EventID: 12014 - Too many certificates?

All replies

• 

  

  0

  Sign in to vote

  On Wed, 19 Sep 2012 10:12:17 +0000, alandean wrote:

   

  >

  >

  >This subject is a little out of my comfort zone. Apologies for that.

  >

  >Our main server (2003 R2 Enterprise x64) runs Exchange Server 2007. We do run a second server purely for Navision 3.7 running on Server 2000.

  >

  >We get 12014 events generated, athough everything appears to be working ok. This has been going on for some time - I feel it is probably time to sort it out.

  >

  >lThe output from 'get-exchangecertificates |fl' is as follows:

  >

  >AccessRules : {System.Security.AccessControl.CryptoKeyAccessRule, System .Security.AccessControl.CryptoKeyAccessRule, System.Securi ty.AccessControl.CryptoKeyAccessRule} CertificateDomains : {'server', 'server'.'domain'} HasPrivateKey : True IsSelfSigned : True Issuer : CN='server' NotAfter : 11/03/2011 11:41:35 NotBefore : 11/03/2010 11:41:35 PublicKeySize : 2048 RootCAType : Unknown SerialNumber : EB226DA878977597481E73A249EED86A Services : SMTP Status : Invalid Subject : CN='server' Thumbprint : 3BAEFB3868B5DC69EE11A94DAD7A557F8DD0C617

  >

  >AccessRules : {System.Security.AccessControl.CryptoKeyAccessRule, System .Security.AccessControl.CryptoKeyAccessRule, System.Securi ty.AccessControl.CryptoKeyAccessRule} CertificateDomains : {mail.'domain', 'domain', autodiscover.braemac.c o.uk} HasPrivateKey : True IsSelfSigned : True Issuer : CN=mail.'domain', O=xxxx, DC=xxxx, DC=co, DC=uk, C=UK NotAfter : 12/01/2010 11:45:16 NotBefore : 12/01/2009 11:45:16 PublicKeySize : 2048 RootCAType : Unknown SerialNumber : ED054CFF7483EBA146F8F354C5221B1A Services : IMAP, POP, IIS, SMTP Status : Invalid Subject : CN=mail.'domain', O=xxxx, DC=xxxx, DC=co, DC=uk, C=UK Thumbprint : 1DD9346DACCAA7A0D66886193ACB05A93D77A1E0

  >

  >AccessRules : {System.Security.AccessControl.CryptoKeyAccessRule, System .Security.AccessControl.CryptoKeyAccessRule, System.Securi ty.AccessControl.CryptoKeyAccessRule} CertificateDomains : {'server', 'server'.'domain'} HasPrivateKey : True IsSelfSigned : True Issuer : CN='server' NotAfter : 17/12/2009 16:00:23 NotBefore : 17/12/2008 16:00:23 PublicKeySize : 2048 RootCAType : Unknown SerialNumber : 01107F71E00F8FB64174786382C6308D Services : SMTP Status : Invalid Subject : CN='server' Thumbprint : 94482634BB294A347D8887D9283C91BFA009BD65

  >

  >As can be seen all three certificates show as 'Invalid' and SMTP is under each certificate. Can I remove the two certificates showing only SMTP and leave the third? Will this sort out the 12014's or is there something else that needs to be done.

   

  They're all "self-signed" certs. Just create a new one

  (http://exchangepedia.com/2008/01/exchange-server-2007-renewing-the-self-signed-certificate.html)

  and then remove the expired certs from the certificate store.

   

  ---

  Rich Matheisen

  MCSE+I, Exchange MVP

   

  ---

  --- Rich Matheisen MCSE+I, Exchange MVP

  • Proposed as answer by Fiona_LiaoModerator Thursday, September 20, 2012 10:27 AM
  • Marked as answer by Fiona_LiaoModerator Tuesday, September 25, 2012 2:09 AM

  Wednesday, September 19, 2012 3:11 PM
• 

  

  0

  Sign in to vote

  Hi Alan,

  All three certificates are expired.  So yes, you may delete them all and you need a new one from a trusted CA.

  Refer to:

  http://support.microsoft.com/kb/555855

  http://blogs.technet.com/b/exchange/archive/2007/02/19/3400537.aspx

  Hope it is helpful.

  ---

  Fiona Liao

  TechNet Community Support

  

  • Proposed as answer by Fiona_LiaoModerator Monday, September 24, 2012 2:23 AM
  • Marked as answer by Fiona_LiaoModerator Tuesday, September 25, 2012 2:09 AM

  Thursday, September 20, 2012 10:29 AM

  Moderator
• 

  

  0

  Sign in to vote

  If no more questions on this thread, we may mark it as answered.

  Thanks.

  ---

  Fiona Liao

  TechNet Community Support

  

  Monday, September 24, 2012 2:24 AM

  Moderator