Event ID 12014 Exchange 2007

Windows 2003 R2 Enterprise 64bit Server
Exchange 2007 Enterprise 64bit

After opening port 1025 for smtp on my exchange server

I am now getting this error

Event Type:      Error
Event Source:      MSExchangeTransport
Event Category:      TransportService
Event ID:      12014
Date:            4/11/2013
Time:            6:00:36 PM
User:            N/A
Computer:      SERVER5
Description:
Microsoft Exchange could not find a certificate that contains the domain name mail.mydom.com in the personal store on the local computer. Therefore, it is unable to support the STARTTLS SMTP verb for the connector MYDOM Port 1025 with a FQDN parameter of mail.mydom.com. If the connector's FQDN is not specified, the computer's FQDN is used. Verify the connector configuration and the installed certificates to make sure that there is a certificate with a domain name for that FQDN. If this certificate exists, run Enable-ExchangeCertificate -Services SMTP to make sure that the Microsoft Exchange Transport service has access to the certificate key.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.


When I run get-exchangecertificate | fl   I see many certificates
Some with a status of Valid and others invalid.
I attached the output for your review.


Question 1. Should all my certificates be valid?
Question 2. Are the invalid ones duplicates of the valid one?
Question 3. I see one certificate with the service SMTP as valid can I use that thumbprint
for the enable-certificate command
Question 4. Should I enable-certificate all the invalid certificates?

I guess my real question is which thumbprint should I use?
exchangecertificate.txt
LVL 23
Thomas GrassiSystems AdministratorAsked:
Who is Participating?

Improve company productivity with a Business Account.Sign Up

x
 
Simon Butler (Sembee)Connect With a Mentor ConsultantCommented:
The error means that there is no SSL certificate matching the FQDN on the connector.
Did you create a new connector or modify an existing one?

You have two options, neither of which are what you have suggested.
1. Create a new self signed SSL certificate using new-exchangecertificate and include the FQDN on the connector.

2. Change the FQDN on the connector to the server's real name. It will have no effect on email delivery, but will silence the error.

Simon.
0
 
Thomas GrassiSystems AdministratorAuthor Commented:
Simon

Thanks for responding

I created a new Connector
I have two nics on the server port 25 on Nic 1 and port 1025 on nic 2

Also I noticed on the properties of the first connector using port 25
the fqdn is server05.our.network.mydom.com

on the second connector for port 1025 the fqdn is mail.mydom.com

should they both be the same?

Is that what you meant for number 2?
0
 
Thomas GrassiSystems AdministratorAuthor Commented:
Simon

After making the above change now the people who send to port 1025 the smtp email does not work mail does not come in on that connector.

changing the connector from mail.mydom.com to server05.our.network.mydom.com which is the servers FQDN stops mail coming in on port 1025.

I am not getting any errors on the exchange server now but email using port 1025 is not working.

Any idas?
0
 
Simon Butler (Sembee)ConsultantCommented:
The FQDN would have nothing to do with the ability to receive email.
Have you checked that you can actually connect to the port? You will need to use telnet:

telnet host.example.com 1025

Having both connectors with teh same FQDN will be fine - that is how they are configured out of the box.

Simon.
0
 
Thomas GrassiSystems AdministratorAuthor Commented:
Simon
Yes I was able to telnet to that port no problem.

I found after debugging the email program I was using (Febootimail) nice batch smtp email program. I had to add STARTTLS parameter to the command line I was using.

Now it is working and I have not seen Event ID 12014 for a couple of days.

Having the New connector use the FQDN of the server did the job.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.