ics45
asked on
Small Business Servers and SMTP certificates
We are having a problem with a customers Small Business Server 2008 Standard FE SP1.
We use a Godaddy certificate for Exchange called remote.company.co.uk.
If I bring up a mmc and add certificates and check the personal store the remote.company.co.uk certificate is there and valid. There is also a server.company.local self certificate that is valid.
We are getting an error in the application log saying "Microsoft Exchange couldn't find a certificate that contains the domain name remote.company.co.uk in the personal store on the local computer. Therefore, it is unable to support the STARTTLS SMTP verb for the connector Windows SBS Internet Receive SERVER with a FQDN parameter of remote.company.co.uk. If the connector's FQDN is not specified, the computer's FQDN is used. Verify the connector configuration and the installed certificates to make sure that there is a certificate with a domain name for that FQDN. If this certificate exists, run Enable-ExchangeCertificate
When I run the "Enable-ExchangeCertificat
We are also getting the following error, which I assume is related :-
"There is no valid SMTP Transport Layer Security (TLS) certificate for the FQDN of SERVER.company.local. The existing certificate for that FQDN has expired. The continued use of that FQDN will cause mail flow problems. A new certificate that contains the FQDN of SERVER.company.local should be installed on this server as soon as possible. You can create a new certificate by using the New-ExchangeCertificate task."
The server has worked OK from new until we renewed the GoDaddy certificate last year!!
Many thanks for reading this and many thanks in advance for your help!!
We use a Godaddy certificate for Exchange called remote.company.co.uk.
If I bring up a mmc and add certificates and check the personal store the remote.company.co.uk certificate is there and valid. There is also a server.company.local self certificate that is valid.
We are getting an error in the application log saying "Microsoft Exchange couldn't find a certificate that contains the domain name remote.company.co.uk in the personal store on the local computer. Therefore, it is unable to support the STARTTLS SMTP verb for the connector Windows SBS Internet Receive SERVER with a FQDN parameter of remote.company.co.uk. If the connector's FQDN is not specified, the computer's FQDN is used. Verify the connector configuration and the installed certificates to make sure that there is a certificate with a domain name for that FQDN. If this certificate exists, run Enable-ExchangeCertificate
When I run the "Enable-ExchangeCertificat
We are also getting the following error, which I assume is related :-
"There is no valid SMTP Transport Layer Security (TLS) certificate for the FQDN of SERVER.company.local. The existing certificate for that FQDN has expired. The continued use of that FQDN will cause mail flow problems. A new certificate that contains the FQDN of SERVER.company.local should be installed on this server as soon as possible. You can create a new certificate by using the New-ExchangeCertificate task."
The server has worked OK from new until we renewed the GoDaddy certificate last year!!
Many thanks for reading this and many thanks in advance for your help!!
ASKER
Hi Vidar,
Many thanks for the reply.
I should have said, we have tried that already and it worked for a few hours then errored again.
I am not sure if we should have both the internal self generated certificate and the GoDaady certificates on the server?
Mike
Many thanks for the reply.
I should have said, we have tried that already and it worked for a few hours then errored again.
I am not sure if we should have both the internal self generated certificate and the GoDaady certificates on the server?
Mike
The error is bogus and wouldn't/shouldn't bother you unless you are thinking of working with SMTP-TLS feature.
Regards,
Exchange_Geek
Regards,
Exchange_Geek
ASKER
Hi Exchange_Geek, many thanks for the reply. The only problem with this error is it does stop the exchange transport from working. INternal and external emails will stop and a server reboot is the only thing that seems to start it working again - but the errors will still be in the log. Everything was fine until the initial internal license expired?
Thanks,
Mike
Thanks,
Mike
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Try starting Windows SBS Console and use the "add a trusted certificate" wizard. That did the trick for me last time i did it.