asked on Exchange 2010 self Cert
I'm getting the following error and I'm not sure how to fix it.:
Microsoft Exchange could not find a certificate that contains the domain name MSG.schulershook.net in the personal store on the local computer. Therefore, it is unable to support the STARTTLS SMTP verb for the connector Default MSG with a FQDN parameter of MSG.domain.loca. If the connector's FQDN is not specified, the computer's FQDN is used. Verify the connector configuration and the installed certificates to make sure that there is a certificate with a domain name for that FQDN. If this certificate exists, run Enable-ExchangeCertificate
Microsoft Exchange could not find a certificate that contains the domain name MSG.schulershook.net in the personal store on the local computer. Therefore, it is unable to support the STARTTLS SMTP verb for the connector Default MSG with a FQDN parameter of MSG.domain.loca. If the connector's FQDN is not specified, the computer's FQDN is used. Verify the connector configuration and the installed certificates to make sure that there is a certificate with a domain name for that FQDN. If this certificate exists, run Enable-ExchangeCertificate
ExchangeMicrosoft Legacy OS
Last Comment
Darth_mark67
If you only have a Self-Signed certificate, you'll want to modify your send and receive connectors so they are using just <servername> and not <servername.domain.local> as the response for EHLO HELO. If you have a cert that matched the domain name you have configured, configure your server so that cert is used for SMTP.
ASKER
I have a digi cert but we deleted the self created cert.
Okay, so make sure your connectors have the website host name defined in the cert as their FQDN for HELO. You can do this by going to Organization Config\Hub Transport then right click on your Send connector and click Properties. The line there asking for an FQDN should match the FQDN defined on the cert. Do the same at Server Config\Hub Transport for your Receive Connectors.
ASKER
send connector has mail.domain.com
both receive connectors (client and default) have mail.domain.com
initially the client had the msg.domain which I changed to our exchange cert (mail.domain.com).
but I'm still getting the error message.
both receive connectors (client and default) have mail.domain.com
initially the client had the msg.domain which I changed to our exchange cert (mail.domain.com).
but I'm still getting the error message.
ASKER CERTIFIED SOLUTION
THIS SOLUTION ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
ASKER
Here it is, looks ok.
Welcome to the Exchange Management Shell!
Full list of cmdlets: Get-Command
Only Exchange cmdlets: Get-ExCommand
Cmdlets that match a specific string: Help *<string>*
Get general help: Help
Get help for a cmdlet: Help <cmdlet name> or <cmdlet name> -?
Show quick reference guide: QuickRef
Exchange team blog: Get-ExBlog
Show full output for a command: <command> | Format-List
Tip of the day #77:
Management role groups enable you to grant permissions to groups of administrators and specialist end users. These are p
eople who manage your organization or perform special tasks, like mailbox searches for compliance reasons.
If you want to manage permissions for end users, use management role assignment policies.
VERBOSE: Connecting to MSG.schulershook.net
VERBOSE: Connected to MSG.schulershook.net.
[PS] C:\Windows\system32>cd..
[PS] C:\Windows>cd..
[PS] C:\>Get-Exchangecertificat
AccessRules : {System.Security.AccessCon
ule, System.Security.AccessCont
CertificateDomains : {mail.schulershook.com}
HasPrivateKey : True
IsSelfSigned : False
Issuer : CN=DigiCert High Assurance CA-3, OU=www.digicert.com, O=DigiCert Inc, C=US
NotAfter : 6/27/2012 7:00:00 AM
NotBefore : 4/19/2011 7:00:00 PM
PublicKeySize : 2048
RootCAType : ThirdParty
SerialNumber : 0F0405297F2B509183D6DA70BB
Services : IIS, SMTP
Status : Valid
Subject : CN=mail.schulershook.com, OU=IT, O=Schuler Shook, L=Chicago, S=Illinois, C=US
Thumbprint : A46B4DF3B2BE16D63AF8AE9FEA
[PS] C:\>
Welcome to the Exchange Management Shell!
Full list of cmdlets: Get-Command
Only Exchange cmdlets: Get-ExCommand
Cmdlets that match a specific string: Help *<string>*
Get general help: Help
Get help for a cmdlet: Help <cmdlet name> or <cmdlet name> -?
Show quick reference guide: QuickRef
Exchange team blog: Get-ExBlog
Show full output for a command: <command> | Format-List
Tip of the day #77:
Management role groups enable you to grant permissions to groups of administrators and specialist end users. These are p
eople who manage your organization or perform special tasks, like mailbox searches for compliance reasons.
If you want to manage permissions for end users, use management role assignment policies.
VERBOSE: Connecting to MSG.schulershook.net
VERBOSE: Connected to MSG.schulershook.net.
[PS] C:\Windows\system32>cd..
[PS] C:\Windows>cd..
[PS] C:\>Get-Exchangecertificat
AccessRules : {System.Security.AccessCon
ule, System.Security.AccessCont
CertificateDomains : {mail.schulershook.com}
HasPrivateKey : True
IsSelfSigned : False
Issuer : CN=DigiCert High Assurance CA-3, OU=www.digicert.com, O=DigiCert Inc, C=US
NotAfter : 6/27/2012 7:00:00 AM
NotBefore : 4/19/2011 7:00:00 PM
PublicKeySize : 2048
RootCAType : ThirdParty
SerialNumber : 0F0405297F2B509183D6DA70BB
Services : IIS, SMTP
Status : Valid
Subject : CN=mail.schulershook.com, OU=IT, O=Schuler Shook, L=Chicago, S=Illinois, C=US
Thumbprint : A46B4DF3B2BE16D63AF8AE9FEA
[PS] C:\>
ASKER
Is this correct?
