I'm finding this error throughout the Application Event Logs on my Exchange 2010, and hadn't seen it before.
Microsoft Exchange could not find a certificate that contains the domain name hqrelay.cafenet.com in the personal store on the local computer. Therefore, it is unable to support the STARTTLS SMTP verb for the connector hqrelay with a FQDN parameter of hqrelay.cafenet.com. If the connector's FQDN is not specified, the computer's FQDN is used. Verify the connector configuration and the installed certificates to make sure that there is a certificate with a domain name for that FQDN. If this certificate exists, run Enable-ExchangeCertificate -Services SMTP to make sure that the Microsoft Exchange Transport service has access to the certificate key.
This server is Exchange 2010, multi-role (Hub Transport, Client Access, Mailbox).
The hqrelay.cafenet.com it's referencing is a Receive Connector on the same server with specified IP addresses under the Network tab. Its Authentication has TLS checked and Externalyl Secured checked.
The Permission Groups: Anonymous users, Exchange users, Exchange servers, Legacy Exchange Servers.
I checked Server Configuration Exchange Certificates, and of the 4 I see there, I do not see an Exchange Certificate with the fqdn it's looking for per the event log.
There is one for the mail server (mail1.cafenet.com) but it has "None" for Services.
Is the best way to address this to create a new Exchange Certificate and specify that fqdn it's looking for in the cert subject?