Solved

Event ID 12014 Exchange 2007

Posted on 2013-06-10
5
470 Views
Last Modified: 2013-06-12
Windows 2003 R2 Enterprise 64bit Server
Exchange 2007 Enterprise 64bit

After opening port 1025 for smtp on my exchange server

I am now getting this error

Event Type:      Error
Event Source:      MSExchangeTransport
Event Category:      TransportService
Event ID:      12014
Date:            4/11/2013
Time:            6:00:36 PM
User:            N/A
Computer:      SERVER5
Description:
Microsoft Exchange could not find a certificate that contains the domain name mail.mydom.com in the personal store on the local computer. Therefore, it is unable to support the STARTTLS SMTP verb for the connector MYDOM Port 1025 with a FQDN parameter of mail.mydom.com. If the connector's FQDN is not specified, the computer's FQDN is used. Verify the connector configuration and the installed certificates to make sure that there is a certificate with a domain name for that FQDN. If this certificate exists, run Enable-ExchangeCertificate -Services SMTP to make sure that the Microsoft Exchange Transport service has access to the certificate key.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.


When I run get-exchangecertificate | fl   I see many certificates
Some with a status of Valid and others invalid.
I attached the output for your review.


Question 1. Should all my certificates be valid?
Question 2. Are the invalid ones duplicates of the valid one?
Question 3. I see one certificate with the service SMTP as valid can I use that thumbprint
for the enable-certificate command
Question 4. Should I enable-certificate all the invalid certificates?

I guess my real question is which thumbprint should I use?
exchangecertificate.txt
0
Comment
Question by:Thomas Grassi
  • 3
  • 2
5 Comments
 
LVL 63

Accepted Solution

by:
Simon Butler (Sembee) earned 500 total points
ID: 39234949
The error means that there is no SSL certificate matching the FQDN on the connector.
Did you create a new connector or modify an existing one?

You have two options, neither of which are what you have suggested.
1. Create a new self signed SSL certificate using new-exchangecertificate and include the FQDN on the connector.

2. Change the FQDN on the connector to the server's real name. It will have no effect on email delivery, but will silence the error.

Simon.
0
 
LVL 23

Author Comment

by:Thomas Grassi
ID: 39235372
Simon

Thanks for responding

I created a new Connector
I have two nics on the server port 25 on Nic 1 and port 1025 on nic 2

Also I noticed on the properties of the first connector using port 25
the fqdn is server05.our.network.mydom.com

on the second connector for port 1025 the fqdn is mail.mydom.com

should they both be the same?

Is that what you meant for number 2?
0
 
LVL 23

Author Comment

by:Thomas Grassi
ID: 39239940
Simon

After making the above change now the people who send to port 1025 the smtp email does not work mail does not come in on that connector.

changing the connector from mail.mydom.com to server05.our.network.mydom.com which is the servers FQDN stops mail coming in on port 1025.

I am not getting any errors on the exchange server now but email using port 1025 is not working.

Any idas?
0
 
LVL 63

Expert Comment

by:Simon Butler (Sembee)
ID: 39240671
The FQDN would have nothing to do with the ability to receive email.
Have you checked that you can actually connect to the port? You will need to use telnet:

telnet host.example.com 1025

Having both connectors with teh same FQDN will be fine - that is how they are configured out of the box.

Simon.
0
 
LVL 23

Author Closing Comment

by:Thomas Grassi
ID: 39240842
Simon
Yes I was able to telnet to that port no problem.

I found after debugging the email program I was using (Febootimail) nice batch smtp email program. I had to add STARTTLS parameter to the command line I was using.

Now it is working and I have not seen Event ID 12014 for a couple of days.

Having the New connector use the FQDN of the server did the job.
0

Featured Post

Why won’t your email signature format correctly?

Struggling to get your corporate email signatures to format correctly? Does the logo keep resizing? Is the text appearing too big? What can you do to prevent this? Find out how you can save your signatures today.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This process describes the steps required to Import and Export data from and to .pst files using Exchange 2010. We can use these steps to export data from a user to a .pst file, import data back to the same or a different user, or even import data t…
Scam emails are a huge burden for many businesses. Spotting one is not always easy. Follow our tips to identify if an email you receive is a scam.
In this video we show how to create a mailbox database in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Servers >> Data…
To add imagery to an HTML email signature, you have two options available to you. You can either add a logo/image by embedding it directly into the signature or hosting it externally and linking to it. The vast majority of email clients display l…

911 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

26 Experts available now in Live!

Get 1:1 Help Now