Link to home
Start Free TrialLog in
Avatar of ics45

asked on

Small Business Servers and SMTP certificates

We are having a problem with a customers Small Business Server 2008 Standard FE SP1.
We use a Godaddy certificate for Exchange called

If I bring up a mmc and add certificates and check the personal store the certificate is there and valid. There is also a self certificate that is valid.

We are getting an error in the application log saying "Microsoft Exchange couldn't find a certificate that contains the domain name in the personal store on the local computer. Therefore, it is unable to support the STARTTLS SMTP verb for the connector Windows SBS Internet Receive SERVER with a FQDN parameter of If the connector's FQDN is not specified, the computer's FQDN is used. Verify the connector configuration and the installed certificates to make sure that there is a certificate with a domain name for that FQDN. If this certificate exists, run Enable-ExchangeCertificate -Services SMTP to make sure that the Microsoft Exchange Transport service has access to the certificate key."

When I run the "Enable-ExchangeCertificate -Services SMTP" command, I get an error saying "Warning this certificate will not be used for external TLS connections with an FQDN of "" because the CA-signed certificate with thumbprint 'big number' takes precedence. The following connectors match that FQDN: Default SERVER, SMTP in.

 We are also getting the following error,  which I assume is related :-
"There is no valid SMTP Transport Layer Security (TLS) certificate for the FQDN of The existing certificate for that FQDN has expired. The continued use of that FQDN will cause mail flow problems. A new certificate that contains the FQDN of should be installed on this server as soon as possible. You can create a new certificate by using the New-ExchangeCertificate task."

The server has worked OK from new until we renewed the GoDaddy certificate last year!!

Many thanks for reading this and many thanks in advance for your help!!
Avatar of VidarAndersen
Flag of Norway image

SBS servers are tricky that way.

Try starting Windows SBS Console and use the "add a trusted certificate" wizard. That did the trick for me last time i did it.
Avatar of ics45


Hi Vidar,

Many thanks for the reply.

I should have said, we have tried that already and it worked for a few hours then errored again.

I am not sure if we should have both the internal self generated certificate and the GoDaady certificates on the server?

The error is bogus and wouldn't/shouldn't bother you unless you are thinking of working with SMTP-TLS feature.

Avatar of ics45


Hi Exchange_Geek, many thanks for the reply. The only problem with this error is it does stop the exchange transport from working. INternal and external emails will stop and a server reboot is the only thing that seems to start it working again - but the errors will still be in the log. Everything was fine until the initial internal license expired?
Avatar of Exchange_Geek
Flag of India image

Link to home
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial