Solved

Event ID 12014 - SBS 2008

Posted on 2013-01-07
3
905 Views
Last Modified: 2013-03-05
Hi... I know this question has come up a lot and I have read through the posts, but I'm still confused about whether it should be resolved by creating a self-signed cert., or just running the Fix My Network wizard on the SBS box. In our situation, we are seeing a current cert listed under the Get-ExchangeCertificate command that could potentially be used to resolve the issue if we were to assign the SMTP service to it... but, I still fail to understand why that service would have ever been disassociated with the cert, or why the cert exists with no services assigned to it in the first place.

This office is using a single SBS 2008 Standard server with a GoDaddy SSL cert for remote."company".com. The 12014 event references "servername"."domain".local.

The error is ..."Microsoft Exchange could not find a certificate that contains the domain name Servername.domain.local in the personal store on the local computer. Therefore, it is unable to support the STARTTLS SMTP verb for the connector Default ServerName with a FQDN parameter of servername.domain.local."

When we run the Get-ExchangeCertificate command we get back 4 certs... it looks to me like we should just assign the SMTP service to the second cert. But, I wanted to ck. with the experts here to see if that's the correct course of action.


[PS] C:\Windows\system32>get-ExchangeCertificate | fl


AccessRules        : {System.Security.AccessControl.CryptoKeyAccessRule, System
                     .Security.AccessControl.CryptoKeyAccessRule, System.Securi
                     ty.AccessControl.CryptoKeyAccessRule}
CertificateDomains : {remote.domain.com, www.remote.domain.com}
HasPrivateKey      : True
IsSelfSigned       : False
Issuer             : SERIALNUMBER=*******, CN=Go Daddy Secure Certification Au
                     thority, OU=http://certificates.godaddy.com/repository, O=
                     "GoDaddy.com, Inc.", L=Scottsdale, S=Arizona, C=US
NotAfter           : 11/27/2013 3:23:14 PM
NotBefore          : 11/26/2012 4:48:56 PM
PublicKeySize      : 2048
RootCAType         : ThirdParty
SerialNumber       : ************
Services           : IMAP, POP, IIS, SMTP
Status             : Valid
Subject            : CN=remote.domain.com, OU=Domain Control Validated, O=remot
                     e.domain.com
Thumbprint         : ************
AccessRules        : {System.Security.AccessControl.CryptoKeyAccessRule, System
                     .Security.AccessControl.CryptoKeyAccessRule}

CertificateDomains : {ServerName.Domain.local}
HasPrivateKey      : True
IsSelfSigned       : False
Issuer             : CN=Domain-ServerName-CA
NotAfter           : 9/3/2013 7:41:24 AM
NotBefore          : 9/3/2012 7:41:24 AM
PublicKeySize      : 2048
RootCAType         : Registry
SerialNumber       : *************
Services           : None
Status             : Valid
Subject            : CN=ServerName.Domain.local
Thumbprint         : ****************************

AccessRules        : {System.Security.AccessControl.CryptoKeyAccessRule, System
                     .Security.AccessControl.CryptoKeyAccessRule}
CertificateDomains : {Domain-ServerName-CA}
HasPrivateKey      : True
IsSelfSigned       : True
Issuer             : CN=Domain-ServerName-CA
NotAfter           : 11/26/2015 4:58:40 PM
NotBefore          : 11/26/2010 4:48:41 PM
PublicKeySize      : 2048
RootCAType         : Registry
SerialNumber       : *******************
Services           : None
Status             : Valid
Subject            : CN=Domain-ServerName-CA
Thumbprint         : *************************

AccessRules        : {System.Security.AccessControl.CryptoKeyAccessRule, System
                     .Security.AccessControl.CryptoKeyAccessRule}
CertificateDomains : {WMSvc-WIN-**************}
HasPrivateKey      : True
IsSelfSigned       : True
Issuer             : CN=WMSvc-WIN-****************
NotAfter           : 10/30/2020 2:20:51 AM
NotBefore          : 11/2/2010 2:20:51 AM
PublicKeySize      : 2048
RootCAType         : Registry
SerialNumber       : **********************
Services           : None
Status             : Valid
Subject            : CN=WMSvc-WIN-************
Thumbprint         : *****************************
0
Comment
Question by:philodendrin
3 Comments
 
LVL 13

Accepted Solution

by:
imkottees earned 250 total points
ID: 38753380
0
 
LVL 2

Assisted Solution

by:RRobinho
RRobinho earned 250 total points
ID: 38757902
0
 

Author Comment

by:philodendrin
ID: 38768258
I've read through everything... but, really this is a simple question. Do I assign the SMTP service to the second cert I listed or do I create a new self-signed cert? Someone here should know. And what happens when it expires in September?

I think it probably depends on the RootCAType. On the ServerName.Domain.Local cert it's listed as type "Registry" ...does it need to be something else to support TLS?
0

Featured Post

Optimizing Cloud Backup for Low Bandwidth

With cloud storage prices going down a growing number of SMBs start to use it for backup storage. Unfortunately, business data volume rarely fits the average Internet speed. This article provides an overview of main Internet speed challenges and reveals backup best practices.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Not sure what the best email signature size is? Are you worried about email signature image size? Follow this best practice guide.
This process describes the steps required to Import and Export data from and to .pst files using Exchange 2010. We can use these steps to export data from a user to a .pst file, import data back to the same or a different user, or even import data t…
In this video we show how to create an Address List in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Organization >> Ad…
how to add IIS SMTP to handle application/Scanner relays into office 365.

770 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question