Bobby
asked on
There is no valid SMTP Transport Layer Security (TLS) certificate for the FQDN
Exchange 2007. I tried to do this:
Simply you can execute below command and it may resolve your query.
1. Open "Exchange Management Shell".
2. Write "get-ExchangeCertificate" and press on "Enter" button.
3. Write down the Thumbprint of the certificate that reflect the required FQDN name of the server.
4. Review the current certificate that use by the Exchange server and
each certificate function.
5. Write "Enable-ExchangeCertificat e -Thumbprint 2afd26617915932ad096c48eb3 b847fc7457 662 -Services "SMTP"
and press on 'Enter" button.
•The value of -Thumbprint obtained in stage 3.
6. Restart the Exchange server.
But the values are all cut off because the window is too small side to side. I can't tell which thumbprint is for the FQDN... it looks like there may be a few. Is that possible?
Simply you can execute below command and it may resolve your query.
1. Open "Exchange Management Shell".
2. Write "get-ExchangeCertificate" and press on "Enter" button.
3. Write down the Thumbprint of the certificate that reflect the required FQDN name of the server.
4. Review the current certificate that use by the Exchange server and
each certificate function.
5. Write "Enable-ExchangeCertificat
and press on 'Enter" button.
•The value of -Thumbprint obtained in stage 3.
6. Restart the Exchange server.
But the values are all cut off because the window is too small side to side. I can't tell which thumbprint is for the FQDN... it looks like there may be a few. Is that possible?
Hi,
you can just add | fl at the end of command, and it will list you all the info. Maybe to much info, but you will see what you need :)
Like: Get-ExchangeCertificate | fl
Regards,
Ivan.
you can just add | fl at the end of command, and it will list you all the info. Maybe to much info, but you will see what you need :)
Like: Get-ExchangeCertificate | fl
Regards,
Ivan.
When you run command in post above, it will let you know valid date.
PS; Maybe you have certificates that are expired, but simple not removed from server.
You can check that either by going to mmc --> add certificates snap in, and look for computer certificates --> local store
PS; Maybe you have certificates that are expired, but simple not removed from server.
You can check that either by going to mmc --> add certificates snap in, and look for computer certificates --> local store
ASKER
Ok, that worked to see them. I did the snap in route. I do have 3 expired certs and one valid cert for the FQDN mail.mydomain.com, but those expired ones have been in there for years. Why would they cause a problem now? The problem that happened was all mail stopped coming in, even inter-office mail. I looked in the event viewer and saw the error about which I posted here. An hour after the problem started, it went away by itself (after I rebooted the server +10 minutes) and all the backed up email came in.
Again, these were not just outside emails (which our O365 spam protection would have queued up), but also emails sent from one staff member to another, and those emails never even leave the building. So something in Exchange stopped delivering emails to all user's Outlook.
Again, these were not just outside emails (which our O365 spam protection would have queued up), but also emails sent from one staff member to another, and those emails never even leave the building. So something in Exchange stopped delivering emails to all user's Outlook.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Full error that started all this (maybe?) and server info:
There is no valid SMTP Transport Layer Security (TLS) certificate for the FQDN of MYEXCHANGE.MyCoInc.local. The existing certificate for that FQDN has expired. The continued use of that FQDN will cause mail flow problems. A new certificate that contains the FQDN of MYEXCHANGE.MyCoInc.local should be installed on this server as soon as possible. You can create a new certificate by using the New-ExchangeCertificate task.
Windows Server Standard SP2
Exchange Server 2007 Version: 08.02.0301.000
There is no valid SMTP Transport Layer Security (TLS) certificate for the FQDN of MYEXCHANGE.MyCoInc.local. The existing certificate for that FQDN has expired. The continued use of that FQDN will cause mail flow problems. A new certificate that contains the FQDN of MYEXCHANGE.MyCoInc.local should be installed on this server as soon as possible. You can create a new certificate by using the New-ExchangeCertificate task.
Windows Server Standard SP2
Exchange Server 2007 Version: 08.02.0301.000
ASKER
In Event Viewer, there is an Exchange Auditing area but there is nothing in there at all.
ASKER
Thumbprint Services Subject
---------- -------- -------
A9D08A8398973A7E2F2095284B
4635429745AA20A70BD27FB65B
F7A3471ECB5D7B315BEAE8C5BA
54F3F6D7E3F4EABCD2B7A60733
78A98332A0527CD1FE407E0ED7
EA63EE80539673A9BF8D380CF9
31A64D5E28F49AAB2CE6677C4B