Description: An internal transport certificate will expire soon


We are running Microsoft Exchange 2016 with the current CU.

We have recently been seeing an Event under Application Log as follows:

Application Log generated Error Event 12017
Description: An internal transport certificate will expire soon.
Thumbprint: C65....A42, expires: 6/25/2018 3:23:37 PM.

I've looked at the certificates, but nothing is set to expire that day.  Where can I find where this is stemming from?

Thanks in advance.

Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

David Johnson, CD, MVPOwnerCommented:
To resolve this warning, you must use the New-ExchangeCertificate cmdlet to create a new internal transport certificate (also referred to as a direct trust certificate) on the computer that returned this Warning event. Running the New-ExchangeCertificate cmdlet with no arguments creates an SMTP-enabled internal transport certificate for direct trust. For more information, see New-ExchangeCertificate.

If this warning occurred on a Hub Transport server, you must create the internal transport certificate on the Hub Transport server where the warning occurred. After you have created the certificate, restart the Microsoft Exchange EdgeSync service to update the certificate information on the Edge Transport servers that are subscribed to the organization.
timgreen7077Exchange EngineerCommented:
run the following in the exchange shell and see if it can show you the correct cert:

Get-ExchangeCertificate -Thumbprint "thumb print ID" | fl

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Vidit BhardwajAdminCommented:
You can also check the same in personal certificate store of machine.

run ->MMC> certificates>Computer Account> Personal Store> look for the cert with the same thumbprint and remove it
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today

From novice to tech pro — start learning today.