Avatar of Merlin-Eng
Flag for United Kingdom of Great Britain and Northern Ireland asked on

Exchange Certificate Issue

SBS 2008 + Exchange 2007: The server has started logging Event 12014 many times per day since August 21st.

Microsoft Exchange could not find a certificate that contains the domain name mail.ourdomain.com in the personal store on the local computer. Therefore, it is unable to support the STARTTLS SMTP verb for the connector Windows SBS Internet Receive AVATAR with a FQDN parameter of mail.ourdomain.com If the connector's FQDN is not specified, the computer's FQDN is used. Verify the connector configuration and the installed certificates to make sure that there is a certificate with a domain name for that FQDN. If this certificate exists, run Enable-ExchangeCertificate -Services SMTP to make sure that the Microsoft Exchange Transport service has access to the certificate key.

I cannot see what has changed in order to trigger this. Our SSL certificate has been in place for almost 2 years, but has never contained mail.ourdomain.com It only contains the fqdn remote.ourdomain.com and is configured for IIS and SMTP. I can see that many of the events correspond to emails arriving in the smtp log, but many more emails arrive without triggering the Event being logged.

Can anyone shed any light on this please?

Avatar of undefined
Last Comment

8/22/2022 - Mon
Edward van Biljon


Has your certificate not expired at all?

Can you type the command get-exchangecertificate and advise what you are seeing?
Hani M .S. Al-habshi


Outlook anywhere or Outlook client show Security Alert or certificate error (wrong Cert)  , you need to read this article before


Internal Autodiscover and the Service Connection Point

@Edward Van Biljon: There are no expired certificates in the local computer certificate store. The other certificates have OurServer.OurDomain.local in the subject. So i think they are not relevant to this issue. Get-ExchangeCertificate shows that the SSL Certificate is configured for IIS and SMTP. Does this answer your question?

@Hani Alhabshi: The article you linked deals with Outlook autodiscover. My issue is not related to Outlook at all.
Experts Exchange has (a) saved my job multiple times, (b) saved me hours, days, and even weeks of work, and often (c) makes me look like a superhero! This place is MAGIC!
Walt Forbes
Hani M .S. Al-habshi

Our SSL certificate has been in place for almost 2 years, but has never contained mail.ourdomain.com It only contains the fqdn remote.ourdomain.com

This comment related ...
Hani M .S. Al-habshi

View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
See Pricing Options
Start Free Trial
Ask your own question & get feedback from real experts
Find out why thousands trust the EE community with their toughest problems.

@ Hani Alhabashi:

>>Also check FQDN  for Receive / Send connectors  

Yes that was it. The fqdn in the Receive Connector was configured as mail.ourdomain.com. I changed it to remote.ourdomain.com and the 12014 Events stopped being logged. I don't know why this would only become an issue now though. The configuration hasn't changed for years. Thank you for your help.