locked
Getting exchange 2007 certificate errors on exchange server RRS feed

  • Question

  • Hi,

    i m getting a lot of errors on exchange server 2007. Please give step by step direction.

     Microsoft Exchange could not find a certificate that contains the domain name XYZ.local in the personal store on the local computer. Therefore, it is unable to support the STARTTLS SMTP verb for the connector Default COMPUTERNAME with a FQDN parameter of COMPUTERNAME.XYZ.local. If the connector's FQDN is not specified, the computer's FQDN is used. Verify the connector configuration and the installed certificates to make sure that there is a certificate with a domain name for that FQDN. If this certificate exists, run Enable-ExchangeCertificate -Services SMTP to make sure that the Microsoft Exchange Transport service has access to the certificate

     

    Source: MSExchangeTransport

     

    Event id : 12014

     

    Saturday, May 29, 2010 6:31 PM

Answers

  • If there is no installed valid certficate, run new-exchangecertificate to create a new self-signed cert that will applied to the SMTP service.

    If a valid certificate exists, follow the advice in the error and enable-exchangecertificate for the SMTP service for that cert.

     

     

     

    Saturday, May 29, 2010 7:08 PM
  • On Sat, 29 May 2010 19:20:58 +0000, pawanmadan12345 wrote:
     
    >1 how we can see the certificate on exchange server 2007 and where
     
    Run "get-exchangecertificate" to see what Exchange is using. Otherwise
    you'd use the MMC snap-in for Certificates and look at the certificate
    store for the system account.
     
    >2 if i create a certificate , it doesnt impact on mailflow, mail communication, because i m on production server.
     
    It didn't say you have NO certificate, it said you had none for the
    name XYZ.local. If you've never installed a certificate on the server
    then go ahead and create one (or generate a certificate request and
    submit it to whatever Certificate Authority you prefer to create the
    certificate and then install that certificate).
    ---
    Rich Matheisen
    MCSE+I, Exchange MVP
     

    --- Rich Matheisen MCSE+I, Exchange MVP
    • Marked as answer by Gavin-Zhang Thursday, June 3, 2010 8:52 AM
    Saturday, May 29, 2010 8:28 PM
  • Run the following commands:

    New-ExchangeCertificate -PrivateKeyExportable $True -Services “SMTP” -SubjectName “cn=[*SEE NOTE]”

    *Note: this needs to be the exact name of the external domain you are going to use to access Outlook Anywhere.

    Enable-ExchangeCertificate -Thumbprint [THUMBPRINT FROM NEW CERT


    Jonas Andersson MCTS: Microsoft Exchange Server 2007/2010 | MCITP: EMA 2007/2010 | MCSE/MCSA Blog: http://www.testlabs.se/blog
    • Marked as answer by Gavin-Zhang Thursday, June 3, 2010 8:52 AM
    Sunday, May 30, 2010 7:00 PM

All replies

  • If there is no installed valid certficate, run new-exchangecertificate to create a new self-signed cert that will applied to the SMTP service.

    If a valid certificate exists, follow the advice in the error and enable-exchangecertificate for the SMTP service for that cert.

     

     

     

    Saturday, May 29, 2010 7:08 PM
  • Thanks for reply,

    1 how we can see the certificate on exchange server 2007 and where

    2 if i create a certificate , it doesnt impact on mailflow, mail communication, because i m on production server.

    Saturday, May 29, 2010 7:20 PM
  • On Sat, 29 May 2010 19:20:58 +0000, pawanmadan12345 wrote:
     
    >1 how we can see the certificate on exchange server 2007 and where
     
    Run "get-exchangecertificate" to see what Exchange is using. Otherwise
    you'd use the MMC snap-in for Certificates and look at the certificate
    store for the system account.
     
    >2 if i create a certificate , it doesnt impact on mailflow, mail communication, because i m on production server.
     
    It didn't say you have NO certificate, it said you had none for the
    name XYZ.local. If you've never installed a certificate on the server
    then go ahead and create one (or generate a certificate request and
    submit it to whatever Certificate Authority you prefer to create the
    certificate and then install that certificate).
    ---
    Rich Matheisen
    MCSE+I, Exchange MVP
     

    --- Rich Matheisen MCSE+I, Exchange MVP
    • Marked as answer by Gavin-Zhang Thursday, June 3, 2010 8:52 AM
    Saturday, May 29, 2010 8:28 PM
  • Run the following commands:

    New-ExchangeCertificate -PrivateKeyExportable $True -Services “SMTP” -SubjectName “cn=[*SEE NOTE]”

    *Note: this needs to be the exact name of the external domain you are going to use to access Outlook Anywhere.

    Enable-ExchangeCertificate -Thumbprint [THUMBPRINT FROM NEW CERT


    Jonas Andersson MCTS: Microsoft Exchange Server 2007/2010 | MCITP: EMA 2007/2010 | MCSE/MCSA Blog: http://www.testlabs.se/blog
    • Marked as answer by Gavin-Zhang Thursday, June 3, 2010 8:52 AM
    Sunday, May 30, 2010 7:00 PM
  • Hi

    Other information for you.
    http://technet.microsoft.com/en-us/library/aa998840(EXCHG.80).aspx

    Regards!
    gavin
    Thursday, June 3, 2010 8:52 AM