none
Exchange 2007 EventID 12014 Error

    Question

  • Hello,

    I am receiving the following error quite often in the event viewer on EX2007.

    Source:  MSExchangeTransport

    Category:  TransportService

    Event ID:  12014

    Microsoft Exchange couldn't find a certificate that contains the domain name mail.mydomain.net in the personal store on the local computer. Therefore, it is unable to offer the STARTTLS SMTP verb for any connector with a FQDN parameter of mail.fcc-inc.net. Verify the connector configuration and the installed certificates to make sure that there is a certificate with a domain name for every connector FQDN.

     

    I installed a new certificate into IIS with the appropriate name.  I also disabled all TLS setting under Server Configuration | Hub Transport | Receive Connectors. (I realize that this isn't the ideal setting, but the error is annoying).

    Thanks for any help.

     

    Wednesday, January 10, 2007 10:03 AM

Answers

  • I solved the problem today like this;
    1. On the "Exchange Management Shell" I wrote "Get-ExchangeCertificate"  command..
    there are many thumbprints of cretificates (Wrongly I created many certificates before)
    I looked to correct thumbprint from OWA certicate from Internet explorer...
    2.
    After that on the shelll I wrote  "Enable-ExchangeCertificate -Thumbprint 3afd24627925332cd096f45eb5b4473c72526112 -Services "SMTP"    *(These thumbprint numbers ar sample)

    After that all errors are cancelled... I'm getting correct information from TLS
    • Proposed as answer by Devaraju K Friday, July 24, 2009 6:31 PM
    • Marked as answer by Terence Yu Wednesday, September 19, 2012 2:25 AM
    Monday, December 10, 2007 12:15 PM

All replies

  • Patrick,

    You will need to export the cert with key from your computer store and then delete it from computer store. Then use the exchange management commandlets to re-import it and enable it for SMTP... something like

    Import-ExchangeCertificate –Path c:\certificates\newcert.cer | Enable-ExchangeCertificate –Services SMTP

    See this section for more information: http://technet.microsoft.com/en-us/library/aa998840.aspx

    Also to make the TLS required on your send or receive connector, you will have to execute command like Set-SendConnector -Identity "Required TLS connector" -RequireTLS $True

    Lastly, the FQDN specified on the send/receive connector will determine which cert is used, so make sure it's domain name matches the domain name on your certificate CN.

    G'luck, Andre.

    Sunday, January 14, 2007 5:52 PM
  • Can I use the same certificate for both my OWA SSL and SMTP?  My OWA SSL certificate is working fine but I am also getting that annoying STARTTL SMTP nag.

     

    Friday, January 19, 2007 5:02 PM
  • Robert,

    You should be able to, as long as the FQDN of your send/receive connector is also listed as a subject name or subject alternative name on your certificate, and you have enabled the certificate for SMTP service.

    Andre.

    • Proposed as answer by GJIchicago Saturday, March 19, 2011 12:39 AM
    Monday, January 22, 2007 4:55 PM
  • I solved the problem today like this;
    1. On the "Exchange Management Shell" I wrote "Get-ExchangeCertificate"  command..
    there are many thumbprints of cretificates (Wrongly I created many certificates before)
    I looked to correct thumbprint from OWA certicate from Internet explorer...
    2.
    After that on the shelll I wrote  "Enable-ExchangeCertificate -Thumbprint 3afd24627925332cd096f45eb5b4473c72526112 -Services "SMTP"    *(These thumbprint numbers ar sample)

    After that all errors are cancelled... I'm getting correct information from TLS
    • Proposed as answer by Devaraju K Friday, July 24, 2009 6:31 PM
    • Marked as answer by Terence Yu Wednesday, September 19, 2012 2:25 AM
    Monday, December 10, 2007 12:15 PM
  •  

    I have tried and it is works.

     

    Thanks!

     

    K Yung

    Friday, April 18, 2008 7:06 AM
  •  

    This solution corrected my issue. Many thanks to sagitta16 for the post.
    Friday, May 30, 2008 1:52 PM
  • Thanks sagitta16
    Thursday, September 11, 2008 10:45 AM
  • Hmmm...I tried this and while it did get rid of the error, i now get a page could not be displayed when i log into OWA (after entering my credentials).

     

    Any ideas what could've gone wrong?  Where should i look?

    Friday, October 10, 2008 6:59 PM
  • Hi

    As per Microsoft: "This Warning event indicates that there is a problem loading a certificate to be used for STARTTLS purposes. Generally, this problem occurs if one or both of the following conditions is true:
    - The fully qualified domain name (FQDN) that is specified in the Warning event has been defined on a Receive connector or Send connector on a Microsoft Exchange Server 2007 transport server, and no certificate is installed on the same computer that contains the FQDN in the Subject or Subject Alternative Name fields.
    - A third-party or custom certificate has been installed on the server and it contains a matching FQDN. However, the certificate is not enabled for the SMTP service".

    http://support.microsoft.com/default.aspx?scid=kb;en-us;555855

    Hope this help
    All good things come to those who wait......
    • Proposed as answer by Devaraju K Sunday, July 26, 2009 5:16 PM
    Friday, July 24, 2009 6:33 PM
  • You can either choose to create and install a certificate to use in combination with exchange as described by sagitta16.
    Or you can disable starttls for that specific send connector by the following powershell command:

    Set-SendConnector -Identity "Name of the send connector" -IgnoreSTARTTLS $True

    Good luck :-)

    Monday, July 27, 2009 8:36 AM
  • any update on this issue?

    Don't do what others say - listen to them, but do what you feel good doing.
    Monday, August 24, 2009 4:37 AM
  • Im getting this same error on my exch2010 server. im trying to diagnose a problem recieving internal/external email to a 2010 users mb. I have a question....

     

    Would the above error in event log cause issues with mail delivery?


    Mark C
    Monday, October 25, 2010 6:20 PM
  • Thanks sagitta16
    Monday, January 24, 2011 5:58 PM
  • That worked.  Thanks!
    Monday, March 21, 2011 6:42 PM
  • http://technet.microsoft.com/en-us/library/aa998327.aspx

     

    Run the New-ExchangeCertificate cmdlet and reboot.

    Monday, April 18, 2011 4:34 PM
  • Have tried as per Sagitta's suggestion, but the error still appear for both send and receive connector. I confirmed owa cert has been installed and SMTP service has been enabled for this cert. Also, SMTP service been enabled for default exchange 2007 cert. Any impact if i remove default exchange cert? also, what is the impact if i disable STARTTLS? 

      

    Tuesday, May 17, 2011 8:14 AM
  • Thanks MiracleMarco, the solution to disable StartTLS works for me.
    The HUB and the gateway servers are isolated from the rest by accesslist, so TLS isn't nescessary for us!
    Wednesday, October 05, 2011 10:27 AM
  • Hello Sagitta i have the same issue and i like to explain more how to fix

     

    Thanks

    Thursday, December 29, 2011 4:19 PM