Solved

Exchange TLS certificate expired

Posted on 2013-05-16
11
1,086 Views
Last Modified: 2013-09-12
Hi Experts,

I have an issue where a security certificate expired the other day on our SBS server and i continually get this message in my event logs. I have followed the Microsoft article to renew the certificate with the same thumb print but the error still occurs.

I also have tried server restarts, importing the new certificate into the trusted certificate list but still the error appears.

It is an SBS 2008 server, please see below for full error message.

Source: MSExchangeTransport
Category: TransportService
Event ID: 12016
User (If Applicable): N/A
Computer: ExchangeServer.Domain.Local
Event Description: There is no valid SMTP Transport Layer Security (TLS) certificate for the FQDN of remote.domain.com.au. The existing certificate for that FQDN has expired. The continued use of that FQDN will cause mail flow problems. A new certificate that contains the FQDN of remote.domain.com.au should be installed on this server as soon as possible. You can create a new certificate by using the New-ExchangeCertificate task.
Event Log Name: Application
Event Log Type: error


Look forward to reading your comments
0
Comment
Question by:isdd2000
  • 5
  • 3
  • 2
  • +1
11 Comments
 
LVL 25

Expert Comment

by:Tony Johncock
ID: 39171416
0
 
LVL 4

Expert Comment

by:iammorrison
ID: 39171459
The main question is who is the CA? Is it self signed, internal CA or external CA?
0
 

Author Comment

by:isdd2000
ID: 39171498
Hi tony,
Yes I have tried importing the certificate into the sbs console.

Hi Jammorrison,
It's self assigned
0
How our DevOps Teams Maximize Uptime

Our Dev teams are like yours. They’re continually cranking out code for new features/bugs fixes, testing, deploying, responding to production monitoring events and more. It’s complex. So, we thought you’d like to see what’s working for us. Read the use case whitepaper.

 
LVL 4

Expert Comment

by:iammorrison
ID: 39171603
Do any of the certs that you have tried show up in either the excahnge console or in shell? And if they do show up, is it stating that there is no private key associated?
0
 
LVL 63

Expert Comment

by:Simon Butler (Sembee)
ID: 39171894
As this is SBS, if you don't want to use a commercial certificate, then just run the Configure my Internet Name wizard in the console. That will generate a new certificate.

Simon.
0
 

Author Comment

by:isdd2000
ID: 39384728
Will try that Sembee2
0
 

Author Comment

by:isdd2000
ID: 39469414
Hi guys,

Sorry I know this has been a long standing issue.

Sembee2: I cant find configure my internet name in the console.

Jammorrison: where is it in the console?
0
 
LVL 63

Accepted Solution

by:
Simon Butler (Sembee) earned 500 total points
ID: 39469626
it is called setup your internet address, and is on the Network, Connectivity section.
Running fix my network should also resolve the issue.

Simon.
0
 

Author Comment

by:isdd2000
ID: 39482075
Hi Simon,

Will this effect our current configuration?
0
 
LVL 63

Expert Comment

by:Simon Butler (Sembee)
ID: 39488880
Shouldn't do. Just make sure that the settings are the same as what you have now.
Fix my network shouldn't change anything, but it depends what that tool finds.

Simon.
0
 

Author Closing Comment

by:isdd2000
ID: 39488912
Fix my network did not resolve this issue, re running setup internet address did after a server restart
0

Featured Post

MIM Survival Guide for Service Desk Managers

Major incidents can send mastered service desk processes into disorder. Systems and tools produce the data needed to resolve these incidents, but your challenge is getting that information to the right people fast. Check out the Survival Guide and begin bringing order to chaos.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Lotus Notes – formerly IBM Notes – is an email client application, while IBM Domino (earlier Lotus Domino) is an email server. The client possesses a set of features that are even more advanced as compared to that of Outlook. Likewise, IBM Domino is…
Read this checklist to learn more about the 15 things you should never include in an email signature.
The basic steps you have just learned will be implemented in this video. The basic steps are shown to configure an Exchange DAG in a live working Exchange Server Environment and manage the same (Exchange Server 2010 Software is used in a Windows Ser…
This video demonstrates how to sync Microsoft Exchange Public Folders with smartphones using CodeTwo Exchange Sync and Exchange ActiveSync. To learn more about CodeTwo Exchange Sync and download the free trial, go to: http://www.codetwo.com/excha…

730 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question