Improve company productivity with a Business Account.Sign Up

x
?
Solved

SBS2008 : "There is no valid SMTP Transport Layer Security (TLS) certificate for the FQDN of

Posted on 2013-05-29
2
Medium Priority
?
3,696 Views
Last Modified: 2013-08-13
My customer's Small Business Server 2008 (Exchange 2007) system has just started receiving the following error messages in the Application log every 24 hours.  Can I trouble someone to confirm the correct procedure for fixing this as my googling came up with several diferent results:

There is no valid SMTP Transport Layer Security (TLS) certificate for the FQDN of LSCS02.contoso.local. The existing certificate for that FQDN has expired. The continued use of that FQDN will cause mail flow problems. A new certificate that contains the FQDN of LSCS02.contoso.local should be installed on this server as soon as possible. You can create a new certificate by using the New-ExchangeCertificate task.



Log Name:      Application
Source:        MSExchangeTransport
Date:          28/05/2013 11:06:17 PM
Event ID:      12016
Task Category: TransportService
Level:         Error
Keywords:      Classic
User:          N/A
Computer:      LSCS02.contoso.local
Description:
There is no valid SMTP Transport Layer Security (TLS) certificate for the FQDN of LSCS02.contoso.local. The existing certificate for that FQDN has expired. The continued use of that FQDN will cause mail flow problems. A new certificate that contains the FQDN of LSCS02.contoso.local should be installed on this server as soon as possible. You can create a new certificate by using the New-ExchangeCertificate task.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="MSExchangeTransport" />
    <EventID Qualifiers="49156">12016</EventID>
    <Level>2</Level>
    <Task>12</Task>
    <Keywords>0x80000000000000</Keywords>
    <TimeCreated SystemTime="2013-05-28T13:06:17.000Z" />
    <EventRecordID>2992616</EventRecordID>
    <Channel>Application</Channel>
    <Computer>LSCS02.contoso.local</Computer>
    <Security />
  </System>
  <EventData>
    <Data>LSCS02.contoso.local</Data>
    <Data>581E0EEBABE76E3264131E5FAD49669ED303671A</Data>
  </EventData>
</Event>
0
Comment
Question by:Michael Green
2 Comments
 
LVL 12

Expert Comment

by:Chris
ID: 39204390
This is because the certificate that SBS generates during installation has expired. In order to generate a new one please follow the guide linked below:

http://www.petenetlive.com/KB/Article/0000535.htm

When you reach step 6, it will be simplest for you to use the mentioned website, you need to ensure you enter all the required details correctly. You also need to ensure you enter any additional domain names or theres a chance the cert wont work. in order to check what extra domain names are required please run through the following:

Open exchange management shell
run 'get-exchangecertificate | fl'


This will output a fair amount of info about all certificates installed on the server, each certificate will be seperated by a blank line. Please find the certificate that has all services assigned to it. This will be the one with the line:

Services:   IMAP, POP, IIS, SMTP

Once you've found the correct certificate look for the 'CertificateDomains' section. This will list all the domains that the certificate is valid for, each domain will be seperated by a comma. These domains need to go in the 'Subject Alternative Names' field on the website.

You should also note down the 'Subject' section. The first part of this will be something like CN=mail.servername.com. The domain name after the equals sign needs to go in the 'Common Name' field on the website.

I'm not sure how well I've described this so please feel free to ask if you have any questions.
0
 
LVL 8

Accepted Solution

by:
I Qasmi earned 2000 total points
ID: 39204397
Open Exchange powershell

type Get-ExchangeCertificate |FL
you will get all the certificates listed with all details

there you can check and find which certificate is expired and assigned the FQDN : LSCS02.contoso.local

I believe the event already is displaying the certificate expired with the
thumbprint : 581E0EEBABE76E3264131E5FAD49669ED303671A

check whether it is self assigned or internal Server assigned or third party assigned certificate and then renew it accordingly


for further details :

http://www.experts-exchange.com/Software/Server_Software/Email_Servers/Exchange/Q_28068630.html

check my answered link at EE

Also to get the exact certificate

type at exchange powershell >

Get-ExchangeCertificate -thumbprint  "581E0EEBABE76E3264131E5FAD49669ED303671A"

and you will get the information of the certificate expired ..
0

Featured Post

Simplify Active Directory Administration

Administration of Active Directory does not have to be hard.  Too often what should be a simple task is made more difficult than it needs to be.The solution?  Hyena from SystemTools Software.  With ease-of-use as well as powerful importing and bulk updating capabilities.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Configure external lookups on for external mail flow on Exchange 2013 and Exchange 2016.
In an Exchange Crossforest migration, the distribution groups can be a very complex operation that would cause loss of time, lots of issues and continued headaches if not solved in a timely manner. I had to do a similar project so I created a sc…
The basic steps you have just learned will be implemented in this video. The basic steps are shown to configure an Exchange DAG in a live working Exchange Server Environment and manage the same (Exchange Server 2010 Software is used in a Windows Ser…
In this video I will demonstrate how to set up Nine, which I now consider the best alternative email app to Touchdown.

595 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question