locked
Change FQDN on send connector RRS feed

  • Question

  • I'd like to change the FQDN on my send connector to match the A record and the PTR.  I followed the procedure at http://exchange.si/archive/2008/10/27/pow-4-send-connector-external-fqdn-in-helo-ehlo-banner.aspx and it was very simple.  After the change, the headers in messages received outside the organization looked good.  There was one hostname in the Received: header. 

    I suspect that the method that I used was incorrect because after the change I get event id 12014 in the app log with a message about the certificate.  Changing the FQDN back resolved the event error, but then I get two host names in the Received: headers. 

    Is there a correct way to make this change so that the certificates are happy?

    Sunday, March 28, 2010 11:58 PM

Answers

  • Hi,

    If you want to change the FQDN of the send connector, then after that, you have to issue a new certificate to the new FQDN. Please try to   ensure that FQDN of your send/receive connector is also listed as a subject name or subject alternative name on your certificate, and after that you need to enable the certificate for SMTP service.
    New-ExchangeCertificate -subjectName "FQDN"
    How to Troubleshoot STARTTLS Certificate Error 12014
    Regards,
    Xiu
    • Marked as answer by Xiu Zhang Friday, April 9, 2010 9:32 AM
    Tuesday, March 30, 2010 8:36 AM

All replies

  • Hey Kerflumper,

    the certificate error you get is normal, since the send connector try's to find a certificate with a matching FQDN.

    Before changing the SMTP header on the sendconnecter, you will need to add an additional certificate with the correct FQDN. This can be done by using the cmdlet new-exchangecertificate in the exchange management shell.

    You can find more information about the new-exchangecertificate cmdlet on http://technet.microsoft.com/en-us/library/aa998327.aspx 

    The command you will need to use for a selfsigned certificate will be

    New-ExchangeCertificate  -SubjectName "c=countrycode, o=organizationname, cn=SERVER FQDN" 

    Kind Regards,

    John

    Monday, March 29, 2010 8:17 AM
  • Sounds like this is exactly what I need.  Before I make the change, I'd like some guidance with the command.  It seems that all of the parameters are optional.  If I use:

     

    New-ExchangeCertificate -SubjectName "cn=host.domain.com"

    Would that be sufficient?  Or do I need more?

    Monday, March 29, 2010 12:01 PM
  • Hi,

    If you want to change the FQDN of the send connector, then after that, you have to issue a new certificate to the new FQDN. Please try to   ensure that FQDN of your send/receive connector is also listed as a subject name or subject alternative name on your certificate, and after that you need to enable the certificate for SMTP service.
    New-ExchangeCertificate -subjectName "FQDN"
    How to Troubleshoot STARTTLS Certificate Error 12014
    Regards,
    Xiu
    • Marked as answer by Xiu Zhang Friday, April 9, 2010 9:32 AM
    Tuesday, March 30, 2010 8:36 AM
  • So I guess the direct answer to my second question is "yes, do that".
    Tuesday, March 30, 2010 12:45 PM