Go Premium for a chance to win a PS4. Enter to Win

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 432
  • Last Modified:

Exchange 2013 certificate errors

We are in the middle of a migration from exchange 2007 over to 2013.  We still have our legacy server in place, but all of the mailboxes have been migrated over.  Also OWA, ECP, are now running from the 2013 server.  

We have a single name certificate for mail.mycompany.com.  I believe that I have it assigned to the IMAP, SMTP, POP3, and IIS.  I did this using the ecp.  

When I go to the Event Viewer i'm receiving Error ID 12014:

Microsoft Exchange could not find a certificate that contains the domain name EX1.mycompany.com in the personal store on the local computer. Therefore, it is unable to support the STARTTLS SMTP verb for the connector Default Frontend EX1 with a FQDN parameter of EX1.mycompany.com. If the connector's FQDN is not specified, the computer's FQDN is used. Verify the connector configuration and the installed certificates to make sure that there is a certificate with a domain name for that FQDN. If this certificate exists, run Enable-ExchangeCertificate -Services SMTP to make sure that the Microsoft Exchange Transport service has access to the certificate key.

We still some old receive connectors from the server that we want to decommission I was wondering if I should delete those now that the new server is up and running?  I am a little confused as to the way they should be set up.  It created several connecters during the installation.  More then we had with the exchange 2007 server.  

We have a single exchange 2013 internet facing server with both client access and mailbox roles.  Any help would be appreciated.  I'm really unsure where to start.
0
Ninja03
Asked:
Ninja03
  • 2
  • 2
1 Solution
 
MaheshArchitectCommented:
This Warning event indicates that there is a problem loading a certificate to be used for STARTTLS purposes. Generally, this problem occurs if one or both of the following conditions is true:
The fully qualified domain name (FQDN) that is specified in the Warning event has been defined on a Receive connector or Send connector on a Microsoft Exchange transport server, and no certificate is installed on the same computer that contains the FQDN in the Subject or Subject Alternative Name fields.
A third-party or custom certificate has been installed on the server and it contains a matching FQDN. However, the certificate is not enabled for the SMTP service.
Transport Layer Security (TLS) functionality requires that a valid certificate is installed in the computer's personal certificate store.

You can take action mentioned in below article
http://www.microsoft.com/technet/support/ee/transform.aspx?ProdName=Exchange&ProdVer=8.0&EvtID=12014&EvtSrc=MSExchangeTransport

http://www.petenetlive.com/KB/Article/0000174.htm

You can disable unnecessary receive connectors on Exchange 2007

Mahesh
0
 
Ninja03Author Commented:
I've disabled the send connectors on the 2007 machine.  Following the article that you posted I've set the "Client Frontend servername" connector to the FQDN of "mail.mycompany.com"

However, when I try and set the other receive connectors to the FQDN "mail.mycompany.com" i get the following error:

If the AuthMechanism attribute on a Receive connector contains the value ExchangeServer, you must set the FQDN parameter on the Receive connector to one of the following values: the FQDN of the transport server "servername.mycompany.com", the NetBIOS name of the transport server "Servername", or $null.
0
 
MaheshArchitectCommented:
You are getting error while renaming FQDN on default receive connector ?
Normally its not good practise to rename FQDN of default receive connector if you have multiple transport servers as it affects the internal mail routing.
In your case you have only one exchange 2013 server.
Try below
You could request new certificate from internal CA server with the hostname (FQDN) mentioned in error as certificate common name and assign it to SMTP service

This should hopefully resolve your problem

Mahesh
0
 
Ninja03Author Commented:
I will give this a try today.  Thank you
0

Featured Post

Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

  • 2
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now