none
Deleted exchange certificate reappears on reboot (also posted in Exchange 2010 forum)

    Question

  • I am running Exchange 2010 on a 2011 SBS standard server. About a year ago an Exchange certificate expired and I created a new one by renewing it using the Exchange Management Shell. I then deleted the expired certificate. Everything works fine but every time the server reboots I start getting the Application error 24 below and find that the certificate I deleted magically reappears in both the certmgr, Exchange management shell and the certificate list in IIS!

    I again delete it from all places in the certmgr (it shows up in about 4 folders) and in the IIS Manager Server Certificates icon and all is well until the server reboots! 

    While it appears this is just a cosmetic issue, I would like to not see the error message and have to delete the expired certificate every time I reboot.

    I am at wits end after fighting this for over a year. Suggestions, anyone? Could this be a matter of deleting an entry in the CryptoCache?

    Thanks in advance!

    Log Name:      Application

    Source:        MSExchange Web Services

    Date:          11/18/2018 9:01:34 AM

    Event ID:      24

    Task Category: Core

    Level:         Error

    Keywords:      Classic

    User:          N/A

    Computer:      SERVERNAME.MyDomain.local

    Description:

    The Exchange certificate [Subject]

      CN=MyDomain-SERVERNAME-CA 

    [Issuer]

      CN=MyDomain-SERVERNAME-CA 

    [Serial Number]

      5AE7E48F5ABCFE9D49AC826A1CF992C2 

    [Not Before]

      9/5/2012 9:27:27 PM 

    [Not After]

      9/5/2017 9:37:26 PM 

    [Thumbprint]

      8282E3E77F463D5EF4D6DB2F76DA07F186B1D833

     expired on 9/5/2017 9:37:26 PM.

    Event Xml:

    <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">

      <System>

        <Provider Name="MSExchange Web Services" />

        <EventID Qualifiers="49152">24</EventID>

        <Level>2</Level>

        <Task>1</Task>

        <Keywords>0x80000000000000</Keywords>

        <TimeCreated SystemTime="2018-11-18T14:01:34.000000000Z" />

        <EventRecordID>2108723</EventRecordID>

        <Channel>Application</Channel>

        <Computer>SERVERNAME.MyDomain.local</Computer>

        <Security />

      </System>

      <EventData>

        <Data>[Subject]

      CN=MyDomain-SERVERNAME-CA 

    [Issuer]

      CN=MyDomain-SERVERNAME-CA 

    [Serial Number]

      5AE7E48F5ABCFE9D49AC826A1CF992C2 

    [Not Before]

      9/5/2012 9:27:27 PM 

    [Not After]

      9/5/2017 9:37:26 PM 

    [Thumbprint]

      8282E3E77F463D5EF4D6DB2F76DA07F186B1D833

    </Data>

        <Data>9/5/2017 9:37:26 PM</Data>

      </EventData>

    </Event>



    Wednesday, November 21, 2018 8:41 PM

All replies

  • I am researching your question ,thanks for your waiting.

    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Thursday, November 22, 2018 3:53 PM
  • hi,
    Do you have
    a CA role setup on exchange server?
    https://social.technet.microsoft.com/Forums/exchange/en-US/a0bae54b-a995-42f9-a7aa-0b157206b6ed/old-temp-certificates-reappear-after-removing?forum=exchange2010

    About Event ID 24 MSExchange Web Services
    https://social.technet.microsoft.com/Forums/en-US/8cc77f85-f74d-4e1a-8f6e-6e272389a832/event-id-24-msexchange-web-services?forum=smallbusinessserver

    Can
    the expired certificate which is in special location be deleted by using boot script ?
    Certificate Provider
    https://docs.microsoft.com/en-us/powershell/module/microsoft.powershell.security/about/about_certificate_provider?view=powershell-6

    Remove Expired Certificate on exchange server
    https://social.technet.microsoft.com/Forums/lync/en-US/3f245367-9463-42c5-9847-9a9cdd0c561b/remove-expired-certificate?forum=exchangesvrsecuremessaging


    Remove Local Windows Certificate Store Expired Certificates
    https://gallery.technet.microsoft.com/Remove-Local-Windows-57098b6

    Please Note: Microsoft provides third-party contact information to help you find technical support. This contact information may change without notice. Microsoft does not guarantee the accuracy of this third-party contact information.




    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.



    Friday, November 23, 2018 3:45 AM
  • Hi Andy,

    Thanks for the reply. I looked at the link you sent. As this is SBS2011, I believe there is a CA role on the server. I don't use any third party certs at all, so I don't think this applies. I set this server up 6 years ago and had supported 4 other SBS2011 servers that never had this problem. I am thinking it may have had something to do with the way I manually renewed or recreated this certificate last year. I have no problem deleting this certificate with any of the available methods. I did notice that the existing certificate for Exchange that handles services SMTP, POP, IMAP and IIS is not self signed while all the others are. I would like to try renewing the one that keeps showing up (if it is self signed) the next time it re-appears after reboot.

    Regards,

    Gordon.

    Friday, November 23, 2018 6:29 PM
  • yes ,if your issue is from the self signed certificate ,Can this certificate be revoked and delete then create a new one ?

    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Monday, November 26, 2018 8:14 AM
  • Hi Andy,

    I don't see where to revoke the certificate - just remove from the Exchange console or delete from certmgr or IIS console, of which I have done several times. Isn't an expired certificate automatically revoked? Anyway this weekend I rebooted the server which brought back the expired certificate, renewed the expired certificate, which worked fine and the process of renewing also removed the expired cert. I then rebooted and the expired cert returned! As I think this has no ill effects on operation other then the error message, I will leave it until my client switches to a cloud mail provider.
    Thanks anyway.

    Monday, November 26, 2018 1:53 PM
  • Thanks for your feedback. Switching to a cloud mail provider is good idea.

    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.


    Friday, November 30, 2018 1:26 PM