Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

MSExhangeTransport ERror 12014 on Exchange 2010

Posted on 2014-04-02
6
Medium Priority
?
397 Views
Last Modified: 2014-04-23
I recently renewed our SSL cert for our Exchange Server 2010 and everything is working fine. However I have been receiving Error 21014 in the Event Viewer Application Log consistently. When I look up the error on Microsoft's website it shows how to fix this. See Microsofts Event Viewer Details below

Microsoft Exchange could not find a certificate that contains the domain name orsc-email2.orsurety.com in the personal store on the local computer. Therefore, it is unable to support the STARTTLS SMTP verb for the connector Outbound MXLOGIC Mail with a FQDN parameter of orsc-email2.orsurety.com. If the connector's FQDN is not specified, the computer's FQDN is used. Verify the connector configuration and the installed certificates to make sure that there is a certificate with a domain name for that FQDN. If this certificate exists, run Enable-ExchangeCertificate -Services SMTP to make sure that the Microsoft Exchange Transport service has access to the certificate key.

I verified that the services configured are assigned properly.

I'm not sure if I should run the "Enable-ExchangeCertificate - Services  b/c they are already added. Any help would be appreciated
0
Comment
Question by:donebert
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
6 Comments
 
LVL 63

Expert Comment

by:Simon Butler (Sembee)
ID: 39972744
Does the host name listed appear in your SSL certificate?
If not, have you changed your SEND Connector to match the name that does appear on the SSL certificate?

I see this all the time and the easiest fix is to run

new-exchangecertificate

(no switches or other options).
That will generate a new internal SSL certificate for just TLS/SMTP traffic. When you run that command you will get a prompt about replacing the default SMTP certificate. Accept that and then restart transport.

Simon.
0
 
LVL 27

Expert Comment

by:MAS
ID: 39972748
Do you have self signed certificate?
If that is creating this error you can ignore easily
0
 
LVL 1

Author Comment

by:donebert
ID: 39972852
MAS - I do have a self signed ssl cert thru godaddy.

Simon - When you say host name your talking about the Exchange server name correct? Because on the cert shows 1 of our External DNS A records.
0
Does Your Cloud Backup Use Blockchain Technology?

Blockchain technology has already revolutionized finance thanks to Bitcoin. Now it's disrupting other areas, including the realm of data protection. Learn how blockchain is now being used to authenticate backup files and keep them safe from hackers.

 
LVL 1

Author Comment

by:donebert
ID: 39972859
When I goto the Personal Certificates It shows the godaddy as well as 2 others. The 2 others being the hostname of the server. When I view those certs it says This CA Root certificate is not trusted. install cert in truested root certification authorities store. Not sure if those need to be there
0
 
LVL 1

Author Comment

by:donebert
ID: 39972864
I look in the cert trusted root authority and I do not see my host name at all
0
 
LVL 63

Accepted Solution

by:
Simon Butler (Sembee) earned 1500 total points
ID: 39973643
Host name being what you have on the certificate. It may or may not be the same name as your Exchange server - in most cases it is not.
If that is the case, then generate a new internal Exchange certificate, as per my response above - so you have two certificates being used.

Simon.
0

Featured Post

Office 365 Training for Admins - 7 Day Trial

Learn how to provision tenants, synchronize on-premise Active Directory, implement Single Sign-On, customize Office deployment, and protect your organization with eDiscovery and DLP policies.  Only from Platform Scholar.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

For anyone that has accidentally used newSID with Server 2008 R2 (like I did) and hasn't been able to get the server running again because you were unlucky (as I was) and had no backups - I was able to get things working by doing a Registry Hive rec…
Check out this step-by-step guide for using the newly updated Experts Exchange mobile app—released on May 30.
This tutorial will walk an individual through the steps necessary to install and configure the Windows Server Backup Utility. Directly connect an external storage device such as a USB drive, or CD\DVD burner: If the device is a USB drive, ensure i…
This tutorial will walk an individual through setting the global and backup job media overwrite and protection periods in Backup Exec 2012. Log onto the Backup Exec Central Administration Server. Examine the services. If all or most of them are stop…

715 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question