Wednesday, January 10, 2007 10:03 AM
I am receiving the following error quite often in the event viewer on EX2007.
Event ID: 12014
Microsoft Exchange couldn't find a certificate that contains the domain name mail.mydomain.net in the personal store on the local computer. Therefore, it is unable to offer the STARTTLS SMTP verb for any connector with a FQDN parameter of mail.fcc-inc.net. Verify the connector configuration and the installed certificates to make sure that there is a certificate with a domain name for every connector FQDN.
I installed a new certificate into IIS with the appropriate name. I also disabled all TLS setting under Server Configuration | Hub Transport | Receive Connectors. (I realize that this isn't the ideal setting, but the error is annoying).
Thanks for any help.
Sunday, January 14, 2007 5:52 PM
You will need to export the cert with key from your computer store and then delete it from computer store. Then use the exchange management commandlets to re-import it and enable it for SMTP... something like
Import-ExchangeCertificate –Path c:\certificates\newcert.cer | Enable-ExchangeCertificate –Services SMTP
See this section for more information: http://technet.microsoft.com/en-us/library/aa998840.aspx
Also to make the TLS required on your send or receive connector, you will have to execute command like Set-SendConnector -Identity "Required TLS connector" -RequireTLS $True
Lastly, the FQDN specified on the send/receive connector will determine which cert is used, so make sure it's domain name matches the domain name on your certificate CN.
Friday, January 19, 2007 5:02 PM
Can I use the same certificate for both my OWA SSL and SMTP? My OWA SSL certificate is working fine but I am also getting that annoying STARTTL SMTP nag.
Monday, January 22, 2007 4:55 PM
You should be able to, as long as the FQDN of your send/receive connector is also listed as a subject name or subject alternative name on your certificate, and you have enabled the certificate for SMTP service.
- Proposed As Answer by GJIchicago Saturday, March 19, 2011 12:39 AM
Monday, December 10, 2007 12:15 PMI solved the problem today like this;
1. On the "Exchange Management Shell" I wrote "Get-ExchangeCertificate" command..
there are many thumbprints of cretificates (Wrongly I created many certificates before)
I looked to correct thumbprint from OWA certicate from Internet explorer...
2. After that on the shelll I wrote "Enable-ExchangeCertificate -Thumbprint 3afd24627925332cd096f45eb5b4473c72526112 -Services "SMTP" *(These thumbprint numbers ar sample)
After that all errors are cancelled... I'm getting correct information from TLS
Friday, April 18, 2008 7:06 AM
I have tried and it is works.
Friday, May 30, 2008 1:52 PM
Thursday, September 11, 2008 10:45 AMThanks sagitta16
Friday, October 10, 2008 6:59 PM
Hmmm...I tried this and while it did get rid of the error, i now get a page could not be displayed when i log into OWA (after entering my credentials).
Any ideas what could've gone wrong? Where should i look?
Friday, July 24, 2009 6:33 PMHi
As per Microsoft: "This Warning event indicates that there is a problem loading a certificate to be used for STARTTLS purposes. Generally, this problem occurs if one or both of the following conditions is true:
- The fully qualified domain name (FQDN) that is specified in the Warning event has been defined on a Receive connector or Send connector on a Microsoft Exchange Server 2007 transport server, and no certificate is installed on the same computer that contains the FQDN in the Subject or Subject Alternative Name fields.
- A third-party or custom certificate has been installed on the server and it contains a matching FQDN. However, the certificate is not enabled for the SMTP service".
Hope this help
All good things come to those who wait......
- Proposed As Answer by Devaraju K Sunday, July 26, 2009 5:16 PM
Monday, July 27, 2009 8:36 AM
You can either choose to create and install a certificate to use in combination with exchange as described by sagitta16.
Or you can disable starttls for that specific send connector by the following powershell command:
Set-SendConnector -Identity "Name of the send connector" -IgnoreSTARTTLS $True
Good luck :-)
Monday, August 24, 2009 4:37 AMany update on this issue?
Don't do what others say - listen to them, but do what you feel good doing.
Monday, October 25, 2010 6:20 PM
Im getting this same error on my exch2010 server. im trying to diagnose a problem recieving internal/external email to a 2010 users mb. I have a question....
Would the above error in event log cause issues with mail delivery?
Monday, January 24, 2011 5:58 PMThanks sagitta16
Monday, March 21, 2011 6:42 PMThat worked. Thanks!
Monday, April 18, 2011 4:34 PM
Run the New-ExchangeCertificate cmdlet and reboot.
Tuesday, May 17, 2011 8:14 AM
Have tried as per Sagitta's suggestion, but the error still appear for both send and receive connector. I confirmed owa cert has been installed and SMTP service has been enabled for this cert. Also, SMTP service been enabled for default exchange 2007 cert. Any impact if i remove default exchange cert? also, what is the impact if i disable STARTTLS?
Wednesday, October 05, 2011 10:27 AMThanks MiracleMarco, the solution to disable StartTLS works for me.
The HUB and the gateway servers are isolated from the rest by accesslist, so TLS isn't nescessary for us!
Thursday, December 29, 2011 4:19 PM
Hello Sagitta i have the same issue and i like to explain more how to fix