• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 8652
  • Last Modified:

Exchange Transport certificate expired.

Hi Experts,

We receive an Application log error each 15 minutes. Event ID 12015 source MSExchangeTransport on a SBS 2011 server.

An internal transport certificate expired. Thumbprint:0510983***********************254436C

 System

  - Provider

   [ Name]  MSExchangeTransport
 
  - EventID 12015

   [ Qualifiers]  49156
 
   Level 2
 
   Task 12
 
   Keywords 0x80000000000000
 
  - TimeCreated

   [ SystemTime]  2014-02-11T15:46:24.000000000Z
 
   EventRecordID 485224
 
   Channel Application
 
   Computer SERVER.domain.local
 
   Security
 

- EventData

   0510983************************254436C

When I launch the Get-ExchangeCertificate | List I receive it:

AccessRules        :
CertificateDomains : {remote.domain.com, www.remote.domain.com, autodiscover.dmn.local, autodiscover.domain.com, server01.dmn.local, web.domain.com}
HasPrivateKey      : True
IsSelfSigned       : False
Issuer             : SERIALNUMBER=07969287, CN=Go Daddy Secure Certification Authority, OU=http://certificates.godaddy.
                     com/repository, O="GoDaddy.com, Inc.", L=Scottsdale, S=Arizona, C=US
NotAfter           : 12/17/2013 4:28:26 PM
NotBefore          : 12/17/2012 4:28:26 PM
PublicKeySize      : 2048
RootCAType         : ThirdParty
SerialNumber       : 2B48FA9D210A9F
Services           : IMAP, POP, SMTP
Status             : DateInvalid
Subject            : CN=remote.domain.com, OU=Domain Control Validated, O=remote.domain.com
Thumbprint         : 0510983**************************254436C

This is the previous GoDaddy certificate, why does Exchange still use it while the new is apparently working for OWA for example ?

When we go on the OWA, the new certificate is working fine and is valid until end of 2014, when we type https://mail.domain.com/OWA (which is part of the certificate with remote.domain.com, server.domain.local and web.domain.local) from the internet.
Remote.domain.com is configured for ActiveSync and OWA in Exchange but the Host A DNS entry does not exit on the internet, we have to create it but we can't reach the domain host......  
OWA works fine from intranet for remote.domain.com of course.

How can I revoke this old certificate without arm anything in Exchange or SBS 2011 ?


Thank you in advance for your help, best regards,
0
jet-info
Asked:
jet-info
2 Solutions
 
suriyaehnopCommented:
Do you import the new certificate to exchange and enable services? It seem to me that new certificate is not install on your exchange server. If it is install, get-exchangecertificate will produced with latest certifcate info

http://support.godaddy.com/help/article/4877/installing-an-ssl-certificate-in-microsoft-exchange-server-2007

http://support.godaddy.com/help/article/5863/installing-an-ssl-certificate-in-microsoft-exchange-server-2010
0
 
Will SzymkowskiSenior Solution ArchitectCommented:
Do the following...
- Open Powershell (ESM)
- Run get-exchagnecertificate (verify that your new certificate exists and as stated services are enabled, this also need)
- if the services are not enabled you need to run the below command....
Enable-ExchangeCertificate -Server "exchangeserver" -Services 'IMAP, POP, IIS, SMTP' -Thumbprint 'EDF57B5F9D81F1EC329BFB77ADD4465B426A40FB'

Open in new window

- If the appropriate services have been assigned then look for your old cert and do the following...
Remove-ExchangeCertificate -ThumbPrint "old-thumbprint-here"

Open in new window


Will.
0
 
Simon Butler (Sembee)ConsultantCommented:
The best option here is to run new-exchangecertificate in EMS, with no other credentials. This will become the transport certificate and contain the internal name that Exchange requires. You can then delete the old certificate as per the instructions above.

Running the fix my network wizard should also resolve the issue in the same way.

Simon.
0
Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

 
Md. MojahidCommented:
This error will occur when the FQDN you have entered in the send or receive connector doesn’t match with the FQDN names used at your exchange certificates.

you can change the FQDN at the connector to a name available on you certificate or install a new certificate with the right FQDN name.
It can also be that the SMTP service is not bind to the right certificate, in this case you can bind the SMTP service to the certificate using this FQDN.

- See more at:
http://blog.ronnypot.nl/?p=271#sthash.AmlI4F71.dpuf


http://www.expta.com/2010/09/how-to-fix-msexchangetransport-event-id.html
0
 
jet-infoAuthor Commented:
The send and receive connectors have both an included certificate name (mail.domain.com).
I would try to launch the SBS Wizards when we get the remote.domain.com DNS host A record because this address is set in Exchange for Activesync and OWA. I'll change the connectors FQDN in the same time (remote.domain.com), what do you think ?
I'm currently fighting with the customer's ISP for the host A record...

PS : There is a receive and a send connector for Project Server, the local server FQDN is set in these ones which is included in the SSL certificate, could the error be coming from that connectors ?

Thanks !
0
 
jet-infoAuthor Commented:
I test it ASAP
0
 
jet-infoAuthor Commented:
The Will's solution worked for me. I have not been brave enough to test the Simon's one because a message told me that is create a new certificate with a different thumbprint from the GoDaddy one. I am sorry,  I am sure that it works fine since Simon proposed it.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Protect Your Employees from Wi-Fi Threats

As Wi-Fi growth and popularity continues to climb, not everyone understands the risks that come with connecting to public Wi-Fi or even offering Wi-Fi to employees, visitors and guests. Download the resource kit to make sure your safe wherever business takes you!

Tackle projects and never again get stuck behind a technical roadblock.
Join Now