?
Solved

Exchange Certificate issue

Posted on 2016-10-04
5
Medium Priority
?
65 Views
Last Modified: 2016-10-31
We are running SBS2008 with server1.companyname.local domain name.  We are using GoDaddy SSL security certificate that covers the names: server1.companyname.local, remote.companyname.com, autodiscover.companyname.com.  Since GoDaddy SSL certificate did not support .local domain anymore.  I got Event ID 12014 error on the server related to "Microsoft Exchange could not find a certificate that contains the domain name server1.companyname.local in the personal store of the local computer."  So far internal and external users have no problems sending and receiving emails.
 
I tried to fix the Event ID 12014 using Exchange Management Shell by typing "Enable-ExchangeCertificate -Thumbprint xx...xx -Services "SMTP" where xx...xx is the current thumbprint shown linked to the name server1.companyname.local.  After typing this command, it asks if I want to overwrite the existing SMTP service xx...xx Thumbprint issued by GoDaddy.

My questions are:
1. Can I ignore the Event ID 12014?
2. If I overwrite the existing SMTP GoDaddy Thumbprint, will it affect the external users with mobile devices such as iPhone connected to the SBS2008? My local users' outlook is connected to server1.companyname.local.
Thank you.
0
Comment
Question by:Patrick2727
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
5 Comments
 
LVL 16

Expert Comment

by:Todd Nelson
ID: 41828397
It will be best to request a new certificate (if you haven't already) that does not include any internal server names (like server1.companyname.local).

Based on what you stated you only need to renew with remote.companyname.com and autodiscover.companyname.com.

Therefore all of your URLs (internal and external) should be configured with remote.companyname.com with the exception of the AutoDiscoverServiceInternalUri for the client access server that should be set to autodiscover.companyname.com.

Take a look at Paul Cunningham's article and script to update those URLs...


To answer your questions... You should be able to address the event ID with the info above; and When a cert is updated on the Exchange server, there should be no adverse affects on the users accessibility or experience.
0
 
LVL 27

Expert Comment

by:☠MAS☠
ID: 41828489
My questions are:
1. Can I ignore the Event ID 12014?
Recommended to fix. This will not effect your current mailflow.

2. If I overwrite the existing SMTP GoDaddy Thumbprint, will it affect the external users with mobile devices such as iPhone connected to the SBS2008? My local users' outlook is connected to server1.companyname.local.
It will not ffect your current connections or mailflow.
You dont need any of your internal names in your 3rd party certificate. Please check this for details
You just recreate a certificate by command "New-exchangecertificate" which will create an self signed certificate with your server name.

here is a reference
https://www.experts-exchange.com/questions/28407008/Event-ID-12014-Certificate-issue-with-personal-store.html
0
 
LVL 5

Accepted Solution

by:
Mdlinnett earned 2000 total points
ID: 41828888
If SBS is configured with the wizards, the internal name wouldn't be used at all as Exchange would be configured and another DNS forwarding zone would be created for remote.domain.com.  

You would also only need a cert with 1 name on it which is cheaper than a SAN cert.
0
 

Author Comment

by:Patrick2727
ID: 41837417
All the sudden, the error messages with the Event ID are not showing any more. Thank you all the suggestions.
0
 
LVL 16

Expert Comment

by:Todd Nelson
ID: 41837445
What, if anything, did you do to alleviate the error events?
0

Featured Post

Free Tool: Subnet Calculator

The subnet calculator helps you design networks by taking an IP address and network mask and returning information such as network, broadcast address, and host range.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

MS Outlook is a world-class email client application that is mainly used for e-communication globally.  In this article, we will discuss the basic idea about MS Outlook, its advanced features, and types of MS Outlook File formats.
A couple of months ago we ran into an issue that necessitated re-creating our Edge Subscriptions. However, when we attempted to execute the command: New-EdgeSubscription -filename C:\NewEdgeSub_01.xml we received an error indicating that the LDAP se…
In this video we show how to create a Resource Mailbox in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: Navigate to the Recipients >> Resources tab.: "Recipients" is our default selection …
This video shows how to quickly and easily add an email signature for all users on Exchange 2016. The resulting signature is applied on a server level by Exchange Online. The email signature template has been downloaded from: www.mail-signatures…
Suggested Courses
Course of the Month13 days, 15 hours left to enroll

800 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question