donebert
asked on
MSExhangeTransport ERror 12014 on Exchange 2010
I recently renewed our SSL cert for our Exchange Server 2010 and everything is working fine. However I have been receiving Error 21014 in the Event Viewer Application Log consistently. When I look up the error on Microsoft's website it shows how to fix this. See Microsofts Event Viewer Details below
Microsoft Exchange could not find a certificate that contains the domain name orsc-email2.orsurety.com in the personal store on the local computer. Therefore, it is unable to support the STARTTLS SMTP verb for the connector Outbound MXLOGIC Mail with a FQDN parameter of orsc-email2.orsurety.com. If the connector's FQDN is not specified, the computer's FQDN is used. Verify the connector configuration and the installed certificates to make sure that there is a certificate with a domain name for that FQDN. If this certificate exists, run Enable-ExchangeCertificate -Services SMTP to make sure that the Microsoft Exchange Transport service has access to the certificate key.
I verified that the services configured are assigned properly.
I'm not sure if I should run the "Enable-ExchangeCertificat e - Services b/c they are already added. Any help would be appreciated
Microsoft Exchange could not find a certificate that contains the domain name orsc-email2.orsurety.com in the personal store on the local computer. Therefore, it is unable to support the STARTTLS SMTP verb for the connector Outbound MXLOGIC Mail with a FQDN parameter of orsc-email2.orsurety.com. If the connector's FQDN is not specified, the computer's FQDN is used. Verify the connector configuration and the installed certificates to make sure that there is a certificate with a domain name for that FQDN. If this certificate exists, run Enable-ExchangeCertificate
I verified that the services configured are assigned properly.
I'm not sure if I should run the "Enable-ExchangeCertificat
Do you have self signed certificate?
If that is creating this error you can ignore easily
If that is creating this error you can ignore easily
ASKER
MAS - I do have a self signed ssl cert thru godaddy.
Simon - When you say host name your talking about the Exchange server name correct? Because on the cert shows 1 of our External DNS A records.
Simon - When you say host name your talking about the Exchange server name correct? Because on the cert shows 1 of our External DNS A records.
ASKER
When I goto the Personal Certificates It shows the godaddy as well as 2 others. The 2 others being the hostname of the server. When I view those certs it says This CA Root certificate is not trusted. install cert in truested root certification authorities store. Not sure if those need to be there
ASKER
I look in the cert trusted root authority and I do not see my host name at all
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
If not, have you changed your SEND Connector to match the name that does appear on the SSL certificate?
I see this all the time and the easiest fix is to run
new-exchangecertificate
(no switches or other options).
That will generate a new internal SSL certificate for just TLS/SMTP traffic. When you run that command you will get a prompt about replacing the default SMTP certificate. Accept that and then restart transport.
Simon.