[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 224
  • Last Modified:

Certificate in Exchange 2010 on SBS2011

Hello,

I have started to get the below error a few days ago.  I'm not shy, but I'm guessing something in a patch.

12014 MSEXCHANGE transport

Microsoft Exchange could not find a certificate that contains the domain name antispamsrv.widgets.com in the personal store on the local computer. Therefore, it is unable to support the STARTTLS SMTP verb for the connector default smtp with a FQDN parameter of antispamsrv.widgets.com. If the connector's FQDN is not specified, the computer's FQDN is used. Verify the connector configuration and the installed certificates to make sure that there is a certificate with a domain name for that FQDN. If this certificate exists, run Enable-ExchangeCertificate -Services SMTP to make sure that the Microsoft Exchange Transport service has access to the certificate key.


Our layout is that we have an antispam server in front of the SBS server and exchange.

Currently the mx record points to that, I'm calling it antispamsrv.widgets.com.  So there is in fact no cert with that name on it.  

Can I do a self signed cert or do i need to get a commercial one?  Do I just get one with the antispamsrv.widgets.com name in it?

Thanks.
0
mcioffi209
Asked:
mcioffi209
  • 3
  • 2
1 Solution
 
becraigCommented:
You create a self-signed cert and run the Enable-ExchangeCertificate -Services SMTP for that cert.
0
 
becraigCommented:
Here are the steps on creating the new self signed cert

New-ExchangeCertificate -GenerateRequest -SubjectName "c=US, o=Woodgrove Bank, cn=mail1.woodgrovebank.com" -DomainName woodgrovebank.com, example.com -PrivateKeyExportable $true

Change the values to suit your scenario
http://technet.microsoft.com/en-us/library/aa998327%28v=exchg.150%29.aspx
0
 
Simon Butler (Sembee)ConsultantCommented:
Have you set the FQDN in Exchange anywhere to match that host name? The fact that you have a filtering appliance in front shouldn't affect SBS in anyway.

What that would mean is there would be three host names involved:

antispamsrv.widgets.com
remote.widgets.com
autodiscover.widgets.com

As for certificate choice - ideally you should have a trusted certificate in place for the web services on Exchange and SBS.
http://semb.ee/sbs2011ssl

Simon.
0
Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

 
becraigCommented:
I would suggest verifying the values before making any changes.


Get-ExchangeCertificate | FL *

Get-ReceiveConnector | FL name, fqdn, objectClass

Get-SendConnector | FL name, fqdn, objectClass
0
 
mcioffi209Author Commented:
Thanks for the suggestions.  I will look at this more tonight and get back to this.
0
 
mcioffi209Author Commented:
Thanks this helped a lot.
0

Featured Post

Transaction-level recovery for Oracle database

Veeam Explore for Oracle delivers low RTOs and RPOs with agentless transaction log backup and transaction-level recovery of Oracle databases. You can restore the database to a precise point in time, even to a specific transaction.

  • 3
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now