Solved

Exchange Certificate issue

Posted on 2016-10-04
5
36 Views
Last Modified: 2016-10-31
We are running SBS2008 with server1.companyname.local domain name.  We are using GoDaddy SSL security certificate that covers the names: server1.companyname.local, remote.companyname.com, autodiscover.companyname.com.  Since GoDaddy SSL certificate did not support .local domain anymore.  I got Event ID 12014 error on the server related to "Microsoft Exchange could not find a certificate that contains the domain name server1.companyname.local in the personal store of the local computer."  So far internal and external users have no problems sending and receiving emails.
 
I tried to fix the Event ID 12014 using Exchange Management Shell by typing "Enable-ExchangeCertificate -Thumbprint xx...xx -Services "SMTP" where xx...xx is the current thumbprint shown linked to the name server1.companyname.local.  After typing this command, it asks if I want to overwrite the existing SMTP service xx...xx Thumbprint issued by GoDaddy.

My questions are:
1. Can I ignore the Event ID 12014?
2. If I overwrite the existing SMTP GoDaddy Thumbprint, will it affect the external users with mobile devices such as iPhone connected to the SBS2008? My local users' outlook is connected to server1.companyname.local.
Thank you.
0
Comment
Question by:Patrick2727
5 Comments
 
LVL 14

Expert Comment

by:Todd Nelson
ID: 41828397
It will be best to request a new certificate (if you haven't already) that does not include any internal server names (like server1.companyname.local).

Based on what you stated you only need to renew with remote.companyname.com and autodiscover.companyname.com.

Therefore all of your URLs (internal and external) should be configured with remote.companyname.com with the exception of the AutoDiscoverServiceInternalUri for the client access server that should be set to autodiscover.companyname.com.

Take a look at Paul Cunningham's article and script to update those URLs...


To answer your questions... You should be able to address the event ID with the info above; and When a cert is updated on the Exchange server, there should be no adverse affects on the users accessibility or experience.
0
 
LVL 24

Expert Comment

by:-MAS
ID: 41828489
My questions are:
1. Can I ignore the Event ID 12014?
Recommended to fix. This will not effect your current mailflow.

2. If I overwrite the existing SMTP GoDaddy Thumbprint, will it affect the external users with mobile devices such as iPhone connected to the SBS2008? My local users' outlook is connected to server1.companyname.local.
It will not ffect your current connections or mailflow.
You dont need any of your internal names in your 3rd party certificate. Please check this for details
You just recreate a certificate by command "New-exchangecertificate" which will create an self signed certificate with your server name.

here is a reference
https://www.experts-exchange.com/questions/28407008/Event-ID-12014-Certificate-issue-with-personal-store.html
0
 
LVL 5

Accepted Solution

by:
Mdlinnett earned 500 total points
ID: 41828888
If SBS is configured with the wizards, the internal name wouldn't be used at all as Exchange would be configured and another DNS forwarding zone would be created for remote.domain.com.  

You would also only need a cert with 1 name on it which is cheaper than a SAN cert.
0
 

Author Comment

by:Patrick2727
ID: 41837417
All the sudden, the error messages with the Event ID are not showing any more. Thank you all the suggestions.
0
 
LVL 14

Expert Comment

by:Todd Nelson
ID: 41837445
What, if anything, did you do to alleviate the error events?
0

Featured Post

6 Surprising Benefits of Threat Intelligence

All sorts of threat intelligence is available on the web. Intelligence you can learn from, and use to anticipate and prepare for future attacks.

Join & Write a Comment

Check out this infographic on what you need to make a good email signature that will work perfectly for your organization.
Scam emails are a huge burden for many businesses. Spotting one is not always easy. Follow our tips to identify if an email you receive is a scam.
In this video we show how to create an Address List in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Organization >> Ad…
In this video we show how to create an email address policy in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.:  First we need to log into the Exchange Admin Center. Navigate to the Mail Flow…

760 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

23 Experts available now in Live!

Get 1:1 Help Now