Solved

MSExhangeTransport ERror 12014 on Exchange 2010

Posted on 2014-04-02
6
381 Views
Last Modified: 2014-04-23
I recently renewed our SSL cert for our Exchange Server 2010 and everything is working fine. However I have been receiving Error 21014 in the Event Viewer Application Log consistently. When I look up the error on Microsoft's website it shows how to fix this. See Microsofts Event Viewer Details below

Microsoft Exchange could not find a certificate that contains the domain name orsc-email2.orsurety.com in the personal store on the local computer. Therefore, it is unable to support the STARTTLS SMTP verb for the connector Outbound MXLOGIC Mail with a FQDN parameter of orsc-email2.orsurety.com. If the connector's FQDN is not specified, the computer's FQDN is used. Verify the connector configuration and the installed certificates to make sure that there is a certificate with a domain name for that FQDN. If this certificate exists, run Enable-ExchangeCertificate -Services SMTP to make sure that the Microsoft Exchange Transport service has access to the certificate key.

I verified that the services configured are assigned properly.

I'm not sure if I should run the "Enable-ExchangeCertificate - Services  b/c they are already added. Any help would be appreciated
0
Comment
Question by:donebert
  • 3
  • 2
6 Comments
 
LVL 63

Expert Comment

by:Simon Butler (Sembee)
ID: 39972744
Does the host name listed appear in your SSL certificate?
If not, have you changed your SEND Connector to match the name that does appear on the SSL certificate?

I see this all the time and the easiest fix is to run

new-exchangecertificate

(no switches or other options).
That will generate a new internal SSL certificate for just TLS/SMTP traffic. When you run that command you will get a prompt about replacing the default SMTP certificate. Accept that and then restart transport.

Simon.
0
 
LVL 25

Expert Comment

by:-MAS
ID: 39972748
Do you have self signed certificate?
If that is creating this error you can ignore easily
0
 
LVL 1

Author Comment

by:donebert
ID: 39972852
MAS - I do have a self signed ssl cert thru godaddy.

Simon - When you say host name your talking about the Exchange server name correct? Because on the cert shows 1 of our External DNS A records.
0
Windows Server 2016: All you need to know

Learn about Hyper-V features that increase functionality and usability of Microsoft Windows Server 2016. Also, throughout this eBook, you’ll find some basic PowerShell examples that will help you leverage the scripts in your environments!

 
LVL 1

Author Comment

by:donebert
ID: 39972859
When I goto the Personal Certificates It shows the godaddy as well as 2 others. The 2 others being the hostname of the server. When I view those certs it says This CA Root certificate is not trusted. install cert in truested root certification authorities store. Not sure if those need to be there
0
 
LVL 1

Author Comment

by:donebert
ID: 39972864
I look in the cert trusted root authority and I do not see my host name at all
0
 
LVL 63

Accepted Solution

by:
Simon Butler (Sembee) earned 500 total points
ID: 39973643
Host name being what you have on the certificate. It may or may not be the same name as your Exchange server - in most cases it is not.
If that is the case, then generate a new internal Exchange certificate, as per my response above - so you have two certificates being used.

Simon.
0

Featured Post

Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article lists the top 5 free OST to PST Converter Tools. These tools save a lot of time for users when they want to convert OST to PST after their exchange server is no longer available or some other critical issue with exchange server or impor…
Read this checklist to learn more about the 15 things you should never include in an email signature.
To add imagery to an HTML email signature, you have two options available to you. You can either add a logo/image by embedding it directly into the signature or hosting it externally and linking to it. The vast majority of email clients display l…
This video discusses moving either the default database or any database to a new volume.

786 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question