Getting a certificate error in Outlook/ Exchange 2007

Hello Team, urgent issue :(

I have an issue for some reason the internal cert of my Exchange 2007 has expired, I have never had this happen before.

Upon logging into Exchange the end users are receiving certificate messages. When I check the event log on the Exchange I see the following errors:


event if: 12016

There is no valid SMTP Transport Layer Security (TLS) certificate for the FQDN of domain.local. The existing certificate for that FQDN has expired. The continued use of that FQDN will cause mail flow problems. A new certificate that contains the FQDN of domain.bgclh.local should be installed on this server as soon as possible. You can create a new certificate by using the New-ExchangeCertificate task.

Event id: 12014

Microsoft Exchange couldn't find a certificate that contains the domain name domain.local in the personal store on the local computer. Therefore, it is unable to support the STARTTLS SMTP verb for the connector Outbound with a FQDN parameter ofdomain.bgclh.local. If the connector's FQDN is not specified, the computer's FQDN is used. Verify the connector configuration and the installed certificates to make sure that there is a certificate with a domain name for that FQDN. If this certificate exists, run Enable-ExchangeCertificate -Services SMTP to make sure that the Microsoft Exchange Transport service has access to the certificate key.

Event id 12024


Microsoft Exchange could not load the certificate with thumbprint of A51539EEE8BF4871B3184B5152A16B20016A757C from the personal store on the local computer. This certificate was configured for authentication with other Exchange servers. Mail flow to other Exchange servers could be affected by this error. If the certificate with this thumbprint still exists in the personal store, run Enable-ExchangeCertificate A51539EEE8BF4871B3184B5152A16B20016A757C -services SMTP to resolve the issue. If the certificate does not exist in the personal store, restore it from backup by using the Import-ExchangeCertificate cmdlet, or create a new certificate for the FQDN or the server enabled for SMTP by running the following command: New-ExchangeCertificate -DomainName serverfqdn -Services SMTP. Meanwhile, an ephemeral, self-signed certificate with thumbprint A5C8C30C70310FC100C82175A095369996695774 is being used.
jaesoulAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

MegaNuk3Commented:
Try
Get-exchangeCertificate -Thumbprint "A51539EEE8BF4871B3184B5152A16B20016A757C" | new-exchangecertificate

That should renew it
0
MegaNuk3Commented:
Or installing Exchange 2007 SP3 (which I doubt you are on) will give you a new self-signed cert valid for 5 years
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Introducing the "443 Security Simplified" Podcast

This new podcast puts you inside the minds of leading white-hat hackers and security researchers. Hosts Marc Laliberte and Corey Nachreiner turn complex security concepts into easily understood and actionable insights on the latest cyber security headlines and trends.

jaesoulAuthor Commented:
Thank you Mega Nuk, I ran the command and I beleive I have cloned the cert with a renewed expiration. However I do not think it is enabled as the end user still recieve the message.

I also noticed that when running a get-exchangecert a second time after running the command I see two certs now..

The new one I just cloned, not listed the W as one of the services.

Could you assist me with this?
0
MegaNuk3Commented:
Install Exchange 2007 SP3 and it will do it for you...

Or do
Get-exchangecertificate | fl
And find the Thumbprint of the cert you want to enable for IIS then do:
Enable-exchangecertificate -Thumbprint <Thumbprint> -services IIS
0
jaesoulAuthor Commented:
great work!
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Exchange

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.