Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

Microsoft Exchange couldn't find a certificate

Posted on 2011-09-15
5
Medium Priority
?
463 Views
Last Modified: 2012-05-12
I am getting the following error and I am not sure what to do. I believe I need to add another certificate by using the New-ExchangeCertificate. Is this correct? Also, what do I do with the old ones? Do I delete them with Remove-ExchangeCertificate -Thumbprint (and use the numbers here)? I sure would appreciate any help with this. Thanks

This is the error I am getting

Event Type:      Error
Event Source:      MSExchangeTransport
Event Category:      TransportService
Event ID:      12014
Date:            9/14/2011
Time:            5:54:04 PM
User:            N/A
Computer:      SERVER85
Description:
Microsoft Exchange couldn't find a certificate that contains the domain name server85.armornet.corp in the personal store on the local computer. Therefore, it is unable to support the STARTTLS SMTP verb for the connector Internet_mail with a FQDN parameter of server85.domain.corp. If the connector's FQDN is not specified, the computer's FQDN is used. Verify the connector configuration and the installed certificates to make sure that there is a certificate with a domain name for that FQDN. If this certificate exists, run Enable-ExchangeCertificate -Services SMTP to make sure that the Microsoft Exchange Transport service has access to the certificate key.

These are some of the certificates currntly there

AccessRules        : {System.Security.AccessControl.CryptoKeyAccessRule, System
                     .Security.AccessControl.CryptoKeyAccessRule, System.Securi
                     ty.AccessControl.CryptoKeyAccessRule}
CertificateDomains : {server85, server85.domain.corp}
HasPrivateKey      : True
IsSelfSigned       : True
Issuer             : CN=server85
NotAfter           : 8/5/2011 11:42:00 AM
NotBefore          : 8/5/2010 11:42:00 AM
PublicKeySize      : 2048
RootCAType         : Unknown
SerialNumber       : B03B6CAF0923E08B45FF7424CF61C921
Services           : IMAP, POP, SMTP
Status             : Invalid
Subject            : CN=server85
Thumbprint         : 0A64DDFA18BA99BE285E295A8D05E55BBDDEE884

AccessRules        : {System.Security.AccessControl.CryptoKeyAccessRule, System
                     .Security.AccessControl.CryptoKeyAccessRule}
CertificateDomains : {mail.local.com}
HasPrivateKey      : True
IsSelfSigned       : True
Issuer             : CN=mail.local.com, O=domain corp, C=us
NotAfter           : 8/5/2011 5:40:01 PM
NotBefore          : 8/5/2010 11:40:01 AM
PublicKeySize      : 2048
RootCAType         : Unknown
SerialNumber       : 4CA1049BC756B29E461133836E1681DD
Services           : None
Status             : Invalid
Subject            : CN=mail.local.com, O=domain.corp, C=us
Thumbprint         : 24C1C48F1582070A9B905AAA43E21551BDC84D92

AccessRules        : {System.Security.AccessControl.CryptoKeyAccessRule, System
                     .Security.AccessControl.CryptoKeyAccessRule}
CertificateDomains : {mail.local.com}
HasPrivateKey      : True
IsSelfSigned       : True
Issuer             : CN=mail.local.com, O=domain corp, C=us
NotAfter           : 8/5/2011 5:35:45 PM
NotBefore          : 8/5/2010 11:35:45 AM
PublicKeySize      : 2048
RootCAType         : Unknown
SerialNumber       : F5B453D6C1906E9C4CDF8DDE02338DF1
Services           : None
Status             : Invalid
Subject            : CN=mail.local.com, O=domain corp, C=us
Thumbprint         : DA8C0D9C7BBA0423C876648017A9A020E6B36A67

AccessRules        : {System.Security.AccessControl.CryptoKeyAccessRule, System
                     .Security.AccessControl.CryptoKeyAccessRule}
CertificateDomains : {mail.local.com}
HasPrivateKey      : True
IsSelfSigned       : True
Issuer             : CN=mail.local.com, O=domain corp, C=us
NotAfter           : 8/5/2011 5:34:50 PM
NotBefore          : 8/5/2010 11:34:50 AM
PublicKeySize      : 2048
RootCAType         : Unknown
SerialNumber       : A584CD271E5204A145B527A7F40F30C3
Services           : None
Status             : Invalid
Subject            : CN=mail.local.com, O=domain corp, C=us
Thumbprint         : 222E362BA49ADEF09E007C53BE4F097CB34E43BA

