Solved

SBS2008 : "There is no valid SMTP Transport Layer Security (TLS) certificate for the FQDN of

Posted on 2013-05-29
2
3,408 Views
Last Modified: 2013-08-13
My customer's Small Business Server 2008 (Exchange 2007) system has just started receiving the following error messages in the Application log every 24 hours.  Can I trouble someone to confirm the correct procedure for fixing this as my googling came up with several diferent results:

There is no valid SMTP Transport Layer Security (TLS) certificate for the FQDN of LSCS02.contoso.local. The existing certificate for that FQDN has expired. The continued use of that FQDN will cause mail flow problems. A new certificate that contains the FQDN of LSCS02.contoso.local should be installed on this server as soon as possible. You can create a new certificate by using the New-ExchangeCertificate task.



Log Name:      Application
Source:        MSExchangeTransport
Date:          28/05/2013 11:06:17 PM
Event ID:      12016
Task Category: TransportService
Level:         Error
Keywords:      Classic
User:          N/A
Computer:      LSCS02.contoso.local
Description:
There is no valid SMTP Transport Layer Security (TLS) certificate for the FQDN of LSCS02.contoso.local. The existing certificate for that FQDN has expired. The continued use of that FQDN will cause mail flow problems. A new certificate that contains the FQDN of LSCS02.contoso.local should be installed on this server as soon as possible. You can create a new certificate by using the New-ExchangeCertificate task.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="MSExchangeTransport" />
    <EventID Qualifiers="49156">12016</EventID>
    <Level>2</Level>
    <Task>12</Task>
    <Keywords>0x80000000000000</Keywords>
    <TimeCreated SystemTime="2013-05-28T13:06:17.000Z" />
    <EventRecordID>2992616</EventRecordID>
    <Channel>Application</Channel>
    <Computer>LSCS02.contoso.local</Computer>
    <Security />
  </System>
  <EventData>
    <Data>LSCS02.contoso.local</Data>
    <Data>581E0EEBABE76E3264131E5FAD49669ED303671A</Data>
  </EventData>
</Event>
0
Comment
Question by:Michael Green
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 12

Expert Comment

by:Chris
ID: 39204390
This is because the certificate that SBS generates during installation has expired. In order to generate a new one please follow the guide linked below:

http://www.petenetlive.com/KB/Article/0000535.htm

When you reach step 6, it will be simplest for you to use the mentioned website, you need to ensure you enter all the required details correctly. You also need to ensure you enter any additional domain names or theres a chance the cert wont work. in order to check what extra domain names are required please run through the following:

Open exchange management shell
run 'get-exchangecertificate | fl'


This will output a fair amount of info about all certificates installed on the server, each certificate will be seperated by a blank line. Please find the certificate that has all services assigned to it. This will be the one with the line:

Services:   IMAP, POP, IIS, SMTP

Once you've found the correct certificate look for the 'CertificateDomains' section. This will list all the domains that the certificate is valid for, each domain will be seperated by a comma. These domains need to go in the 'Subject Alternative Names' field on the website.

You should also note down the 'Subject' section. The first part of this will be something like CN=mail.servername.com. The domain name after the equals sign needs to go in the 'Common Name' field on the website.

I'm not sure how well I've described this so please feel free to ask if you have any questions.
0
 
LVL 8

Accepted Solution

by:
I Qasmi earned 500 total points
ID: 39204397
Open Exchange powershell

type Get-ExchangeCertificate |FL
you will get all the certificates listed with all details

there you can check and find which certificate is expired and assigned the FQDN : LSCS02.contoso.local

I believe the event already is displaying the certificate expired with the
thumbprint : 581E0EEBABE76E3264131E5FAD49669ED303671A

check whether it is self assigned or internal Server assigned or third party assigned certificate and then renew it accordingly


for further details :

http://www.experts-exchange.com/Software/Server_Software/Email_Servers/Exchange/Q_28068630.html

check my answered link at EE

Also to get the exact certificate

type at exchange powershell >

Get-ExchangeCertificate -thumbprint  "581E0EEBABE76E3264131E5FAD49669ED303671A"

and you will get the information of the certificate expired ..
0

Featured Post

Use Case: Protecting a Hybrid Cloud Infrastructure

Microsoft Azure is rapidly becoming the norm in dynamic IT environments. This document describes the challenges that organizations face when protecting data in a hybrid cloud IT environment and presents a use case to demonstrate how Acronis Backup protects all data.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A procedure for exporting installed hotfix details of remote computers using powershell
A list of top three free exchange EDB viewers that helps the user to extract a mailbox from an unmounted .edb file and get a clear preview of all emails & other items with just a single click on mailboxes.
This tutorial will walk an individual through the steps necessary to enable the VMware\Hyper-V licensed feature of Backup Exec 2012. In addition, how to add a VMware server and configure a backup job. The first step is to acquire the necessary licen…
In this Micro Video tutorial you will learn the basics about Database Availability Groups and How to configure one using a live Exchange Server Environment. The video tutorial explains the basics of the Exchange server Database Availability grou…

726 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question