MSExchangeTransport Issues

Having a strange problem with my Exchange, I keep getting this error:

Log Name:      Application
Source:        MSExchangeTransport
Date:          2013/09/10 09:29:03 AM
Event ID:      12014
Task Category: TransportService
Level:         Error
Keywords:      Classic
User:          N/A
Computer:      MailSRV.intdomain.za
Description:
Microsoft Exchange could not find a certificate that contains the domain name MailSRV.intdomain.za in the personal store on the local computer. Therefore, it is unable to support the STARTTLS SMTP verb for the connector SharePoint 2010 Outgoing Mail with a FQDN parameter of MailSRV.intdomain.za. If the connector's FQDN is not specified, the computer's FQDN is used. Verify the connector configuration and the installed certificates to make sure that there is a certificate with a domain name for that FQDN. If this certificate exists, run Enable-ExchangeCertificate -Services SMTP to make sure that the Microsoft Exchange Transport service has access to the certificate key.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="MSExchangeTransport" />
    <EventID Qualifiers="49156">12014</EventID>
    <Level>2</Level>
    <Task>12</Task>
    <Keywords>0x80000000000000</Keywords>
    <TimeCreated SystemTime="2013-09-10T07:29:03.000Z" />
    <EventRecordID>10930798</EventRecordID>
    <Channel>Application</Channel>
    <Computer>MailSRV.intdomain.za</Computer>
    <Security />
  </System>
  <EventData>
    <Data>MailSRV.intdomain.za</Data>
    <Data>SharePoint 2010 Outgoing Mail</Data>
  </EventData>
</Event>

I have checked my security certificate and it is valid for another few years, this is a cert from DigiCert by the way, however the cert does not contain my internal domain name as Digicert mentioned that this is no longer allowed.

What am I missing?
LVL 1
DJMohrAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

N-WCommented:
You need to either modify the FQDN on the send connector if this connector sends externally or generate a new certificate for internal use.

This guide should help you out setting the external FQDN: http://www.petenetlive.com/KB/Article/0000174.htm

Make sure the FQDN you use on the send connector matches an FQDN present in the SSL certificate you already have.
0
DJMohrAuthor Commented:
The FQDN I have in the SSL cert is our external cname, will that cause problems?
0
MAS (MVE)EE Solution Guide - Technical Dept HeadCommented:
-->The FQDN I have in the SSL cert is our external cname, will that cause problems?
It will not cause problems

Do you have another certificate other than the service assigned certificate?

If yes Please check whether that is causing this issue.
0
Big Business Goals? Which KPIs Will Help You

The most successful MSPs rely on metrics – known as key performance indicators (KPIs) – for making informed decisions that help their businesses thrive, rather than just survive. This eBook provides an overview of the most important KPIs used by top MSPs.

DJMohrAuthor Commented:
Nope, only have the service assigned cert
0
MAS (MVE)EE Solution Guide - Technical Dept HeadCommented:
0
Sushil SonawaneCommented:
Create a certificate with the domain "MailSRV.intdomain.za" and assign the "SMTP" service to the certificate to resolve issue.

 or

As give the solution : N-W

You need to either modify the FQDN on the send connector if this connector sends externally or generate a new certificate for internal use.
0
DJMohrAuthor Commented:
I have changed the FQDN on the send connector, will monitor and report back.
0
DJMohrAuthor Commented:
The error persists.

I assume the next step is to create a self assigned cert?
0
MAS (MVE)EE Solution Guide - Technical Dept HeadCommented:
Did you restart transport service.
If not please try that first
0
DJMohrAuthor Commented:
@ abbasiftt

I disabled the TLS authentication from my receive connectors and it appears as if the problem is resolved, will monitor it and report back.
0
Md. MojahidCommented:
cause
 The Exchange server, may setup to use wrong certificate or doesn't setup to use certificate.
 
The certificate should reflect the external FQDN name of the server.

Solution
1. Open "Exchange Management Shell".
 
2. Write "get-ExchangeCertificate" and press on "Enter" button.
 
3. Write down the Thumbprint of the certificate that reflect the required FQDN name of the server.
 
4. Review the current certificate that use by the Exchange server andeach certificate function.
 
5. Write "Enable-ExchangeCertificate -Thumbprint 2afd26617915932ad096c48eb3b847fc7457662 -Services "SMTP"
 
       and press on 'Enter" button.(The value of -Thumbprint obtained in stage 3.)

6.Remove the old certificate

[PS] C:\Windows\System32>Remove-ExchangeCertificate -Thumbprint 2afd26617915932ad096c48eb3b847fc7457662

Just confirm Yes when prompted.

7. Restart the Exchange server.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
DJMohrAuthor Commented:
unchecking the TLS authentication did the trick, I am no longer receiving the error.
0
DJMohrAuthor Commented:
Thanks to all who helped.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Exchange

From novice to tech pro — start learning today.