troubleshooting Question

Small Business Servers and SMTP certificates

Avatar of ics45
ics45 asked on
ExchangeOutlookSBS
5 Comments1 Solution697 ViewsLast Modified:
We are having a problem with a customers Small Business Server 2008 Standard FE SP1.
We use a Godaddy certificate for Exchange called remote.company.co.uk.

If I bring up a mmc and add certificates and check the personal store the remote.company.co.uk certificate is there and valid. There is also a server.company.local self certificate that is valid.

We are getting an error in the application log saying "Microsoft Exchange couldn't find a certificate that contains the domain name remote.company.co.uk in the personal store on the local computer. Therefore, it is unable to support the STARTTLS SMTP verb for the connector Windows SBS Internet Receive SERVER with a FQDN parameter of remote.company.co.uk. If the connector's FQDN is not specified, the computer's FQDN is used. Verify the connector configuration and the installed certificates to make sure that there is a certificate with a domain name for that FQDN. If this certificate exists, run Enable-ExchangeCertificate -Services SMTP to make sure that the Microsoft Exchange Transport service has access to the certificate key."

When I run the "Enable-ExchangeCertificate -Services SMTP" command, I get an error saying "Warning this certificate will not be used for external TLS connections with an FQDN of "Server.company.local" because the CA-signed certificate with thumbprint 'big number' takes precedence. The following connectors match that FQDN: Default SERVER, SMTP in.

 We are also getting the following error,  which I assume is related :-
"There is no valid SMTP Transport Layer Security (TLS) certificate for the FQDN of SERVER.company.local. The existing certificate for that FQDN has expired. The continued use of that FQDN will cause mail flow problems. A new certificate that contains the FQDN of SERVER.company.local should be installed on this server as soon as possible. You can create a new certificate by using the New-ExchangeCertificate task."

The server has worked OK from new until we renewed the GoDaddy certificate last year!!

Many thanks for reading this and many thanks in advance for your help!!
ASKER CERTIFIED SOLUTION
Exchange_Geek

Our community of experts have been thoroughly vetted for their expertise and industry experience.

Join our community to see this answer!
Unlock 1 Answer and 5 Comments.
Start Free Trial
Learn from the best

Network and collaborate with thousands of CTOs, CISOs, and IT Pros rooting for you and your success.

Andrew Hancock - VMware vExpert
See if this solution works for you by signing up for a 7 day free trial.
Unlock 1 Answer and 5 Comments.
Try for 7 days

”The time we save is the biggest benefit of E-E to our team. What could take multiple guys 2 hours or more each to find is accessed in around 15 minutes on Experts Exchange.

-Mike Kapnisakis, Warner Bros