Exchange Certificate Issue

Merlin-Eng
Merlin-Eng used Ask the Experts™
on
SBS 2008 + Exchange 2007: The server has started logging Event 12014 many times per day since August 21st.

Microsoft Exchange could not find a certificate that contains the domain name mail.ourdomain.com in the personal store on the local computer. Therefore, it is unable to support the STARTTLS SMTP verb for the connector Windows SBS Internet Receive AVATAR with a FQDN parameter of mail.ourdomain.com If the connector's FQDN is not specified, the computer's FQDN is used. Verify the connector configuration and the installed certificates to make sure that there is a certificate with a domain name for that FQDN. If this certificate exists, run Enable-ExchangeCertificate -Services SMTP to make sure that the Microsoft Exchange Transport service has access to the certificate key.

I cannot see what has changed in order to trigger this. Our SSL certificate has been in place for almost 2 years, but has never contained mail.ourdomain.com It only contains the fqdn remote.ourdomain.com and is configured for IIS and SMTP. I can see that many of the events correspond to emails arriving in the smtp log, but many more emails arrive without triggering the Event being logged.

Can anyone shed any light on this please?
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Edward van BiljonMessaging and Collaboration Technical Lead (Exchange MVP & MCT)

Commented:
Hi

Has your certificate not expired at all?

Can you type the command get-exchangecertificate and advise what you are seeing?
Hani M .S. Al-habshiContributor as IT Expert

Commented:
Dear

Outlook anywhere or Outlook client show Security Alert or certificate error (wrong Cert)  , you need to read this article before

http://www.shudnow.net/2013/07/26/outlook-certificate-error-and-autodiscover-domain-com-not-working/

Internal Autodiscover and the Service Connection Point
Merlin-EngWorks Manager

Author

Commented:
@Edward Van Biljon: There are no expired certificates in the local computer certificate store. The other certificates have OurServer.OurDomain.local in the subject. So i think they are not relevant to this issue. Get-ExchangeCertificate shows that the SSL Certificate is configured for IIS and SMTP. Does this answer your question?

@Hani Alhabshi: The article you linked deals with Outlook autodiscover. My issue is not related to Outlook at all.
Ensure you’re charging the right price for your IT

Do you wonder if your IT business is truly profitable or if you should raise your prices? Learn how to calculate your overhead burden using our free interactive tool and use it to determine the right price for your IT services. Start calculating Now!

Hani M .S. Al-habshiContributor as IT Expert

Commented:
Our SSL certificate has been in place for almost 2 years, but has never contained mail.ourdomain.com It only contains the fqdn remote.ourdomain.com

This comment related ...
Merlin-EngWorks Manager

Author

Commented:
@ Hani Alhabashi:

>>Also check FQDN  for Receive / Send connectors  

Yes that was it. The fqdn in the Receive Connector was configured as mail.ourdomain.com. I changed it to remote.ourdomain.com and the 12014 Events stopped being logged. I don't know why this would only become an issue now though. The configuration hasn't changed for years. Thank you for your help.

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial