Exchange 2010 Migration Event Viewer 12014

Posted on 2013-09-20
Medium Priority
Last Modified: 2013-09-25
Hello, I am trying to help resolve an issue with client PCs received a certificate error in Outlook. Looking through event viewer this shows up.   This is a new migration from Exchange 2003 to Exchange 2010. The old Exchange server was the DC. The new Exchange 2010 server is on a brand new server Windows 2008 not a DC.

?Microsoft Exchange could not find a certificate that contains the domain name HMISRV-MAIL01.corp.DOMAINNAME.com in the personal store on the local computer. Therefore, it is unable to support the STARTTLS SMTP verb for the connector Default HMISRV-MAIL01 with a FQDN parameter of HMISRV-MAIL01.corp.DOMAINNAME.com. If the connector's FQDN is not specified, the computer's FQDN is used. Verify the connector configuration and the installed certificates to make sure that there is a certificate with a domain name for that FQDN. If this certificate exists, run Enable-ExchangeCertificate -Services SMTP to make sure that the Microsoft Exchange Transport service has access to the certificate key.

Here are a couple of things I have tried so far.


This website listed above explains to check the FQDN. On the send connector on the new box, it is grayed out, you can not change it.

Next I checked the CerficateDomain and it shows something I have not seen before. It is pointing to WWW.MAIL.DOMAINNAME.COM.

Upon researching this issue, I tried to ro do the certificate and nothing changes. Same link to WWW.MAIL.DOMAINNAME.COM

[PS] C:\Windows\system32>Get-ExchangeCertificate | fl CertificateDomain

CertificateDomains : {mail.DOMAINNAME.com, www.mail.DOMAINNAME.com}

CertificateDomains : {mail.DOMAINNAME.com, www.mail.DOMAINNAME.com}

Also, the certificate error on the client side in Outlook refers back to DNS address www.mail.DOMAINNAME.com

Thank you in advance.
Question by:mirifexmso
  • 2
LVL 63

Expert Comment

by:Simon Butler (Sembee)
ID: 39510402
If the FQDN is greyed out, then you aren't looking at an Exchange 2010 Send Connector, you are looking at a legacy connector, probably from Exchange 2003. Create a new Send Connector and then delete the legacy one.

Do you have a trusted SSL certificate? I have seen certificates from GoDaddy and their resellers put www in front of the host name that was entered in the past, so it doesn't mean it is wrong.

It could be the certificate was setup incorrectly and the host names haven't been done in Exchange either.

Sort out what host names you want to use, then get a trusted SSL certificate.
Usually it would be


Nothing else. Configure internal DNS and external DNS so those resolve and reconfigure Exchange. The FQDN on the Receive Connector should be left as is - just run new-exchangecertificate to create a certificate for its use, use the trusted certificate for everything else.


Accepted Solution

mirifexmso earned 0 total points
ID: 39510425

I was able to call GoDaddy and found out that you can not use standard SSL certificates. They setup me up with a UCC SSL and it worked correctly. No certificate pop ups on client Outlook now. Thank you.

Author Closing Comment

ID: 39520493
Exchange 2010 Requires UCC SSL certificate.

Featured Post

Simplify Active Directory Administration

Administration of Active Directory does not have to be hard.  Too often what should be a simple task is made more difficult than it needs to be.The solution?  Hyena from SystemTools Software.  With ease-of-use as well as powerful importing and bulk updating capabilities.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Here is a method which can be used to help resolve a "Content Index Failed" error on a Microsoft Exchange Server.
There’s hardly a doubt that Business Communication is indispensable for both enterprises and small businesses, and if there is an email system outage owing to Exchange server failure, it definitely results in loss of productivity.
This video shows how to quickly and easily deploy an email signature for all users in Office 365 and prevent it from being added to replies and forwards. (the resulting signature is applied on the server level in Exchange Online) The email signat…
This video shows how to quickly and easily add an email signature for all users on Exchange 2016. The resulting signature is applied on a server level by Exchange Online. The email signature template has been downloaded from: www.mail-signatures…

587 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question