• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 477
  • Last Modified:

MSExchangeTransport Issues

Having a strange problem with my Exchange, I keep getting this error:

Log Name:      Application
Source:        MSExchangeTransport
Date:          2013/09/10 09:29:03 AM
Event ID:      12014
Task Category: TransportService
Level:         Error
Keywords:      Classic
User:          N/A
Computer:      MailSRV.intdomain.za
Microsoft Exchange could not find a certificate that contains the domain name MailSRV.intdomain.za in the personal store on the local computer. Therefore, it is unable to support the STARTTLS SMTP verb for the connector SharePoint 2010 Outgoing Mail with a FQDN parameter of MailSRV.intdomain.za. If the connector's FQDN is not specified, the computer's FQDN is used. Verify the connector configuration and the installed certificates to make sure that there is a certificate with a domain name for that FQDN. If this certificate exists, run Enable-ExchangeCertificate -Services SMTP to make sure that the Microsoft Exchange Transport service has access to the certificate key.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
    <Provider Name="MSExchangeTransport" />
    <EventID Qualifiers="49156">12014</EventID>
    <TimeCreated SystemTime="2013-09-10T07:29:03.000Z" />
    <Security />
    <Data>SharePoint 2010 Outgoing Mail</Data>

I have checked my security certificate and it is valid for another few years, this is a cert from DigiCert by the way, however the cert does not contain my internal domain name as Digicert mentioned that this is no longer allowed.

What am I missing?
4 Solutions
You need to either modify the FQDN on the send connector if this connector sends externally or generate a new certificate for internal use.

This guide should help you out setting the external FQDN: http://www.petenetlive.com/KB/Article/0000174.htm

Make sure the FQDN you use on the send connector matches an FQDN present in the SSL certificate you already have.
DJMohrAuthor Commented:
The FQDN I have in the SSL cert is our external cname, will that cause problems?
MAS (MVE)Technical Department HeadCommented:
-->The FQDN I have in the SSL cert is our external cname, will that cause problems?
It will not cause problems

Do you have another certificate other than the service assigned certificate?

If yes Please check whether that is causing this issue.
Easily manage email signatures in Office 365

Managing email signatures in Office 365 can be a challenging task if you don't have the right tool. CodeTwo Email Signatures for Office 365 will help you implement a unified email signature look, no matter what email client is used by users. Test it for free!

DJMohrAuthor Commented:
Nope, only have the service assigned cert
MAS (MVE)Technical Department HeadCommented:
Sushil SonawaneCommented:
Create a certificate with the domain "MailSRV.intdomain.za" and assign the "SMTP" service to the certificate to resolve issue.


As give the solution : N-W

You need to either modify the FQDN on the send connector if this connector sends externally or generate a new certificate for internal use.
DJMohrAuthor Commented:
I have changed the FQDN on the send connector, will monitor and report back.
DJMohrAuthor Commented:
The error persists.

I assume the next step is to create a self assigned cert?
MAS (MVE)Technical Department HeadCommented:
Did you restart transport service.
If not please try that first
DJMohrAuthor Commented:
@ abbasiftt

I disabled the TLS authentication from my receive connectors and it appears as if the problem is resolved, will monitor it and report back.
Md. MojahidCommented:
 The Exchange server, may setup to use wrong certificate or doesn't setup to use certificate.
The certificate should reflect the external FQDN name of the server.

1. Open "Exchange Management Shell".
2. Write "get-ExchangeCertificate" and press on "Enter" button.
3. Write down the Thumbprint of the certificate that reflect the required FQDN name of the server.
4. Review the current certificate that use by the Exchange server andeach certificate function.
5. Write "Enable-ExchangeCertificate -Thumbprint 2afd26617915932ad096c48eb3b847fc7457662 -Services "SMTP"
       and press on 'Enter" button.(The value of -Thumbprint obtained in stage 3.)

6.Remove the old certificate

[PS] C:\Windows\System32>Remove-ExchangeCertificate -Thumbprint 2afd26617915932ad096c48eb3b847fc7457662

Just confirm Yes when prompted.

7. Restart the Exchange server.
DJMohrAuthor Commented:
unchecking the TLS authentication did the trick, I am no longer receiving the error.
DJMohrAuthor Commented:
Thanks to all who helped.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Keep up with what's happening at Experts Exchange!

Sign up to receive Decoded, a new monthly digest with product updates, feature release info, continuing education opportunities, and more.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now