Solved

MSExhangeTransport ERror 12014 on Exchange 2010

Posted on 2014-04-02
6
374 Views
Last Modified: 2014-04-23
I recently renewed our SSL cert for our Exchange Server 2010 and everything is working fine. However I have been receiving Error 21014 in the Event Viewer Application Log consistently. When I look up the error on Microsoft's website it shows how to fix this. See Microsofts Event Viewer Details below

Microsoft Exchange could not find a certificate that contains the domain name orsc-email2.orsurety.com in the personal store on the local computer. Therefore, it is unable to support the STARTTLS SMTP verb for the connector Outbound MXLOGIC Mail with a FQDN parameter of orsc-email2.orsurety.com. If the connector's FQDN is not specified, the computer's FQDN is used. Verify the connector configuration and the installed certificates to make sure that there is a certificate with a domain name for that FQDN. If this certificate exists, run Enable-ExchangeCertificate -Services SMTP to make sure that the Microsoft Exchange Transport service has access to the certificate key.

I verified that the services configured are assigned properly.

I'm not sure if I should run the "Enable-ExchangeCertificate - Services  b/c they are already added. Any help would be appreciated
0
Comment
Question by:donebert
  • 3
  • 2
6 Comments
 
LVL 63

Expert Comment

by:Simon Butler (Sembee)
ID: 39972744
Does the host name listed appear in your SSL certificate?
If not, have you changed your SEND Connector to match the name that does appear on the SSL certificate?

I see this all the time and the easiest fix is to run

new-exchangecertificate

(no switches or other options).
That will generate a new internal SSL certificate for just TLS/SMTP traffic. When you run that command you will get a prompt about replacing the default SMTP certificate. Accept that and then restart transport.

Simon.
0
 
LVL 24

Expert Comment

by:-MAS
ID: 39972748
Do you have self signed certificate?
If that is creating this error you can ignore easily
0
 
LVL 1

Author Comment

by:donebert
ID: 39972852
MAS - I do have a self signed ssl cert thru godaddy.

Simon - When you say host name your talking about the Exchange server name correct? Because on the cert shows 1 of our External DNS A records.
0
Complete VMware vSphere® ESX(i) & Hyper-V Backup

Capture your entire system, including the host, with patented disk imaging integrated with VMware VADP / Microsoft VSS and RCT. RTOs is as low as 15 seconds with Acronis Active Restore™. You can enjoy unlimited P2V/V2V migrations from any source (even from a different hypervisor)

 
LVL 1

Author Comment

by:donebert
ID: 39972859
When I goto the Personal Certificates It shows the godaddy as well as 2 others. The 2 others being the hostname of the server. When I view those certs it says This CA Root certificate is not trusted. install cert in truested root certification authorities store. Not sure if those need to be there
0
 
LVL 1

Author Comment

by:donebert
ID: 39972864
I look in the cert trusted root authority and I do not see my host name at all
0
 
LVL 63

Accepted Solution

by:
Simon Butler (Sembee) earned 500 total points
ID: 39973643
Host name being what you have on the certificate. It may or may not be the same name as your Exchange server - in most cases it is not.
If that is the case, then generate a new internal Exchange certificate, as per my response above - so you have two certificates being used.

Simon.
0

Featured Post

Control application downtime with dependency maps

Visualize the interdependencies between application components better with Applications Manager's automated application discovery and dependency mapping feature. Resolve performance issues faster by quickly isolating problematic components.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article explains in simple steps how to renew expiring Exchange Server Internal Transport Certificate.
This article lists the top 5 free OST to PST Converter Tools. These tools save a lot of time for users when they want to convert OST to PST after their exchange server is no longer available or some other critical issue with exchange server or impor…
This tutorial will show how to configure a single USB drive with a separate folder for each day of the week. This will allow each of the backups to be kept separate preventing the previous day’s backup from being overwritten. The USB drive must be s…
The basic steps you have just learned will be implemented in this video. The basic steps are shown to configure an Exchange DAG in a live working Exchange Server Environment and manage the same (Exchange Server 2010 Software is used in a Windows Ser…

930 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

15 Experts available now in Live!

Get 1:1 Help Now