Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Exchange 2013 certificate errors

Posted on 2013-12-19
4
Medium Priority
?
427 Views
Last Modified: 2014-02-20
We are in the middle of a migration from exchange 2007 over to 2013.  We still have our legacy server in place, but all of the mailboxes have been migrated over.  Also OWA, ECP, are now running from the 2013 server.  

We have a single name certificate for mail.mycompany.com.  I believe that I have it assigned to the IMAP, SMTP, POP3, and IIS.  I did this using the ecp.  

When I go to the Event Viewer i'm receiving Error ID 12014:

Microsoft Exchange could not find a certificate that contains the domain name EX1.mycompany.com in the personal store on the local computer. Therefore, it is unable to support the STARTTLS SMTP verb for the connector Default Frontend EX1 with a FQDN parameter of EX1.mycompany.com. If the connector's FQDN is not specified, the computer's FQDN is used. Verify the connector configuration and the installed certificates to make sure that there is a certificate with a domain name for that FQDN. If this certificate exists, run Enable-ExchangeCertificate -Services SMTP to make sure that the Microsoft Exchange Transport service has access to the certificate key.

We still some old receive connectors from the server that we want to decommission I was wondering if I should delete those now that the new server is up and running?  I am a little confused as to the way they should be set up.  It created several connecters during the installation.  More then we had with the exchange 2007 server.  

We have a single exchange 2013 internet facing server with both client access and mailbox roles.  Any help would be appreciated.  I'm really unsure where to start.
0
Comment
Question by:Ninja03
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
4 Comments
 
LVL 37

Expert Comment

by:Mahesh
ID: 39731234
This Warning event indicates that there is a problem loading a certificate to be used for STARTTLS purposes. Generally, this problem occurs if one or both of the following conditions is true:
The fully qualified domain name (FQDN) that is specified in the Warning event has been defined on a Receive connector or Send connector on a Microsoft Exchange transport server, and no certificate is installed on the same computer that contains the FQDN in the Subject or Subject Alternative Name fields.
A third-party or custom certificate has been installed on the server and it contains a matching FQDN. However, the certificate is not enabled for the SMTP service.
Transport Layer Security (TLS) functionality requires that a valid certificate is installed in the computer's personal certificate store.

You can take action mentioned in below article
http://www.microsoft.com/technet/support/ee/transform.aspx?ProdName=Exchange&ProdVer=8.0&EvtID=12014&EvtSrc=MSExchangeTransport

http://www.petenetlive.com/KB/Article/0000174.htm

You can disable unnecessary receive connectors on Exchange 2007

Mahesh
0
 

Author Comment

by:Ninja03
ID: 39732020
I've disabled the send connectors on the 2007 machine.  Following the article that you posted I've set the "Client Frontend servername" connector to the FQDN of "mail.mycompany.com"

However, when I try and set the other receive connectors to the FQDN "mail.mycompany.com" i get the following error:

If the AuthMechanism attribute on a Receive connector contains the value ExchangeServer, you must set the FQDN parameter on the Receive connector to one of the following values: the FQDN of the transport server "servername.mycompany.com", the NetBIOS name of the transport server "Servername", or $null.
0
 
LVL 37

Accepted Solution

by:
Mahesh earned 2000 total points
ID: 39734974
You are getting error while renaming FQDN on default receive connector ?
Normally its not good practise to rename FQDN of default receive connector if you have multiple transport servers as it affects the internal mail routing.
In your case you have only one exchange 2013 server.
Try below
You could request new certificate from internal CA server with the hostname (FQDN) mentioned in error as certificate common name and assign it to SMTP service

This should hopefully resolve your problem

Mahesh
0
 

Author Comment

by:Ninja03
ID: 39752199
I will give this a try today.  Thank you
0

Featured Post

Comprehensive Backup Solutions for Microsoft

Acronis protects the complete Microsoft technology stack: Windows Server, Windows PC, laptop and Surface data; Microsoft business applications; Microsoft Hyper-V; Azure VMs; Microsoft Windows Server 2016; Microsoft Exchange 2016 and SQL Server 2016.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A high-level exploration of how our ever-increasing access to information has changed the way we do our jobs.
Explore the encryption capabilities built into Google Apps and how these features can help you meet privacy policy and regulatory compliance, but are not a full solution. Understand and compare the most popular email encryption services for Google A…
Michael from AdRem Software outlines event notifications and Automatic Corrective Actions in network monitoring. Automatic Corrective Actions are scripts, which can automatically run upon discovery of a certain undesirable condition in your network.…
In this video, Percona Solutions Engineer Barrett Chambers discusses some of the basic syntax differences between MySQL and MongoDB. To learn more check out our webinar on MongoDB administration for MySQL DBA: https://www.percona.com/resources/we…

715 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question