STARTTLS SMTP certificate error

I'm finding this error throughout the Application Event Logs on my Exchange 2010, and hadn't seen it before.

Microsoft Exchange could not find a certificate that contains the domain name hqrelay.cafenet.com in the personal store on the local computer. Therefore, it is unable to support the STARTTLS SMTP verb for the connector hqrelay with a FQDN parameter of hqrelay.cafenet.com. If the connector's FQDN is not specified, the computer's FQDN is used. Verify the connector configuration and the installed certificates to make sure that there is a certificate with a domain name for that FQDN. If this certificate exists, run Enable-ExchangeCertificate -Services SMTP to make sure that the Microsoft Exchange Transport service has access to the certificate key.

This server is Exchange 2010, multi-role (Hub Transport, Client Access, Mailbox).

The hqrelay.cafenet.com it's referencing is a Receive Connector on the same server with specified IP addresses under the Network tab. Its Authentication has TLS checked and Externalyl Secured checked.
The Permission Groups: Anonymous users, Exchange users, Exchange servers, Legacy Exchange Servers.

I checked Server Configuration Exchange Certificates, and of the 4 I see there, I do not see an Exchange Certificate with the fqdn it's looking for per the event log.
There is one for the mail server (mail1.cafenet.com) but it has "None" for Services.

Is the best way to address this to create a new Exchange Certificate and specify that fqdn it's looking for in the cert subject?
garryshapeAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Will SzymkowskiSenior Solution ArchitectCommented:
You will need to add this FQDN to the UCC SAN cert for the main certificate. You can only have one default cert for SMTP service. Once you have done that your issue will be resolved.

Will.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
garryshapeAuthor Commented:
ty sir
0
garryshapeAuthor Commented:
Sorry which cert? Not the wildcard cert used for OWA/Autodiscover right? But the cert that is the name of the mail server?
This is a local receive connect relay for internal stuff so wouldn't want to affect external
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Exchange

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.