Solved

Exchange Certificate issue

Posted on 2016-10-04
5
63 Views
Last Modified: 2016-10-31
We are running SBS2008 with server1.companyname.local domain name.  We are using GoDaddy SSL security certificate that covers the names: server1.companyname.local, remote.companyname.com, autodiscover.companyname.com.  Since GoDaddy SSL certificate did not support .local domain anymore.  I got Event ID 12014 error on the server related to "Microsoft Exchange could not find a certificate that contains the domain name server1.companyname.local in the personal store of the local computer."  So far internal and external users have no problems sending and receiving emails.
 
I tried to fix the Event ID 12014 using Exchange Management Shell by typing "Enable-ExchangeCertificate -Thumbprint xx...xx -Services "SMTP" where xx...xx is the current thumbprint shown linked to the name server1.companyname.local.  After typing this command, it asks if I want to overwrite the existing SMTP service xx...xx Thumbprint issued by GoDaddy.

My questions are:
1. Can I ignore the Event ID 12014?
2. If I overwrite the existing SMTP GoDaddy Thumbprint, will it affect the external users with mobile devices such as iPhone connected to the SBS2008? My local users' outlook is connected to server1.companyname.local.
Thank you.
0
Comment
Question by:Patrick2727
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
5 Comments
 
LVL 16

Expert Comment

by:Todd Nelson
ID: 41828397
It will be best to request a new certificate (if you haven't already) that does not include any internal server names (like server1.companyname.local).

Based on what you stated you only need to renew with remote.companyname.com and autodiscover.companyname.com.

Therefore all of your URLs (internal and external) should be configured with remote.companyname.com with the exception of the AutoDiscoverServiceInternalUri for the client access server that should be set to autodiscover.companyname.com.

Take a look at Paul Cunningham's article and script to update those URLs...


To answer your questions... You should be able to address the event ID with the info above; and When a cert is updated on the Exchange server, there should be no adverse affects on the users accessibility or experience.
0
 
LVL 26

Expert Comment

by:-MAS
ID: 41828489
My questions are:
1. Can I ignore the Event ID 12014?
Recommended to fix. This will not effect your current mailflow.

2. If I overwrite the existing SMTP GoDaddy Thumbprint, will it affect the external users with mobile devices such as iPhone connected to the SBS2008? My local users' outlook is connected to server1.companyname.local.
It will not ffect your current connections or mailflow.
You dont need any of your internal names in your 3rd party certificate. Please check this for details
You just recreate a certificate by command "New-exchangecertificate" which will create an self signed certificate with your server name.

here is a reference
https://www.experts-exchange.com/questions/28407008/Event-ID-12014-Certificate-issue-with-personal-store.html
0
 
LVL 5

Accepted Solution

by:
Mdlinnett earned 500 total points
ID: 41828888
If SBS is configured with the wizards, the internal name wouldn't be used at all as Exchange would be configured and another DNS forwarding zone would be created for remote.domain.com.  

You would also only need a cert with 1 name on it which is cheaper than a SAN cert.
0
 

Author Comment

by:Patrick2727
ID: 41837417
All the sudden, the error messages with the Event ID are not showing any more. Thank you all the suggestions.
0
 
LVL 16

Expert Comment

by:Todd Nelson
ID: 41837445
What, if anything, did you do to alleviate the error events?
0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Scam emails are a huge burden for many businesses. Spotting one is not always easy. Follow our tips to identify if an email you receive is a scam.
Check out this step-by-step guide for using the newly updated Experts Exchange mobile app—released on May 30.
To add imagery to an HTML email signature, you have two options available to you. You can either add a logo/image by embedding it directly into the signature or hosting it externally and linking to it. The vast majority of email clients display l…
This video demonstrates how to sync Microsoft Exchange Public Folders with smartphones using CodeTwo Exchange Sync and Exchange ActiveSync. To learn more about CodeTwo Exchange Sync and download the free trial, go to: http://www.codetwo.com/excha…

688 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question