Solved

Exchange TLS certificate expired

Posted on 2013-05-16
11
1,096 Views
Last Modified: 2013-09-12
Hi Experts,

I have an issue where a security certificate expired the other day on our SBS server and i continually get this message in my event logs. I have followed the Microsoft article to renew the certificate with the same thumb print but the error still occurs.

I also have tried server restarts, importing the new certificate into the trusted certificate list but still the error appears.

It is an SBS 2008 server, please see below for full error message.

Source: MSExchangeTransport
Category: TransportService
Event ID: 12016
User (If Applicable): N/A
Computer: ExchangeServer.Domain.Local
Event Description: There is no valid SMTP Transport Layer Security (TLS) certificate for the FQDN of remote.domain.com.au. The existing certificate for that FQDN has expired. The continued use of that FQDN will cause mail flow problems. A new certificate that contains the FQDN of remote.domain.com.au should be installed on this server as soon as possible. You can create a new certificate by using the New-ExchangeCertificate task.
Event Log Name: Application
Event Log Type: error


Look forward to reading your comments
0
Comment
Question by:isdd2000
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 3
  • 2
  • +1
11 Comments
 
LVL 26

Expert Comment

by:Tony Johncock
ID: 39171416
0
 
LVL 4

Expert Comment

by:iammorrison
ID: 39171459
The main question is who is the CA? Is it self signed, internal CA or external CA?
0
 

Author Comment

by:isdd2000
ID: 39171498
Hi tony,
Yes I have tried importing the certificate into the sbs console.

Hi Jammorrison,
It's self assigned
0
Edgartown IT Case Study

Learn about Edgartown's quest to ensure the safety and security of the entire town's employee and citizen data. Read the case study!

 
LVL 4

Expert Comment

by:iammorrison
ID: 39171603
Do any of the certs that you have tried show up in either the excahnge console or in shell? And if they do show up, is it stating that there is no private key associated?
0
 
LVL 63

Expert Comment

by:Simon Butler (Sembee)
ID: 39171894
As this is SBS, if you don't want to use a commercial certificate, then just run the Configure my Internet Name wizard in the console. That will generate a new certificate.

Simon.
0
 

Author Comment

by:isdd2000
ID: 39384728
Will try that Sembee2
0
 

Author Comment

by:isdd2000
ID: 39469414
Hi guys,

Sorry I know this has been a long standing issue.

Sembee2: I cant find configure my internet name in the console.

Jammorrison: where is it in the console?
0
 
LVL 63

Accepted Solution

by:
Simon Butler (Sembee) earned 500 total points
ID: 39469626
it is called setup your internet address, and is on the Network, Connectivity section.
Running fix my network should also resolve the issue.

Simon.
0
 

Author Comment

by:isdd2000
ID: 39482075
Hi Simon,

Will this effect our current configuration?
0
 
LVL 63

Expert Comment

by:Simon Butler (Sembee)
ID: 39488880
Shouldn't do. Just make sure that the settings are the same as what you have now.
Fix my network shouldn't change anything, but it depends what that tool finds.

Simon.
0
 

Author Closing Comment

by:isdd2000
ID: 39488912
Fix my network did not resolve this issue, re running setup internet address did after a server restart
0

Featured Post

Office 365 Training for Admins - 7 Day Trial

Learn how to provision tenants, synchronize on-premise Active Directory, implement Single Sign-On, customize Office deployment, and protect your organization with eDiscovery and DLP policies.  Only from Platform Scholar.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Background Information Recently I have fixed file server permission issues for one of my client. The client has 1800 users and one Windows Server 2008 R2 domain joined file server with 12 TB of data, 250+ shared folders and the folder structure i…
After hours on line I found a solution which pointed to the inherited Active Directory permissions . You have to give/allow permissions to the "Exchange trusted subsystem" for the user in the Active Directory...
In this video we show how to create a Resource Mailbox in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: Navigate to the Recipients >> Resources tab.: "Recipients" is our default selection …
The video tutorial explains the basics of the Exchange server Database Availability groups. The components of this video include: 1. Automatic Failover 2. Failover Clustering 3. Active Manager

726 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question