MS Exchange Issues

I have an MS Exchange 2010 server that is unable to send email outbound.  The email never makes it to the outbound spam-filter service as defined in the exchange server's hub transport send connector.

The exchange server has an error on it (among others) saying that:

"Microsoft Exchange could not find a certificate that contains the domain name in the personal store on the local computer. Therefore, it is unable to support the STARTTLS SMTP verb for the connector Send Connector with a FQDN parameter of If the connector's FQDN is not specified, the computer's FQDN is used. Verify the connector configuration and the installed certificates to make sure that there is a certificate with a domain name for that FQDN. If this certificate exists, run Enable-ExchangeCertificate -Services SMTP to make sure that the Microsoft Exchange Transport service has access to the certificate key."

So I tried to look up the certificate in the Exchange management Shell and I got this error:

"The term 'Get-ExchangeCertificate' is not recognized as the name of a cmdlet, function, script file, or operable program. "

I get this same error when I try to run any number of other cmdlets in the Exchange management Shell.

Per other knowledge base articles, I checked and confirmed that my user account is a Domain Admin, in the "Organization Management Group", and the "Server Management" group.

There is no option to "repair" an Ms Exchange installation like there is for office, and I'm so frustrated that I'm about an inch away from ditching Exchange and installing Hmail.  

Any suggestions?
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Jon DoeCommented:
Need to be added to the 'Exchange Organization administrators' group. Also, do you have a properly configured public SSL certificate installed ?
cef_soothsayerAuthor Commented:
Yes, the user is a member of the 'Exchange Organization administrators' group.  Yes, there was an SSL certificate (though self signed I think?).  This exchange server was working until a few weeks ago.  No-one noticed that outgoing email wasn't working for 4 weeks.  Past the retention period of the DR backups.  Inbound email works.

FYI - inbound and outbound email are both routed through 3rd party servers for spam filtering.  This exchange box is also the DC.
Kindly check the IIS what certificates are there and paste the screen shots.
Determine the Perfect Price for Your IT Services

Do you wonder if your IT business is truly profitable or if you should raise your prices? Learn how to calculate your overhead burden with our free interactive tool and use it to determine the right price for your IT services. Download your free eBook now!

cef_soothsayerAuthor Commented:
Ok, actually, there is no Exchange Organization administrators' group.  But the user is a member of all other groups with "exchange" in the name.

Can't paste screenshots.  Server wont do windows updates or connect to the internet right now.  Virus scans from several products show no threats.

Certificate named "Microsoft Exchange" is issued to "servername" by 'servername" and is valid until 2018.  This CA Root certificate is not trusted.  To Enable trust install this certificate in the trusted Root Certification Authorities store.  You have a private key that corresponds to this certificate.
Jon DoeCommented:
You need a public SSL certificate installed and services assigned to it, in particular SMTP. Self signed is local, you need a certificate from a public CA. Exchange and DC on same box is not recommended, you will experience issues.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
cef_soothsayerAuthor Commented:
The SSL certificate was self signed and working fince because there is a 3rd party filtering service in place inbound & outbound.  So the MX records, & sender IP addresses are not on my network anyway.

The problem was that the Exchange Installation is corrupted.  Various other anomalies also started to occur.  I was outside of my backup retention period, so I just migrated the email and killed the Exchange Server.
cef_soothsayerAuthor Commented:
No real solution.  Just nuking it from orbit and starting over a different way.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today

From novice to tech pro — start learning today.