Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 417
  • Last Modified:


How to reslove below error

Event Type:      Error
Event Source:      MSExchangeTransport
Event Category:      TransportService
Event ID:      12014
Date:            15/09/2012
Time:            12:32:45 PM
User:            N/A
Computer:      BQUALSMX01
Microsoft Exchange could not find a certificate that contains the domain name bqualsmx01.bigfootgrp.corp.local in the personal store on the local computer. Therefore, it is unable to support the STARTTLS SMTP verb for the connector Default Receive Connecter with a FQDN parameter of bqualsmx01.bigfootgrp.corp.local. If the connector's FQDN is not specified, the computer's FQDN is used. Verify the connector configuration and the installed certificates to make sure that there is a certificate with a domain name for that FQDN. If this certificate exists, run Enable-ExchangeCertificate -Services SMTP to make sure that the Microsoft Exchange Transport service has access to the certificate key.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
1 Solution
Microsoft have a known solution for this.

1. Open "Exchange Management Shell".
2. Write "get-ExchangeCertificate" and press on "Enter" button.
3. Write down the Thumbprint of the certificate that reflect the required FQDN name of the server.
4. Review the current certificate that use by the Exchange server and
         each certificate function.
5. Write "Enable-ExchangeCertificate -Thumbprint 2afd26617915932ad096c48eb3b847fc7457662 -Services "SMTP"
       and press on 'Enter" button.
•The value of -Thumbprint obtained in stage 3.

6. Restart the Exchange server.

Source: http://support.microsoft.com/kb/555855
When you install Exchange 2010 - it creates a self-signed SSL certificate.
If you are planning to use Outlook Web App or ActiveSync to allow users to connect from the Internet it is generally recommended that you use a 3rd party and purchase an SSL certificate. Purchasing through a 3rd party means that when uses connect they will know it is a trusted certificate (if thier phone/browser supports that SSL chain. ) Most browsers and phone have the common SSL authorities built in.

It seems like the self-signed certificate is having issues.
You can open a MMC console and the certificate snap-in, you will be prompted with snap-in will be used to manage certificates for "My user account, Service account, Computer Account" - select the computer account. Then choose local acocunt ( run the mmc from your exchange server noted in the event log message) Then in the certificate store you can click on Personal - this is where you would typically see the self-signed certifiate Exchaneg created during the install.

From the Exchange Management shell run
get-ExchangeCertificate | fl

cut and paste this respone into a file and save it.
You will want to note the services running on it.

Depending if you want a self-signed - follow the directions below or a 3rd party purchased ssl - follow directions at thier site.

Create a New Exchange Certificate

Hope this helps,

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Tackle projects and never again get stuck behind a technical roadblock.
Join Now