Welcome to the Exchange Management Shell!
Full list of cmdlets: Get-Command
Only Exchange cmdlets: Get-ExCommand
Cmdlets that match a specific string: Help *<string>*
Get general help: Help
Get help for a cmdlet: Help <cmdlet name> or <cmdlet name> -?
Show quick reference guide: QuickRef
Exchange team blog: Get-ExBlog
Show full output for a command: <command> | Format-List
Tip of the day #84:
When you are creating a new Edge subscription, you need to run the New-EdgeSubscription cmdlet first on your Edge Transp
ort server, and then on an administrator console that is connected to your internal Exchange organization. However, beca
use Exchange 2010 uses remote Windows PowerShell, you can no longer use the Path parameter when importing an Edge subscr
iption file. Instead you need to use the Get-Content cmdlet to first retrieve and encode the data, and then pass it to t
he New-EdgeSubscription cmdlet, like so:
New-EdgeSubscription -FileData ([byte[]]$(Get-Content -Path "C:\EdgeServerSubscription
) -Site "Default-First-Site"
VERBOSE: Connecting to MSG.schulershook.net
VERBOSE: Connected to MSG.schulershook.net.
[PS] C:\Windows\system32>cd..
[PS] C:\Windows>cd..
[PS] C:\>get-outlookprovider
Name Server CertPrincipalName TTL
---- ------ ----------------- ---
EXCH msstd:<mail.domain.com> 1
EXPR msstd:<mail.domain.com> 1
WEB msstd:<mail.domain.com> 1
[PS] C:\>
Welcome to the Exchange Management Shell!
Full list of cmdlets: Get-Command
Only Exchange cmdlets: Get-ExCommand
Cmdlets that match a specific string: Help *<string>*
Get general help: Help
Get help for a cmdlet: Help <cmdlet name> or <cmdlet name> -?
Show quick reference guide: QuickRef
Exchange team blog: Get-ExBlog
Show full output for a command: <command> | Format-List
Tip of the day #84:
When you are creating a new Edge subscription, you need to run the New-EdgeSubscription cmdlet first on your Edge Transp
ort server, and then on an administrator console that is connected to your internal Exchange organization. However, beca
use Exchange 2010 uses remote Windows PowerShell, you can no longer use the Path parameter when importing an Edge subscr
iption file. Instead you need to use the Get-Content cmdlet to first retrieve and encode the data, and then pass it to t
he New-EdgeSubscription cmdlet, like so:
New-EdgeSubscription -FileData ([byte[]]$(Get-Content -Path "C:\EdgeServerSubscription
) -Site "Default-First-Site"
VERBOSE: Connecting to MSG.schulershook.net
VERBOSE: Connected to MSG.schulershook.net.
[PS] C:\Windows\system32>cd..
[PS] C:\Windows>cd..
[PS] C:\>get-outlookprovider
Name Server CertPrincipalName TTL
---- ------ ----------------- ---
EXCH msstd:<mail.domain.com> 1
EXPR msstd:<mail.domain.com> 1
WEB msstd:<mail.domain.com> 1
[PS] C:\>
ASKER
Here is something else
The subject alternative name (SAN) of SSL certificate for https://msg.schulershook.net/Autodiscover/Autodiscover.xml does not appear to match the host address. Host address: msg.schulershook.net. Current SAN: DNS Name=mail.domain.com.
The subject alternative name (SAN) of SSL certificate for https://msg.schulershook.net/Autodiscover/Autodiscover.xml does not appear to match the host address. Host address: msg.schulershook.net. Current SAN: DNS Name=mail.domain.com.
ASKER
I also set this back to default.
Welcome to the Exchange Management Shell!
Full list of cmdlets: Get-Command
Only Exchange cmdlets: Get-ExCommand
Cmdlets that match a specific string: Help *<string>*
Get general help: Help
Get help for a cmdlet: Help <cmdlet name> or <cmdlet name> -?
Show quick reference guide: QuickRef
Exchange team blog: Get-ExBlog
Show full output for a command: <command> | Format-List
Tip of the day #77:
Management role groups enable you to grant permissions to groups of administrators and specialist end users. These are p
eople who manage your organization or perform special tasks, like mailbox searches for compliance reasons.
If you want to manage permissions for end users, use management role assignment policies.
VERBOSE: Connecting to MSG.schulershook.net
VERBOSE: Connected to MSG.schulershook.net.
[PS] C:\Windows\system32>cd..
[PS] C:\Windows>cd..
[PS] C:\>get-outlookprovider
Name Server CertPrincipalName TTL
---- ------ ----------------- ---
EXCH 1
EXPR 1
WEB 1
[PS] C:\>
Welcome to the Exchange Management Shell!
Full list of cmdlets: Get-Command
Only Exchange cmdlets: Get-ExCommand
Cmdlets that match a specific string: Help *<string>*
Get general help: Help
Get help for a cmdlet: Help <cmdlet name> or <cmdlet name> -?
Show quick reference guide: QuickRef
Exchange team blog: Get-ExBlog
Show full output for a command: <command> | Format-List
Tip of the day #77:
Management role groups enable you to grant permissions to groups of administrators and specialist end users. These are p
eople who manage your organization or perform special tasks, like mailbox searches for compliance reasons.
If you want to manage permissions for end users, use management role assignment policies.
VERBOSE: Connecting to MSG.schulershook.net
VERBOSE: Connected to MSG.schulershook.net.
[PS] C:\Windows\system32>cd..
[PS] C:\Windows>cd..
[PS] C:\>get-outlookprovider
Name Server CertPrincipalName TTL
---- ------ ----------------- ---
EXCH 1
EXPR 1
WEB 1
[PS] C:\>