This will not require any downtime or server reboot. Users will may get some certificate alert when you delete current certificate, but after the successfull installation of new certificate that error will also remove automatically.
LVL 10

Expert Comment

ID: 35005457

Author Comment

ID: 35006160
Ok thanks for the info. Let me go thru the steps and post back. Thanks again

Author Comment

ID: 35007244
Ok, I created the cert and copied and pasted it to Exchange command shell. I am new to exchange 2010. How do I delete the old one and install the new one?
LVL 10

Expert Comment

ID: 35010385
You should follow below link to download and install/uninstall a certificate in your exchange


Author Comment

ID: 35012652
Thanks. I will check it out.

Author Comment

ID: 35012828
Ok. That did the trick. It shrank my log files and I was able to move my database. Thanks guys

Author Comment

ID: 35012832
Sorry, wrong post.

Author Comment

ID: 35014686
I keep getting an error when I copy and paste to command shell after generating:

A positional parameter cannot be found that accepts argument '-Path'.
    + CategoryInfo          : InvalidArgument: (:) [New-ExchangeCertificate], ParameterBindingException
    + FullyQualifiedErrorId : PositionalParameterNotFound,New-ExchangeCertificate
LVL 10

Assisted Solution

abhijitmdp earned 1336 total points
ID: 35015659
I think you misunderstood my posts,
Follow below attached file for generating a certificate request with Exchange 2010 server and use the generated .csr file to download a new certificate from your certificate provider.

Also you can check below links for referance

Author Comment

ID: 35016800
It goes all the way through until I "Complete pending request".  I get "Source file is corrupt or not Base64 properly encoded". I have tried a few times with the same result.
LVL 10

Expert Comment

ID: 35017204
Can you post the screen shot of your cert settings and the error. There is must be something wrong

Author Comment

ID: 35017640
OK. These are the screen shots at different step.
LVL 10

Expert Comment

ID: 35018393
I think you are very new to exchange...
********The file you generated is only a certificate request not a certificate********

You'll need to open this file in notepad and copy the content of this file without modifying aything there, and then go to your certificate provider's web site (i.e. GoDaddy) and generate a certificate using the copied codes. After getting a certificate from them download that certificate to your servers and complete certificate pending request.

Author Comment

ID: 35021029
Yes you are right I am new to Exchange. Can I do this on on the digicert link you provided or do I need CA provider like GoDaddy?
LVL 10

Expert Comment

ID: 35025845
First of all you'll need to create a certificate request on servers and then contact any CA providers. There are many CA providers like GoDaddy, Verysign etc. You can shoose any of them.

Author Comment

ID: 35026247
Ok. Thanks for all your. I really appreciate it.

Featured Post

Are your AD admin tools letting you down?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article provides a convenient collection of links to Microsoft provided Security Patches for operating systems that have reached their End of Life support cycle. Included operating systems covered by this article are Windows XP,  Windows Server…
How to deal with a specific error when using the Enable-RemoteMailbox cmdlet to create a mailbox in the cloud-based service, for an existing user in an on-premises Active Directory.
In this Micro Video tutorial you will learn the basics about Database Availability Groups and How to configure one using a live Exchange Server Environment. The video tutorial explains the basics of the Exchange server Database Availability grou…
The video tutorial explains the basics of the Exchange server Database Availability groups. The components of this video include: 1. Automatic Failover 2. Failover Clustering 3. Active Manager

656 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question