Solved

SBS2008 : "There is no valid SMTP Transport Layer Security (TLS) certificate for the FQDN of

Posted on 2013-05-29
2
3,201 Views
Last Modified: 2013-08-13
My customer's Small Business Server 2008 (Exchange 2007) system has just started receiving the following error messages in the Application log every 24 hours.  Can I trouble someone to confirm the correct procedure for fixing this as my googling came up with several diferent results:

There is no valid SMTP Transport Layer Security (TLS) certificate for the FQDN of LSCS02.contoso.local. The existing certificate for that FQDN has expired. The continued use of that FQDN will cause mail flow problems. A new certificate that contains the FQDN of LSCS02.contoso.local should be installed on this server as soon as possible. You can create a new certificate by using the New-ExchangeCertificate task.



Log Name:      Application
Source:        MSExchangeTransport
Date:          28/05/2013 11:06:17 PM
Event ID:      12016
Task Category: TransportService
Level:         Error
Keywords:      Classic
User:          N/A
Computer:      LSCS02.contoso.local
Description:
There is no valid SMTP Transport Layer Security (TLS) certificate for the FQDN of LSCS02.contoso.local. The existing certificate for that FQDN has expired. The continued use of that FQDN will cause mail flow problems. A new certificate that contains the FQDN of LSCS02.contoso.local should be installed on this server as soon as possible. You can create a new certificate by using the New-ExchangeCertificate task.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="MSExchangeTransport" />
    <EventID Qualifiers="49156">12016</EventID>
    <Level>2</Level>
    <Task>12</Task>
    <Keywords>0x80000000000000</Keywords>
    <TimeCreated SystemTime="2013-05-28T13:06:17.000Z" />
    <EventRecordID>2992616</EventRecordID>
    <Channel>Application</Channel>
    <Computer>LSCS02.contoso.local</Computer>
    <Security />
  </System>
  <EventData>
    <Data>LSCS02.contoso.local</Data>
    <Data>581E0EEBABE76E3264131E5FAD49669ED303671A</Data>
  </EventData>
</Event>
0
Comment
Question by:SGSMikeG
2 Comments
 
LVL 12

Expert Comment

by:Chris
Comment Utility
This is because the certificate that SBS generates during installation has expired. In order to generate a new one please follow the guide linked below:

http://www.petenetlive.com/KB/Article/0000535.htm

When you reach step 6, it will be simplest for you to use the mentioned website, you need to ensure you enter all the required details correctly. You also need to ensure you enter any additional domain names or theres a chance the cert wont work. in order to check what extra domain names are required please run through the following:

Open exchange management shell
run 'get-exchangecertificate | fl'


This will output a fair amount of info about all certificates installed on the server, each certificate will be seperated by a blank line. Please find the certificate that has all services assigned to it. This will be the one with the line:

Services:   IMAP, POP, IIS, SMTP

Once you've found the correct certificate look for the 'CertificateDomains' section. This will list all the domains that the certificate is valid for, each domain will be seperated by a comma. These domains need to go in the 'Subject Alternative Names' field on the website.

You should also note down the 'Subject' section. The first part of this will be something like CN=mail.servername.com. The domain name after the equals sign needs to go in the 'Common Name' field on the website.

I'm not sure how well I've described this so please feel free to ask if you have any questions.
0
 
LVL 8

Accepted Solution

by:
I Qasmi earned 500 total points
Comment Utility
Open Exchange powershell

type Get-ExchangeCertificate |FL
you will get all the certificates listed with all details

there you can check and find which certificate is expired and assigned the FQDN : LSCS02.contoso.local

I believe the event already is displaying the certificate expired with the
thumbprint : 581E0EEBABE76E3264131E5FAD49669ED303671A

check whether it is self assigned or internal Server assigned or third party assigned certificate and then renew it accordingly


for further details :

http://www.experts-exchange.com/Software/Server_Software/Email_Servers/Exchange/Q_28068630.html

check my answered link at EE

Also to get the exact certificate

type at exchange powershell >

Get-ExchangeCertificate -thumbprint  "581E0EEBABE76E3264131E5FAD49669ED303671A"

and you will get the information of the certificate expired ..
0

Featured Post

Too many email signature changes to deal with?

Are you constantly being asked to update your organization's email signatures? Do they take up too much of your time? Wouldn't you love to be able to manage all signatures from one central location, easily design them and deploy them quickly to users. Well, you can!

Join & Write a Comment

We are happy to announce a brand new addition to our line of acclaimed email signature management products – CodeTwo Email Signatures for Office 365.
Following basic email etiquette rules will help you write a professional email and achieve a good, lasting impression with your contacts.
This tutorial will give a short introduction and overview of Backup Exec 2012 and how to navigate and perform basic functions. Click on the Backup Exec button in the upper left corner. From here, are global settings for the application such as conne…
This tutorial will show how to configure a single USB drive with a separate folder for each day of the week. This will allow each of the backups to be kept separate preventing the previous day’s backup from being overwritten. The USB drive must be s…

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

9 Experts available now in Live!

Get 1:1 Help Now