Exchange 2010 Migration Event Viewer 12014

Hello, I am trying to help resolve an issue with client PCs received a certificate error in Outlook. Looking through event viewer this shows up.   This is a new migration from Exchange 2003 to Exchange 2010. The old Exchange server was the DC. The new Exchange 2010 server is on a brand new server Windows 2008 not a DC.

?Microsoft Exchange could not find a certificate that contains the domain name in the personal store on the local computer. Therefore, it is unable to support the STARTTLS SMTP verb for the connector Default HMISRV-MAIL01 with a FQDN parameter of If the connector's FQDN is not specified, the computer's FQDN is used. Verify the connector configuration and the installed certificates to make sure that there is a certificate with a domain name for that FQDN. If this certificate exists, run Enable-ExchangeCertificate -Services SMTP to make sure that the Microsoft Exchange Transport service has access to the certificate key.

Here are a couple of things I have tried so far.

This website listed above explains to check the FQDN. On the send connector on the new box, it is grayed out, you can not change it.

Next I checked the CerficateDomain and it shows something I have not seen before. It is pointing to WWW.MAIL.DOMAINNAME.COM.

Upon researching this issue, I tried to ro do the certificate and nothing changes. Same link to WWW.MAIL.DOMAINNAME.COM

[PS] C:\Windows\system32>Get-ExchangeCertificate | fl CertificateDomain

CertificateDomains : {,}

CertificateDomains : {,}

Also, the certificate error on the client side in Outlook refers back to DNS address

Thank you in advance.
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Simon Butler (Sembee)ConsultantCommented:
If the FQDN is greyed out, then you aren't looking at an Exchange 2010 Send Connector, you are looking at a legacy connector, probably from Exchange 2003. Create a new Send Connector and then delete the legacy one.

Do you have a trusted SSL certificate? I have seen certificates from GoDaddy and their resellers put www in front of the host name that was entered in the past, so it doesn't mean it is wrong.

It could be the certificate was setup incorrectly and the host names haven't been done in Exchange either.

Sort out what host names you want to use, then get a trusted SSL certificate.
Usually it would be

Nothing else. Configure internal DNS and external DNS so those resolve and reconfigure Exchange. The FQDN on the Receive Connector should be left as is - just run new-exchangecertificate to create a certificate for its use, use the trusted certificate for everything else.

mirifexmsoAuthor Commented:

I was able to call GoDaddy and found out that you can not use standard SSL certificates. They setup me up with a UCC SSL and it worked correctly. No certificate pop ups on client Outlook now. Thank you.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
mirifexmsoAuthor Commented:
Exchange 2010 Requires UCC SSL certificate.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today

From novice to tech pro — start learning today.