AccessRules        : {System.Security.AccessControl.CryptoKeyAccessRule, System
                     .Security.AccessControl.CryptoKeyAccessRule, System.Securi
                     ty.AccessControl.CryptoKeyAccessRule}
CertificateDomains : {server85, server85.domain.corp}
HasPrivateKey      : True
IsSelfSigned       : True
Issuer             : CN=server85
NotAfter           : 9/30/2010 10:09:06 AM
NotBefore          : 9/30/2009 10:09:06 AM
PublicKeySize      : 2048
RootCAType         : Unknown
SerialNumber       : ADC91D4B2D977BA24B1FBDADEB659A5D
Services           : IMAP, POP, SMTP
Status             : Invalid
Subject            : CN=server85
Thumbprint         : 8BB344D16CCDE5025E2011A29B875DC0908287B3

AccessRules        : {System.Security.AccessControl.CryptoKeyAccessRule, System
                     .Security.AccessControl.CryptoKeyAccessRule, System.Securi
                     ty.AccessControl.CryptoKeyAccessRule}
CertificateDomains : {server85, server85.domain.corp}
HasPrivateKey      : True
IsSelfSigned       : True
Issuer             : CN=server85
NotAfter           : 9/30/2010 9:23:04 AM
NotBefore          : 9/30/2009 9:23:04 AM
PublicKeySize      : 2048
RootCAType         : Unknown
SerialNumber       : 9ABDE0A3DEA224994930E4EAE77A9901
Services           : IMAP, POP, SMTP
Status             : Invalid
Subject            : CN=server85
Thumbprint         : 253AB54E0337BAE9E9B243225B139EBFCA898DAB

AccessRules        : {System.Security.AccessControl.CryptoKeyAccessRule, System
                     .Security.AccessControl.CryptoKeyAccessRule, System.Securi
                     ty.AccessControl.CryptoKeyAccessRule}
CertificateDomains : {server85, server85.domain.corp}
HasPrivateKey      : True
IsSelfSigned       : True
Issuer             : CN=server85
NotAfter           : 9/30/2010 9:21:27 AM
NotBefore          : 9/30/2009 9:21:27 AM
PublicKeySize      : 2048
RootCAType         : Unknown
SerialNumber       : A35A34F96123309C4945DB827F9D5814
Services           : IMAP, POP, SMTP
Status             : Invalid
Subject            : CN=server85
Thumbprint         : 9108222055721EFA7886AFEB6552CD7E42BBDD5D

AccessRules        : {System.Security.AccessControl.CryptoKeyAccessRule, System
                     .Security.AccessControl.CryptoKeyAccessRule, System.Securi
                     ty.AccessControl.CryptoKeyAccessRule}
CertificateDomains : {server85, server85.domain.corp}
HasPrivateKey      : True
IsSelfSigned       : True
Issuer             : CN=server85
NotAfter           : 9/27/2008 12:12:08 PM
NotBefore          : 9/27/2007 12:12:08 PM
PublicKeySize      : 2048
RootCAType         : Unknown
SerialNumber       : 3CEAE373DE9DEE934F75EB708BE5C971
Services           : IMAP, POP, SMTP
Status             : Invalid
Subject            : CN=server85
Thumbprint         : 6C04BD37249A63265CF14DCF678223B2942E3661
0
Comment
Question by:AD_Tech
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
5 Comments
 
LVL 37

Expert Comment

by:Jamie McKillop
ID: 36542583
Hello,

Unless you want to use TLS to encrypt email between your organization and a partner that uses TLS, you can ignore this error.

JJ
0
 
LVL 49

Accepted Solution

by:
Akhater earned 1000 total points
ID: 36542598
you can ignore it or just run new-exchangecertificate and it will go away
0
 

Author Comment

by:AD_Tech
ID: 36542617
Does it matter if the old ones stay?
0
 
LVL 37

Assisted Solution

by:Jamie McKillop
Jamie McKillop earned 1000 total points
ID: 36542666
It doesn't matter if the old ones are there as you can only have one active at a time but it would be a good idea to clean them up. To do so, issue the following command for each ceretificate you want to remove (changing the thumbprint to match the cert):

Remove-ExchangeCertificate -Thumbprint 157700393E5D76615E855A773CFA08AB5842DFB0

You can then open the Certificates MMC and remove the certificate from the Personal store of the server.

JJ
0
 

Author Comment

by:AD_Tech
ID: 36542860
Thanks guys I appreciate the help. I will add the new certificate and remove the old ones just to clean it up. Thanks again
0

Featured Post

What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Want to know how to use Exchange Server Eseutil command? Go through this article as it gives you the know-how.
If something goes wrong with Exchange, your IT resources are in trouble.All Exchange server migration processes are not designed to be identical and though migrating email from on-premises Exchange mailbox to Cloud’s Office 365 is relatively simple…
In this video we show how to create an email address policy in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.:  First we need to log into the Exchange Admin Center. Navigate to the Mail Flow…
This video shows how to quickly and easily add an email signature for all users on Exchange 2016. The resulting signature is applied on a server level by Exchange Online. The email signature template has been downloaded from: www.mail-signatures…
Suggested Courses

636 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question