Solved

Event ID 12014 - SBS 2008

Posted on 2013-01-07
3
924 Views
Last Modified: 2013-03-05
Hi... I know this question has come up a lot and I have read through the posts, but I'm still confused about whether it should be resolved by creating a self-signed cert., or just running the Fix My Network wizard on the SBS box. In our situation, we are seeing a current cert listed under the Get-ExchangeCertificate command that could potentially be used to resolve the issue if we were to assign the SMTP service to it... but, I still fail to understand why that service would have ever been disassociated with the cert, or why the cert exists with no services assigned to it in the first place.

This office is using a single SBS 2008 Standard server with a GoDaddy SSL cert for remote."company".com. The 12014 event references "servername"."domain".local.

The error is ..."Microsoft Exchange could not find a certificate that contains the domain name Servername.domain.local in the personal store on the local computer. Therefore, it is unable to support the STARTTLS SMTP verb for the connector Default ServerName with a FQDN parameter of servername.domain.local."

When we run the Get-ExchangeCertificate command we get back 4 certs... it looks to me like we should just assign the SMTP service to the second cert. But, I wanted to ck. with the experts here to see if that's the correct course of action.


[PS] C:\Windows\system32>get-ExchangeCertificate | fl


AccessRules        : {System.Security.AccessControl.CryptoKeyAccessRule, System
                     .Security.AccessControl.CryptoKeyAccessRule, System.Securi
                     ty.AccessControl.CryptoKeyAccessRule}
CertificateDomains : {remote.domain.com, www.remote.domain.com}
HasPrivateKey      : True
IsSelfSigned       : False
Issuer             : SERIALNUMBER=*******, CN=Go Daddy Secure Certification Au
                     thority, OU=http://certificates.godaddy.com/repository, O=
                     "GoDaddy.com, Inc.", L=Scottsdale, S=Arizona, C=US
NotAfter           : 11/27/2013 3:23:14 PM
NotBefore          : 11/26/2012 4:48:56 PM
PublicKeySize      : 2048
RootCAType         : ThirdParty
SerialNumber       : ************
Services           : IMAP, POP, IIS, SMTP
Status             : Valid
Subject            : CN=remote.domain.com, OU=Domain Control Validated, O=remot
                     e.domain.com
Thumbprint         : ************
AccessRules        : {System.Security.AccessControl.CryptoKeyAccessRule, System
                     .Security.AccessControl.CryptoKeyAccessRule}

CertificateDomains : {ServerName.Domain.local}
HasPrivateKey      : True
IsSelfSigned       : False
Issuer             : CN=Domain-ServerName-CA
NotAfter           : 9/3/2013 7:41:24 AM
NotBefore          : 9/3/2012 7:41:24 AM
PublicKeySize      : 2048
RootCAType         : Registry
SerialNumber       : *************
Services           : None
Status             : Valid
Subject            : CN=ServerName.Domain.local
Thumbprint         : ****************************

AccessRules        : {System.Security.AccessControl.CryptoKeyAccessRule, System
                     .Security.AccessControl.CryptoKeyAccessRule}
CertificateDomains : {Domain-ServerName-CA}
HasPrivateKey      : True
IsSelfSigned       : True
Issuer             : CN=Domain-ServerName-CA
NotAfter           : 11/26/2015 4:58:40 PM
NotBefore          : 11/26/2010 4:48:41 PM
PublicKeySize      : 2048
RootCAType         : Registry
SerialNumber       : *******************
Services           : None
Status             : Valid
Subject            : CN=Domain-ServerName-CA
Thumbprint         : *************************

AccessRules        : {System.Security.AccessControl.CryptoKeyAccessRule, System
                     .Security.AccessControl.CryptoKeyAccessRule}
CertificateDomains : {WMSvc-WIN-**************}
HasPrivateKey      : True
IsSelfSigned       : True
Issuer             : CN=WMSvc-WIN-****************
NotAfter           : 10/30/2020 2:20:51 AM
NotBefore          : 11/2/2010 2:20:51 AM
PublicKeySize      : 2048
RootCAType         : Registry
SerialNumber       : **********************
Services           : None
Status             : Valid
Subject            : CN=WMSvc-WIN-************
Thumbprint         : *****************************
0
Comment
Question by:philodendrin
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
3 Comments
 
LVL 13

Accepted Solution

by:
imkottees earned 250 total points
ID: 38753380
0
 
LVL 2

Assisted Solution

by:RRobinho
RRobinho earned 250 total points
ID: 38757902
0
 

Author Comment

by:philodendrin
ID: 38768258
I've read through everything... but, really this is a simple question. Do I assign the SMTP service to the second cert I listed or do I create a new self-signed cert? Someone here should know. And what happens when it expires in September?

I think it probably depends on the RootCAType. On the ServerName.Domain.Local cert it's listed as type "Registry" ...does it need to be something else to support TLS?
0

Featured Post

Office 365 Training for Admins - 7 Day Trial

Learn how to provision tenants, synchronize on-premise Active Directory, implement Single Sign-On, customize Office deployment, and protect your organization with eDiscovery and DLP policies.  Only from Platform Scholar.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Lotus Notes – formerly IBM Notes – is an email client application, while IBM Domino (earlier Lotus Domino) is an email server. The client possesses a set of features that are even more advanced as compared to that of Outlook. Likewise, IBM Domino is…
In-place Upgrading Dirsync to Azure AD Connect
In this video we show how to create a Resource Mailbox in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: Navigate to the Recipients >> Resources tab.: "Recipients" is our default selection …
This video discusses moving either the default database or any database to a new volume.

696 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question