Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 546
  • Last Modified:

Event ID 12014 Exchange 2007

Windows 2003 R2 Enterprise 64bit Server
Exchange 2007 Enterprise 64bit

After opening port 1025 for smtp on my exchange server

I am now getting this error

Event Type:      Error
Event Source:      MSExchangeTransport
Event Category:      TransportService
Event ID:      12014
Date:            4/11/2013
Time:            6:00:36 PM
User:            N/A
Computer:      SERVER5
Description:
Microsoft Exchange could not find a certificate that contains the domain name mail.mydom.com in the personal store on the local computer. Therefore, it is unable to support the STARTTLS SMTP verb for the connector MYDOM Port 1025 with a FQDN parameter of mail.mydom.com. If the connector's FQDN is not specified, the computer's FQDN is used. Verify the connector configuration and the installed certificates to make sure that there is a certificate with a domain name for that FQDN. If this certificate exists, run Enable-ExchangeCertificate -Services SMTP to make sure that the Microsoft Exchange Transport service has access to the certificate key.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.


When I run get-exchangecertificate | fl   I see many certificates
Some with a status of Valid and others invalid.
I attached the output for your review.


Question 1. Should all my certificates be valid?
Question 2. Are the invalid ones duplicates of the valid one?
Question 3. I see one certificate with the service SMTP as valid can I use that thumbprint
for the enable-certificate command
Question 4. Should I enable-certificate all the invalid certificates?

I guess my real question is which thumbprint should I use?
exchangecertificate.txt
0
Thomas Grassi
Asked:
Thomas Grassi
  • 3
  • 2
1 Solution
 
Simon Butler (Sembee)ConsultantCommented:
The error means that there is no SSL certificate matching the FQDN on the connector.
Did you create a new connector or modify an existing one?

You have two options, neither of which are what you have suggested.
1. Create a new self signed SSL certificate using new-exchangecertificate and include the FQDN on the connector.

2. Change the FQDN on the connector to the server's real name. It will have no effect on email delivery, but will silence the error.

Simon.
0
 
Thomas GrassiSystems AdministratorAuthor Commented:
Simon

Thanks for responding

I created a new Connector
I have two nics on the server port 25 on Nic 1 and port 1025 on nic 2

Also I noticed on the properties of the first connector using port 25
the fqdn is server05.our.network.mydom.com

on the second connector for port 1025 the fqdn is mail.mydom.com

should they both be the same?

Is that what you meant for number 2?
0
 
Thomas GrassiSystems AdministratorAuthor Commented:
Simon

After making the above change now the people who send to port 1025 the smtp email does not work mail does not come in on that connector.

changing the connector from mail.mydom.com to server05.our.network.mydom.com which is the servers FQDN stops mail coming in on port 1025.

I am not getting any errors on the exchange server now but email using port 1025 is not working.

Any idas?
0
 
Simon Butler (Sembee)ConsultantCommented:
The FQDN would have nothing to do with the ability to receive email.
Have you checked that you can actually connect to the port? You will need to use telnet:

telnet host.example.com 1025

Having both connectors with teh same FQDN will be fine - that is how they are configured out of the box.

Simon.
0
 
Thomas GrassiSystems AdministratorAuthor Commented:
Simon
Yes I was able to telnet to that port no problem.

I found after debugging the email program I was using (Febootimail) nice batch smtp email program. I had to add STARTTLS parameter to the command line I was using.

Now it is working and I have not seen Event ID 12014 for a couple of days.

Having the New connector use the FQDN of the server did the job.
0

Featured Post

Free Backup Tool for VMware and Hyper-V

Restore full virtual machine or individual guest files from 19 common file systems directly from the backup file. Schedule VM backups with PowerShell scripts. Set desired time, lean back and let the script to notify you via email upon completion.  

  • 3
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now