?
Solved

Event ID 12014 - SBS 2008

Posted on 2013-01-07
3
Medium Priority
?
934 Views
Last Modified: 2013-03-05
Hi... I know this question has come up a lot and I have read through the posts, but I'm still confused about whether it should be resolved by creating a self-signed cert., or just running the Fix My Network wizard on the SBS box. In our situation, we are seeing a current cert listed under the Get-ExchangeCertificate command that could potentially be used to resolve the issue if we were to assign the SMTP service to it... but, I still fail to understand why that service would have ever been disassociated with the cert, or why the cert exists with no services assigned to it in the first place.

This office is using a single SBS 2008 Standard server with a GoDaddy SSL cert for remote."company".com. The 12014 event references "servername"."domain".local.

The error is ..."Microsoft Exchange could not find a certificate that contains the domain name Servername.domain.local in the personal store on the local computer. Therefore, it is unable to support the STARTTLS SMTP verb for the connector Default ServerName with a FQDN parameter of servername.domain.local."

When we run the Get-ExchangeCertificate command we get back 4 certs... it looks to me like we should just assign the SMTP service to the second cert. But, I wanted to ck. with the experts here to see if that's the correct course of action.


[PS] C:\Windows\system32>get-ExchangeCertificate | fl


AccessRules        : {System.Security.AccessControl.CryptoKeyAccessRule, System
                     .Security.AccessControl.CryptoKeyAccessRule, System.Securi
                     ty.AccessControl.CryptoKeyAccessRule}
CertificateDomains : {remote.domain.com, www.remote.domain.com}
HasPrivateKey      : True
IsSelfSigned       : False
Issuer             : SERIALNUMBER=*******, CN=Go Daddy Secure Certification Au
                     thority, OU=http://certificates.godaddy.com/repository, O=
                     "GoDaddy.com, Inc.", L=Scottsdale, S=Arizona, C=US
NotAfter           : 11/27/2013 3:23:14 PM
NotBefore          : 11/26/2012 4:48:56 PM
PublicKeySize      : 2048
RootCAType         : ThirdParty
SerialNumber       : ************
Services           : IMAP, POP, IIS, SMTP
Status             : Valid
Subject            : CN=remote.domain.com, OU=Domain Control Validated, O=remot
                     e.domain.com
Thumbprint         : ************
AccessRules        : {System.Security.AccessControl.CryptoKeyAccessRule, System
                     .Security.AccessControl.CryptoKeyAccessRule}

CertificateDomains : {ServerName.Domain.local}
HasPrivateKey      : True
IsSelfSigned       : False
Issuer             : CN=Domain-ServerName-CA
NotAfter           : 9/3/2013 7:41:24 AM
NotBefore          : 9/3/2012 7:41:24 AM
PublicKeySize      : 2048
RootCAType         : Registry
SerialNumber       : *************
Services           : None
Status             : Valid
Subject            : CN=ServerName.Domain.local
Thumbprint         : ****************************

AccessRules        : {System.Security.AccessControl.CryptoKeyAccessRule, System
                     .Security.AccessControl.CryptoKeyAccessRule}
CertificateDomains : {Domain-ServerName-CA}
HasPrivateKey      : True
IsSelfSigned       : True
Issuer             : CN=Domain-ServerName-CA
NotAfter           : 11/26/2015 4:58:40 PM
NotBefore          : 11/26/2010 4:48:41 PM
PublicKeySize      : 2048
RootCAType         : Registry
SerialNumber       : *******************
Services           : None
Status             : Valid
Subject            : CN=Domain-ServerName-CA
Thumbprint         : *************************

AccessRules        : {System.Security.AccessControl.CryptoKeyAccessRule, System
                     .Security.AccessControl.CryptoKeyAccessRule}
CertificateDomains : {WMSvc-WIN-**************}
HasPrivateKey      : True
IsSelfSigned       : True
Issuer             : CN=WMSvc-WIN-****************
NotAfter           : 10/30/2020 2:20:51 AM
NotBefore          : 11/2/2010 2:20:51 AM
PublicKeySize      : 2048
RootCAType         : Registry
SerialNumber       : **********************
Services           : None
Status             : Valid
Subject            : CN=WMSvc-WIN-************
Thumbprint         : *****************************
0
Comment
Question by:philodendrin
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
3 Comments
 
LVL 13

Accepted Solution

by:
imkottees earned 1000 total points
ID: 38753380
0
 
LVL 2

Assisted Solution

by:RRobinho
RRobinho earned 1000 total points
ID: 38757902
0
 

Author Comment

by:philodendrin
ID: 38768258
I've read through everything... but, really this is a simple question. Do I assign the SMTP service to the second cert I listed or do I create a new self-signed cert? Someone here should know. And what happens when it expires in September?

I think it probably depends on the RootCAType. On the ServerName.Domain.Local cert it's listed as type "Registry" ...does it need to be something else to support TLS?
0

Featured Post

Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Lotus Notes – formerly IBM Notes – is an email client application, while IBM Domino (earlier Lotus Domino) is an email server. The client possesses a set of features that are even more advanced as compared to that of Outlook. Likewise, IBM Domino is…
Check out this step-by-step guide for using the newly updated Experts Exchange mobile app—released on May 30.
In this Micro Video tutorial you will learn the basics about Database Availability Groups and How to configure one using a live Exchange Server Environment. The video tutorial explains the basics of the Exchange server Database Availability grou…
The basic steps you have just learned will be implemented in this video. The basic steps are shown to configure an Exchange DAG in a live working Exchange Server Environment and manage the same (Exchange Server 2010 Software is used in a Windows Ser…
Suggested Courses

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question