[2 days left] What’s wrong with your cloud strategy? Learn why multicloud solutions matter with Nimble Storage.Register Now

x
?
Solved

SBS2008 : "There is no valid SMTP Transport Layer Security (TLS) certificate for the FQDN of

Posted on 2013-05-29
2
Medium Priority
?
3,625 Views
Last Modified: 2013-08-13
My customer's Small Business Server 2008 (Exchange 2007) system has just started receiving the following error messages in the Application log every 24 hours.  Can I trouble someone to confirm the correct procedure for fixing this as my googling came up with several diferent results:

There is no valid SMTP Transport Layer Security (TLS) certificate for the FQDN of LSCS02.contoso.local. The existing certificate for that FQDN has expired. The continued use of that FQDN will cause mail flow problems. A new certificate that contains the FQDN of LSCS02.contoso.local should be installed on this server as soon as possible. You can create a new certificate by using the New-ExchangeCertificate task.



Log Name:      Application
Source:        MSExchangeTransport
Date:          28/05/2013 11:06:17 PM
Event ID:      12016
Task Category: TransportService
Level:         Error
Keywords:      Classic
User:          N/A
Computer:      LSCS02.contoso.local
Description:
There is no valid SMTP Transport Layer Security (TLS) certificate for the FQDN of LSCS02.contoso.local. The existing certificate for that FQDN has expired. The continued use of that FQDN will cause mail flow problems. A new certificate that contains the FQDN of LSCS02.contoso.local should be installed on this server as soon as possible. You can create a new certificate by using the New-ExchangeCertificate task.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="MSExchangeTransport" />
    <EventID Qualifiers="49156">12016</EventID>
    <Level>2</Level>
    <Task>12</Task>
    <Keywords>0x80000000000000</Keywords>
    <TimeCreated SystemTime="2013-05-28T13:06:17.000Z" />
    <EventRecordID>2992616</EventRecordID>
    <Channel>Application</Channel>
    <Computer>LSCS02.contoso.local</Computer>
    <Security />
  </System>
  <EventData>
    <Data>LSCS02.contoso.local</Data>
    <Data>581E0EEBABE76E3264131E5FAD49669ED303671A</Data>
  </EventData>
</Event>
0
Comment
Question by:Michael Green
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 12

Expert Comment

by:Chris
ID: 39204390
This is because the certificate that SBS generates during installation has expired. In order to generate a new one please follow the guide linked below:

http://www.petenetlive.com/KB/Article/0000535.htm

When you reach step 6, it will be simplest for you to use the mentioned website, you need to ensure you enter all the required details correctly. You also need to ensure you enter any additional domain names or theres a chance the cert wont work. in order to check what extra domain names are required please run through the following:

Open exchange management shell
run 'get-exchangecertificate | fl'


This will output a fair amount of info about all certificates installed on the server, each certificate will be seperated by a blank line. Please find the certificate that has all services assigned to it. This will be the one with the line:

Services:   IMAP, POP, IIS, SMTP

Once you've found the correct certificate look for the 'CertificateDomains' section. This will list all the domains that the certificate is valid for, each domain will be seperated by a comma. These domains need to go in the 'Subject Alternative Names' field on the website.

You should also note down the 'Subject' section. The first part of this will be something like CN=mail.servername.com. The domain name after the equals sign needs to go in the 'Common Name' field on the website.

I'm not sure how well I've described this so please feel free to ask if you have any questions.
0
 
LVL 8

Accepted Solution

by:
I Qasmi earned 2000 total points
ID: 39204397
Open Exchange powershell

type Get-ExchangeCertificate |FL
you will get all the certificates listed with all details

there you can check and find which certificate is expired and assigned the FQDN : LSCS02.contoso.local

I believe the event already is displaying the certificate expired with the
thumbprint : 581E0EEBABE76E3264131E5FAD49669ED303671A

check whether it is self assigned or internal Server assigned or third party assigned certificate and then renew it accordingly


for further details :

http://www.experts-exchange.com/Software/Server_Software/Email_Servers/Exchange/Q_28068630.html

check my answered link at EE

Also to get the exact certificate

type at exchange powershell >

Get-ExchangeCertificate -thumbprint  "581E0EEBABE76E3264131E5FAD49669ED303671A"

and you will get the information of the certificate expired ..
0

Featured Post

Fill in the form and get your FREE NFR key NOW!

Veeam® is happy to provide a FREE NFR server license to certified engineers, trainers, and bloggers.  It allows for the non‑production use of Veeam Agent for Microsoft Windows. This license is valid for five workstations and two servers.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I don't pretend to be an expert at this, but I have found a few things that are useful. I hope that sharing them here will help others, so they will not have to face some rather hard choices. Since I felt this to be a topic of enough importance and…
Want to know how to use Exchange Server Eseutil command? Go through this article as it gives you the know-how.
The basic steps you have just learned will be implemented in this video. The basic steps are shown to configure an Exchange DAG in a live working Exchange Server Environment and manage the same (Exchange Server 2010 Software is used in a Windows Ser…
There are cases when e.g. an IT administrator wants to have full access and view into selected mailboxes on Exchange server, directly from his own email account in Outlook or Outlook Web Access. This proves useful when for example administrator want…

649 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question