locked
Event ID 12014 RRS feed

  • Question

  • Here is my current (inherited) setup.  Server A is on a virtual server running Windows Server 2003 R2 Enterprise x64 SP2.  It is a domain controller acting as the  Certificate Authority and Exchange 2007 SP1 installed.  The Exchange roles installed are:  Hub Transport, Client Access, Mailbox, and Unified Messaging.  Server B is also on a virtual server running Windows Server 2003 R2 Enterprise x64 SP2.  It has Exchange 2007 SP1 installed with roles Hub Transport and Client Access.  It also serves as our owa server.  Both servers have Forefront installed and the network is not set up with a DMZ and both servers are NAT'd to the outside. 

    Event ID 12014 is showing up on a continuous basis on Server B .  When I run "Get-ExchangeCertificate | List" on Server B , I show three certificates all marked with "Valid" status.  Two are self-signed by Server B and one is issued by Server A .  All three certificates have SMTP listed under "Services" with the CA issued certificate also having IMAP, POP, and IIS.  The CertificateDomains for the self-signed are "webmail.company.com" and "webmail" respectively.  The one issued by the CA is CertificateDomains {serverb.company.com}.  The error message showing up on Server B is: 

    Microsoft Exchange couldn't find a certificate that contains the domain name servera.company.com in the personal store on the local computer. Therefore, it is unable to support the STARTTLS SMTP verb for the connector Internet Mail SMTP Connector (Server A) with a FQDN parameter of servera.company.com. If the connector's FQDN is not specified, the computer's FQDN is used. Verify the connector configuration and the installed certificates to make sure that there is a certificate with a domain name for that FQDN. If this certificate exists, run Enable-ExchangeCertificate -Services SMTP to make sure that the Microsoft Exchange Transport service has access to the certificate key.

    On the CA there are issued certificates for Server A using template (DomainController).

    I have run the command shown in http://support.microsoft.com/default.aspx?scid=kb;en-us;555855 to no avail.  I have checked here:   http://social.technet.microsoft.com/forums/en-US/exchangesvrsecuremessaging/thread/d5475b46-c5b9-4b7d-88a4-749998397f4f/http://social.technet.microsoft.com/Forums/en-US/exchangesvrgeneral/thread/de6c2829-dba6-4b9c-bdee-1140cd41cd56 , http://social.technet.microsoft.com/Forums/en-US/exchangesvrsecuremessaging/thread/4355c7f3-9349-4c55-bc4a-8dab83edc241 .

    Any ideas what might be going on and how to fix it?  Is this a certificate problem or a connector configuration problem?

    Thanks!

    DMH

     

    Tuesday, March 9, 2010 11:42 PM

Answers

  • Check your send connector:

    Get-SendConnector | fl fqdn

    If the send connector fqdn is not on the certificate then that is the reason for the error.
    Wednesday, March 10, 2010 1:49 AM