Exchange 2007 EventID 12014 Error
-
Wednesday, January 10, 2007 10:03 AM
Hello,
I am receiving the following error quite often in the event viewer on EX2007.
Source: MSExchangeTransport
Category: TransportService
Event ID: 12014
Microsoft Exchange couldn't find a certificate that contains the domain name mail.mydomain.net in the personal store on the local computer. Therefore, it is unable to offer the STARTTLS SMTP verb for any connector with a FQDN parameter of mail.fcc-inc.net. Verify the connector configuration and the installed certificates to make sure that there is a certificate with a domain name for every connector FQDN.
I installed a new certificate into IIS with the appropriate name. I also disabled all TLS setting under Server Configuration | Hub Transport | Receive Connectors. (I realize that this isn't the ideal setting, but the error is annoying).
Thanks for any help.
All Replies
-
Sunday, January 14, 2007 5:52 PM
Patrick,
You will need to export the cert with key from your computer store and then delete it from computer store. Then use the exchange management commandlets to re-import it and enable it for SMTP... something like
Import-ExchangeCertificate –Path c:\certificates\newcert.cer | Enable-ExchangeCertificate –Services SMTP
See this section for more information: http://technet.microsoft.com/en-us/library/aa998840.aspx
Also to make the TLS required on your send or receive connector, you will have to execute command like Set-SendConnector -Identity "Required TLS connector" -RequireTLS $True
Lastly, the FQDN specified on the send/receive connector will determine which cert is used, so make sure it's domain name matches the domain name on your certificate CN.
G'luck, Andre.
-
Friday, January 19, 2007 5:02 PM
Can I use the same certificate for both my OWA SSL and SMTP? My OWA SSL certificate is working fine but I am also getting that annoying STARTTL SMTP nag.
-
Monday, January 22, 2007 4:55 PM
Robert,
You should be able to, as long as the FQDN of your send/receive connector is also listed as a subject name or subject alternative name on your certificate, and you have enabled the certificate for SMTP service.
Andre.
- Proposed As Answer by GJIchicago Saturday, March 19, 2011 12:39 AM
-
Monday, December 10, 2007 12:15 PM I solved the problem today like this;
1. On the "Exchange Management Shell" I wrote "Get-ExchangeCertificate" command..
there are many thumbprints of cretificates (Wrongly I created many certificates before)
I looked to correct thumbprint from OWA certicate from Internet explorer...
2. After that on the shelll I wrote "Enable-ExchangeCertificate -Thumbprint 3afd24627925332cd096f45eb5b4473c72526112 -Services "SMTP" *(These thumbprint numbers ar sample)
After that all errors are cancelled... I'm getting correct information from TLS- Proposed As Answer by Devaraju K Friday, July 24, 2009 6:31 PM
- Marked As Answer by Terence Yu Wednesday, September 19, 2012 2:25 AM
-
Friday, April 18, 2008 7:06 AM
I have tried and it is works.
Thanks!
K Yung
-
Friday, May 30, 2008 1:52 PM
This solution corrected my issue. Many thanks to sagitta16 for the post. -
Thursday, September 11, 2008 10:45 AMThanks sagitta16
-
Friday, October 10, 2008 6:59 PM
Hmmm...I tried this and while it did get rid of the error, i now get a page could not be displayed when i log into OWA (after entering my credentials).
Any ideas what could've gone wrong? Where should i look?
-
Friday, July 24, 2009 6:33 PM Hi
As per Microsoft: "This Warning event indicates that there is a problem loading a certificate to be used for STARTTLS purposes. Generally, this problem occurs if one or both of the following conditions is true:
- The fully qualified domain name (FQDN) that is specified in the Warning event has been defined on a Receive connector or Send connector on a Microsoft Exchange Server 2007 transport server, and no certificate is installed on the same computer that contains the FQDN in the Subject or Subject Alternative Name fields.
- A third-party or custom certificate has been installed on the server and it contains a matching FQDN. However, the certificate is not enabled for the SMTP service".
http://support.microsoft.com/default.aspx?scid=kb;en-us;555855
Hope this help
All good things come to those who wait......- Proposed As Answer by Devaraju K Sunday, July 26, 2009 5:16 PM
-
Monday, July 27, 2009 8:36 AM
You can either choose to create and install a certificate to use in combination with exchange as described by sagitta16.
Or you can disable starttls for that specific send connector by the following powershell command:
Set-SendConnector -Identity "Name of the send connector" -IgnoreSTARTTLS $True
Good luck :-) -
Monday, August 24, 2009 4:37 AMany update on this issue?
Don't do what others say - listen to them, but do what you feel good doing. -
Monday, October 25, 2010 6:20 PM
Im getting this same error on my exch2010 server. im trying to diagnose a problem recieving internal/external email to a 2010 users mb. I have a question....
Would the above error in event log cause issues with mail delivery?
Mark C -
Monday, January 24, 2011 5:58 PMThanks sagitta16
-
Monday, March 21, 2011 6:42 PMThat worked. Thanks!
-
Monday, April 18, 2011 4:34 PM
http://technet.microsoft.com/en-us/library/aa998327.aspx
Run the New-ExchangeCertificate cmdlet and reboot.
-
Tuesday, May 17, 2011 8:14 AM
Have tried as per Sagitta's suggestion, but the error still appear for both send and receive connector. I confirmed owa cert has been installed and SMTP service has been enabled for this cert. Also, SMTP service been enabled for default exchange 2007 cert. Any impact if i remove default exchange cert? also, what is the impact if i disable STARTTLS?
-
Wednesday, October 05, 2011 10:27 AMThanks MiracleMarco, the solution to disable StartTLS works for me.
The HUB and the gateway servers are isolated from the rest by accesslist, so TLS isn't nescessary for us! -
Thursday, December 29, 2011 4:19 PM
Hello Sagitta i have the same issue and i like to explain more how to fix
Thanks
.png)
