Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1168
  • Last Modified:

Exchange TLS certificate expired

Hi Experts,

I have an issue where a security certificate expired the other day on our SBS server and i continually get this message in my event logs. I have followed the Microsoft article to renew the certificate with the same thumb print but the error still occurs.

I also have tried server restarts, importing the new certificate into the trusted certificate list but still the error appears.

It is an SBS 2008 server, please see below for full error message.

Source: MSExchangeTransport
Category: TransportService
Event ID: 12016
User (If Applicable): N/A
Computer: ExchangeServer.Domain.Local
Event Description: There is no valid SMTP Transport Layer Security (TLS) certificate for the FQDN of remote.domain.com.au. The existing certificate for that FQDN has expired. The continued use of that FQDN will cause mail flow problems. A new certificate that contains the FQDN of remote.domain.com.au should be installed on this server as soon as possible. You can create a new certificate by using the New-ExchangeCertificate task.
Event Log Name: Application
Event Log Type: error


Look forward to reading your comments
0
isdd2000
Asked:
isdd2000
  • 5
  • 3
  • 2
  • +1
1 Solution
 
Tony JLead Technical ArchitectCommented:
0
 
iammorrisonCommented:
The main question is who is the CA? Is it self signed, internal CA or external CA?
0
 
isdd2000Author Commented:
Hi tony,
Yes I have tried importing the certificate into the sbs console.

Hi Jammorrison,
It's self assigned
0
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
iammorrisonCommented:
Do any of the certs that you have tried show up in either the excahnge console or in shell? And if they do show up, is it stating that there is no private key associated?
0
 
Simon Butler (Sembee)ConsultantCommented:
As this is SBS, if you don't want to use a commercial certificate, then just run the Configure my Internet Name wizard in the console. That will generate a new certificate.

Simon.
0
 
isdd2000Author Commented:
Will try that Sembee2
0
 
isdd2000Author Commented:
Hi guys,

Sorry I know this has been a long standing issue.

Sembee2: I cant find configure my internet name in the console.

Jammorrison: where is it in the console?
0
 
Simon Butler (Sembee)ConsultantCommented:
it is called setup your internet address, and is on the Network, Connectivity section.
Running fix my network should also resolve the issue.

Simon.
0
 
isdd2000Author Commented:
Hi Simon,

Will this effect our current configuration?
0
 
Simon Butler (Sembee)ConsultantCommented:
Shouldn't do. Just make sure that the settings are the same as what you have now.
Fix my network shouldn't change anything, but it depends what that tool finds.

Simon.
0
 
isdd2000Author Commented:
Fix my network did not resolve this issue, re running setup internet address did after a server restart
0

Featured Post

Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

  • 5
  • 3
  • 2
  • +1
Tackle projects and never again get stuck behind a technical roadblock.
Join Now