?
Solved

SBS2008 : "There is no valid SMTP Transport Layer Security (TLS) certificate for the FQDN of

Posted on 2013-05-29
2
Medium Priority
?
3,586 Views
Last Modified: 2013-08-13
My customer's Small Business Server 2008 (Exchange 2007) system has just started receiving the following error messages in the Application log every 24 hours.  Can I trouble someone to confirm the correct procedure for fixing this as my googling came up with several diferent results:

There is no valid SMTP Transport Layer Security (TLS) certificate for the FQDN of LSCS02.contoso.local. The existing certificate for that FQDN has expired. The continued use of that FQDN will cause mail flow problems. A new certificate that contains the FQDN of LSCS02.contoso.local should be installed on this server as soon as possible. You can create a new certificate by using the New-ExchangeCertificate task.



Log Name:      Application
Source:        MSExchangeTransport
Date:          28/05/2013 11:06:17 PM
Event ID:      12016
Task Category: TransportService
Level:         Error
Keywords:      Classic
User:          N/A
Computer:      LSCS02.contoso.local
Description:
There is no valid SMTP Transport Layer Security (TLS) certificate for the FQDN of LSCS02.contoso.local. The existing certificate for that FQDN has expired. The continued use of that FQDN will cause mail flow problems. A new certificate that contains the FQDN of LSCS02.contoso.local should be installed on this server as soon as possible. You can create a new certificate by using the New-ExchangeCertificate task.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="MSExchangeTransport" />
    <EventID Qualifiers="49156">12016</EventID>
    <Level>2</Level>
    <Task>12</Task>
    <Keywords>0x80000000000000</Keywords>
    <TimeCreated SystemTime="2013-05-28T13:06:17.000Z" />
    <EventRecordID>2992616</EventRecordID>
    <Channel>Application</Channel>
    <Computer>LSCS02.contoso.local</Computer>
    <Security />
  </System>
  <EventData>
    <Data>LSCS02.contoso.local</Data>
    <Data>581E0EEBABE76E3264131E5FAD49669ED303671A</Data>
  </EventData>
</Event>
0
Comment
Question by:Michael Green
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 12

Expert Comment

by:Chris
ID: 39204390
This is because the certificate that SBS generates during installation has expired. In order to generate a new one please follow the guide linked below:

http://www.petenetlive.com/KB/Article/0000535.htm

When you reach step 6, it will be simplest for you to use the mentioned website, you need to ensure you enter all the required details correctly. You also need to ensure you enter any additional domain names or theres a chance the cert wont work. in order to check what extra domain names are required please run through the following:

Open exchange management shell
run 'get-exchangecertificate | fl'


This will output a fair amount of info about all certificates installed on the server, each certificate will be seperated by a blank line. Please find the certificate that has all services assigned to it. This will be the one with the line:

Services:   IMAP, POP, IIS, SMTP

Once you've found the correct certificate look for the 'CertificateDomains' section. This will list all the domains that the certificate is valid for, each domain will be seperated by a comma. These domains need to go in the 'Subject Alternative Names' field on the website.

You should also note down the 'Subject' section. The first part of this will be something like CN=mail.servername.com. The domain name after the equals sign needs to go in the 'Common Name' field on the website.

I'm not sure how well I've described this so please feel free to ask if you have any questions.
0
 
LVL 8

Accepted Solution

by:
I Qasmi earned 2000 total points
ID: 39204397
Open Exchange powershell

type Get-ExchangeCertificate |FL
you will get all the certificates listed with all details

there you can check and find which certificate is expired and assigned the FQDN : LSCS02.contoso.local

I believe the event already is displaying the certificate expired with the
thumbprint : 581E0EEBABE76E3264131E5FAD49669ED303671A

check whether it is self assigned or internal Server assigned or third party assigned certificate and then renew it accordingly


for further details :

http://www.experts-exchange.com/Software/Server_Software/Email_Servers/Exchange/Q_28068630.html

check my answered link at EE

Also to get the exact certificate

type at exchange powershell >

Get-ExchangeCertificate -thumbprint  "581E0EEBABE76E3264131E5FAD49669ED303671A"

and you will get the information of the certificate expired ..
0

Featured Post

On Demand Webinar - Networking for the Cloud Era

This webinar discusses:
-Common barriers companies experience when moving to the cloud
-How SD-WAN changes the way we look at networks
-Best practices customers should employ moving forward with cloud migration
-What happens behind the scenes of SteelConnect’s one-click button

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If you troubleshoot Outlook for clients, you may want to know a bit more about the OST file before doing your next job. IMAP can cause a lot of drama if removed in the accounts without backing up.
Resolving an irritating Remote Desktop connection that stops your saved credentials from being used.
This tutorial will walk an individual through configuring a drive on a Windows Server 2008 to perform shadow copies in order to quickly recover deleted files and folders. Click on Start and then select Computer to view the available drives on the se…
This video discusses moving either the default database or any database to a new volume.
Suggested Courses

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question