[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 940
  • Last Modified:

Event ID 12014 - SBS 2008

Hi... I know this question has come up a lot and I have read through the posts, but I'm still confused about whether it should be resolved by creating a self-signed cert., or just running the Fix My Network wizard on the SBS box. In our situation, we are seeing a current cert listed under the Get-ExchangeCertificate command that could potentially be used to resolve the issue if we were to assign the SMTP service to it... but, I still fail to understand why that service would have ever been disassociated with the cert, or why the cert exists with no services assigned to it in the first place.

This office is using a single SBS 2008 Standard server with a GoDaddy SSL cert for remote."company".com. The 12014 event references "servername"."domain".local.

The error is ..."Microsoft Exchange could not find a certificate that contains the domain name Servername.domain.local in the personal store on the local computer. Therefore, it is unable to support the STARTTLS SMTP verb for the connector Default ServerName with a FQDN parameter of servername.domain.local."

When we run the Get-ExchangeCertificate command we get back 4 certs... it looks to me like we should just assign the SMTP service to the second cert. But, I wanted to ck. with the experts here to see if that's the correct course of action.


[PS] C:\Windows\system32>get-ExchangeCertificate | fl


AccessRules        : {System.Security.AccessControl.CryptoKeyAccessRule, System
                     .Security.AccessControl.CryptoKeyAccessRule, System.Securi
                     ty.AccessControl.CryptoKeyAccessRule}
CertificateDomains : {remote.domain.com, www.remote.domain.com}
HasPrivateKey      : True
IsSelfSigned       : False
Issuer             : SERIALNUMBER=*******, CN=Go Daddy Secure Certification Au
                     thority, OU=http://certificates.godaddy.com/repository, O=
                     "GoDaddy.com, Inc.", L=Scottsdale, S=Arizona, C=US
NotAfter           : 11/27/2013 3:23:14 PM
NotBefore          : 11/26/2012 4:48:56 PM
PublicKeySize      : 2048
RootCAType         : ThirdParty
SerialNumber       : ************
Services           : IMAP, POP, IIS, SMTP
Status             : Valid
Subject            : CN=remote.domain.com, OU=Domain Control Validated, O=remot
                     e.domain.com
Thumbprint         : ************
AccessRules        : {System.Security.AccessControl.CryptoKeyAccessRule, System
                     .Security.AccessControl.CryptoKeyAccessRule}

CertificateDomains : {ServerName.Domain.local}
HasPrivateKey      : True
IsSelfSigned       : False
Issuer             : CN=Domain-ServerName-CA
NotAfter           : 9/3/2013 7:41:24 AM
NotBefore          : 9/3/2012 7:41:24 AM
PublicKeySize      : 2048
RootCAType         : Registry
SerialNumber       : *************
Services           : None
Status             : Valid
Subject            : CN=ServerName.Domain.local
Thumbprint         : ****************************

AccessRules        : {System.Security.AccessControl.CryptoKeyAccessRule, System
                     .Security.AccessControl.CryptoKeyAccessRule}
CertificateDomains : {Domain-ServerName-CA}
HasPrivateKey      : True
IsSelfSigned       : True
Issuer             : CN=Domain-ServerName-CA
NotAfter           : 11/26/2015 4:58:40 PM
NotBefore          : 11/26/2010 4:48:41 PM
PublicKeySize      : 2048
RootCAType         : Registry
SerialNumber       : *******************
Services           : None
Status             : Valid
Subject            : CN=Domain-ServerName-CA
Thumbprint         : *************************

AccessRules        : {System.Security.AccessControl.CryptoKeyAccessRule, System
                     .Security.AccessControl.CryptoKeyAccessRule}
CertificateDomains : {WMSvc-WIN-**************}
HasPrivateKey      : True
IsSelfSigned       : True
Issuer             : CN=WMSvc-WIN-****************
NotAfter           : 10/30/2020 2:20:51 AM
NotBefore          : 11/2/2010 2:20:51 AM
PublicKeySize      : 2048
RootCAType         : Registry
SerialNumber       : **********************
Services           : None
Status             : Valid
Subject            : CN=WMSvc-WIN-************
Thumbprint         : *****************************
0
philodendrin
Asked:
philodendrin
2 Solutions
 
imkotteesCommented:
0
 
philodendrinAuthor Commented:
I've read through everything... but, really this is a simple question. Do I assign the SMTP service to the second cert I listed or do I create a new self-signed cert? Someone here should know. And what happens when it expires in September?

I think it probably depends on the RootCAType. On the ServerName.Domain.Local cert it's listed as type "Registry" ...does it need to be something else to support TLS?
0

Featured Post

Simplify Active Directory Administration

Administration of Active Directory does not have to be hard.  Too often what should be a simple task is made more difficult than it needs to be.The solution?  Hyena from SystemTools Software.  With ease-of-use as well as powerful importing and bulk updating capabilities.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now