Exchange 2013, how do i assign a certificate to the SMTP site?

We have an on-prem exchange 2013 environment and we are seeing a gazillion schannel errors in the log.  When I look it up, the info online says i can safely ignore it and that to make the error stop, I can assign a certificate to the SMTP site.

Well, how exactly do I do that in Exchange 2013?  

Our CAS servers are split off from our mailbox servers.

We have certificates on our servers for OWA, etc.  So, I'm interested in making this event 36871 go away.

Thank you.

Cliff
crp0499CEOAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Tom CieslikIT EngineerCommented:
Event ID 36871: A Fatal Error Occurred While Creating An SSL (client or server) Credential
This behavior is caused by the SMTP service processing an incoming EHLO command if no certificate is assigned to an SMTP site. This message is logged twice, once when the SMTP service starts, and once when the first EHLO command is received.
Simple Mail Transfer Protocol (SMTP) controls how email is transported and then delivered across the Internet to the destination server. The SMTP EHLO command enables the server to identify its support for Extended Simple Mail Transfer Protocol (ESMTP) commands.

This is an erroneous Event log entry. You can safely ignore this message. To prevent this Event log entry, you must assign a certificate to the SMTP site.
0
crp0499CEOAuthor Commented:
Great.  I have that exact same info.  I'm asking HOW to assign a certificate to the SMTP site?  :)  I don't want to ignore the error.  I want to fix the error.
0
Tom CieslikIT EngineerCommented:
In the Exchange Administration Center navigate to Servers -> Certificates and choose the server that has the SSL certificate you wish to assign. The certificate must already been in a valid status before you can proceed further.

Maybe restart server will be required

Step by step you can find here

https://practical365.com/exchange-server/exchange-2013-assign-ssl-certificate-to-services/
0
Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

crp0499CEOAuthor Commented:
My two cas servers have certs assigned. Do I need to assign the same cert to the two mail box servers?
0
Tom CieslikIT EngineerCommented:
Your servers are talking to each other ? How you email flow looks like ?
0
crp0499CEOAuthor Commented:
Email is flowing fine. No mail flow problems, just wanna get rid of the error.
0
RoninCommented:
My two cas servers have certs assigned. Do I need to assign the same cert to the two mail box servers?
It's recommended you deploy Exchange with both roles (CAS + MBX) and do not separate, however if you already there, the answer is no. Only CAS needs cert applied.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Exchange

From novice to tech pro — start learning today.