We help IT Professionals succeed at work.

Certificate in Exchange 2010 on SBS2011

Matthew Cioffi
on
239 Views
Last Modified: 2014-08-20
Hello,

I have started to get the below error a few days ago.  I'm not shy, but I'm guessing something in a patch.

12014 MSEXCHANGE transport

Microsoft Exchange could not find a certificate that contains the domain name antispamsrv.widgets.com in the personal store on the local computer. Therefore, it is unable to support the STARTTLS SMTP verb for the connector default smtp with a FQDN parameter of antispamsrv.widgets.com. If the connector's FQDN is not specified, the computer's FQDN is used. Verify the connector configuration and the installed certificates to make sure that there is a certificate with a domain name for that FQDN. If this certificate exists, run Enable-ExchangeCertificate -Services SMTP to make sure that the Microsoft Exchange Transport service has access to the certificate key.


Our layout is that we have an antispam server in front of the SBS server and exchange.

Currently the mx record points to that, I'm calling it antispamsrv.widgets.com.  So there is in fact no cert with that name on it.  

Can I do a self signed cert or do i need to get a commercial one?  Do I just get one with the antispamsrv.widgets.com name in it?

Thanks.
Comment
Watch Question

CERTIFIED EXPERT

Commented:
You create a self-signed cert and run the Enable-ExchangeCertificate -Services SMTP for that cert.
CERTIFIED EXPERT
Commented:
This one is on us!
(Get your first solution completely free - no credit card required)
UNLOCK SOLUTION
CERTIFIED EXPERT
Most Valuable Expert 2014

Commented:
Have you set the FQDN in Exchange anywhere to match that host name? The fact that you have a filtering appliance in front shouldn't affect SBS in anyway.

What that would mean is there would be three host names involved:

antispamsrv.widgets.com
remote.widgets.com
autodiscover.widgets.com

As for certificate choice - ideally you should have a trusted certificate in place for the web services on Exchange and SBS.
http://semb.ee/sbs2011ssl

Simon.
CERTIFIED EXPERT

Commented:
I would suggest verifying the values before making any changes.


Get-ExchangeCertificate | FL *

Get-ReceiveConnector | FL name, fqdn, objectClass

Get-SendConnector | FL name, fqdn, objectClass
Matthew CioffiSenior DBA

Author

Commented:
Thanks for the suggestions.  I will look at this more tonight and get back to this.
Matthew CioffiSenior DBA

Author

Commented:
Thanks this helped a lot.

Gain unlimited access to on-demand training courses with an Experts Exchange subscription.

Get Access
Why Experts Exchange?

Experts Exchange always has the answer, or at the least points me in the correct direction! It is like having another employee that is extremely experienced.

Jim Murphy
Programmer at Smart IT Solutions

When asked, what has been your best career decision?

Deciding to stick with EE.

Mohamed Asif
Technical Department Head

Being involved with EE helped me to grow personally and professionally.

Carl Webster
CTP, Sr Infrastructure Consultant
Empower Your Career
Did You Know?

We've partnered with two important charities to provide clean water and computer science education to those who need it most. READ MORE

Ask ANY Question

Connect with Certified Experts to gain insight and support on specific technology challenges including:

  • Troubleshooting
  • Research
  • Professional Opinions
Unlock the solution to this question.
Join our community and discover your potential

Experts Exchange is the only place where you can interact directly with leading experts in the technology field. Become a member today and access the collective knowledge of thousands of technology experts.

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

OR

Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.