Go Premium for a chance to win a PS4. Enter to Win

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 72
  • Last Modified:

Exchange Certificate issue

We are running SBS2008 with server1.companyname.local domain name.  We are using GoDaddy SSL security certificate that covers the names: server1.companyname.local, remote.companyname.com, autodiscover.companyname.com.  Since GoDaddy SSL certificate did not support .local domain anymore.  I got Event ID 12014 error on the server related to "Microsoft Exchange could not find a certificate that contains the domain name server1.companyname.local in the personal store of the local computer."  So far internal and external users have no problems sending and receiving emails.
 
I tried to fix the Event ID 12014 using Exchange Management Shell by typing "Enable-ExchangeCertificate -Thumbprint xx...xx -Services "SMTP" where xx...xx is the current thumbprint shown linked to the name server1.companyname.local.  After typing this command, it asks if I want to overwrite the existing SMTP service xx...xx Thumbprint issued by GoDaddy.

My questions are:
1. Can I ignore the Event ID 12014?
2. If I overwrite the existing SMTP GoDaddy Thumbprint, will it affect the external users with mobile devices such as iPhone connected to the SBS2008? My local users' outlook is connected to server1.companyname.local.
Thank you.
0
Patrick2727
Asked:
Patrick2727
1 Solution
 
Todd NelsonSystems EngineerCommented:
It will be best to request a new certificate (if you haven't already) that does not include any internal server names (like server1.companyname.local).

Based on what you stated you only need to renew with remote.companyname.com and autodiscover.companyname.com.

Therefore all of your URLs (internal and external) should be configured with remote.companyname.com with the exception of the AutoDiscoverServiceInternalUri for the client access server that should be set to autodiscover.companyname.com.

Take a look at Paul Cunningham's article and script to update those URLs...


To answer your questions... You should be able to address the event ID with the info above; and When a cert is updated on the Exchange server, there should be no adverse affects on the users accessibility or experience.
0
 
MASTechnical Department HeadCommented:
My questions are:
1. Can I ignore the Event ID 12014?
Recommended to fix. This will not effect your current mailflow.

2. If I overwrite the existing SMTP GoDaddy Thumbprint, will it affect the external users with mobile devices such as iPhone connected to the SBS2008? My local users' outlook is connected to server1.companyname.local.
It will not ffect your current connections or mailflow.
You dont need any of your internal names in your 3rd party certificate. Please check this for details
You just recreate a certificate by command "New-exchangecertificate" which will create an self signed certificate with your server name.

here is a reference
https://www.experts-exchange.com/questions/28407008/Event-ID-12014-Certificate-issue-with-personal-store.html
0
 
MdlinnettCommented:
If SBS is configured with the wizards, the internal name wouldn't be used at all as Exchange would be configured and another DNS forwarding zone would be created for remote.domain.com.  

You would also only need a cert with 1 name on it which is cheaper than a SAN cert.
0
 
Patrick2727IT AdminAuthor Commented:
All the sudden, the error messages with the Event ID are not showing any more. Thank you all the suggestions.
0
 
Todd NelsonSystems EngineerCommented:
What, if anything, did you do to alleviate the error events?
0

Featured Post

Simplify Active Directory Administration

Administration of Active Directory does not have to be hard.  Too often what should be a simple task is made more difficult than it needs to be.The solution?  Hyena from SystemTools Software.  With ease-of-use as well as powerful importing and bulk updating capabilities.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now