?
Solved

How to resolve App Evt Error 12016

Posted on 2011-03-07
9
Medium Priority
?
4,010 Views
Last Modified: 2012-06-21
I have been receiving the above (and 12015) App Evt errors on my Exchg 2K7 SP2 server. I have a valid CA cert (UCC) installed that doesn't expire until next year. Now, I did have an expired internal, self-signed TLS cert. Following the Evt suggestion, I went to http://technet.microsoft.com/en-us/library/aa998327.aspx and simply ran New-ExchangeCertificate in the EMShell and thought that would take care of it. I saw a new cert created in my Cert Console, yet I'm still getting the 12016 error. Any ideas how to resolve this? BTW...I hate dealing with certs! Mostly, cause I don't understand them fully in Exchg :)

Regards,
~coolsport00
0
Comment
Question by:coolsport00
  • 5
  • 3
9 Comments
 
LVL 44

Expert Comment

by:Amit
ID: 35056846
Please post the complete Event detail
0
 
LVL 9

Expert Comment

by:Ahmed786
ID: 35056852
Follow below article it may help you.

http://support.microsoft.com/kb/555855
0
 
LVL 40

Author Comment

by:coolsport00
ID: 35056982
I don't have a program to wipe out some org-sensitive info, but this is what the Event says:

Date: 3/7/2011       Source: MSExchangeTransport
Time: 8:16:12 AM    Category: TransportService
Type: Error              Event ID: 12016
User: N/A
Computer: MyExchgServer

"There is no valid SMTP Transport Layer Security (TLS) certificate for the FQDN of MyExchgServer.myorg.com. The existing certificate for that FQDN has expired. The continued use of that FQDN will cause mail flow problems. A new certificate that contains the fQDN of MyExchgServer.myorg.com should be installed on this server as soon as possible. You can create a new certificate by using the New-ExchangeCertificate task.

For more information, see Help and Support Center at: http://go.microsoft.com/twlink/events.asp"

I forgot to mention in my orig post that I did restart the MS Transport service after I ran the New-ExchangeCertificate cmdlet.

"Ahmed786"...wrong event.

Regards,
~coolsport00
0
Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

 
LVL 44

Accepted Solution

by:
Amit earned 2000 total points
ID: 35057106
Hi Coolsport00,

Thanks for posting the event details. As you already mentioned your question that you have already tried  New-ExchangeCertificate command. Below article deals with same issue

http://forums.msexchange.org/m_1800511051/tm.htm

Here user used Enabled command to fix the issue.
0
 
LVL 40

Author Comment

by:coolsport00
ID: 35057704
I recall (now) that cmdlet being needed to run (deal with certs on Exchg so rarely). I ran it, restarted my Transport service and waited to see if it resolved my Events....it didn't resolve it. Gosh, I'm stumped!
0
 
LVL 40

Assisted Solution

by:coolsport00
coolsport00 earned 0 total points
ID: 35058098
I think (maybe) what I also needed to do was "remove" the old cert? So, what I did was:
http://technet.microsoft.com/en-us/library/aa997569(EXCHG.80).aspx

It's been about 15mins and I haven't seen the Event to this point. Gonna wait a bit longer to see if it returns...
0
 
LVL 44

Expert Comment

by:Amit
ID: 35058164
Ya, I was reading your question again was thinking for the same. That removing old CA could be the fix, as they are expired and u don't need them...
0
 
LVL 40

Author Comment

by:coolsport00
ID: 35059496
Haven't seen the 'event' reoccur the remainder of the morning. Gonna go ahead and close. Thanks for taking the time to assist "amitkulshrestha".

Regards,
~coolsport00
0
 
LVL 40

Author Closing Comment

by:coolsport00
ID: 35115316
So, for others that use internal TLS/SMTP Exchange 2K7 certs, to resolve the App Event 12016, do the following:

1. Simply run:
New-ExchangeCertificate
2. Implement', by running:
Enable-ExchangeCertificate -Thumbprint NumberOfCertJustGenerated -Services "IMAP, POP, SMTP" (you can add IIS here, but for me I use a different CA cert for that)
3. Remove expired cert:
Remove-ExchangeCertificate -Thumbprint NumberOfThumbprintOfExpiredCert

Hope that helps. Thanks for the assistance!
0

Featured Post

Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

On September 18, Experts Exchange launched the first installment of the Help Bell, a new feature for Premium Members, Team Accounts, and Qualified Experts. The Help Bell will serve as an additional tool to help teams increase question visibility.
In this post, I will showcase the steps for how to create groups in Office 365. Office 365 groups allow for ease of flexibility and collaboration between staff members.
To show how to generate a certificate request in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.:  First we need to log into the Exchange Admin Center. Navigate to the Servers >> Certificates…
This video shows how to quickly and easily deploy an email signature for all users in Office 365 and prevent it from being added to replies and forwards. (the resulting signature is applied on the server level in Exchange Online) The email signat…
Suggested Courses
Course of the Month13 days, 11 hours left to enroll

750 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question