none
Exchange 2013 Error 12023 RRS feed

  • Question

  • Hello - 

    I have an Exchange 2013 server that is kicking up Transport Delivery Errors.  Seen below:

    Microsoft Exchange could not load the certificate with thumbprint of F306F39ED2B90C76FD2B3356FE30547F4D90161F from the personal store on the local computer. This certificate was configured for authentication with other Exchange servers. Mail flow to other Exchange servers could be affected by this error. If the certificate with this thumbprint still exists in the personal store, run Enable-ExchangeCertificate F306F39ED2B90C76FD2B3356FE30547F4D90161F -Services SMTP to resolve the issue. If the certificate does not exist in the personal store, restore it from backup by using the Import-ExchangeCertificate cmdlet, or create a new certificate for the FQDN or the server enabled for SMTP by running the following command: New-ExchangeCertificate -DomainName serverfqdn -Services SMTP. Meanwhile, the certificate with thumbprint 4C03F3712D218B005561A7AEA703C3985A80FBB4 is being used.

    The old cert has vanished.  I don't know what it was but it doesn't exist in the personal store, or in Exchange.  I created the new cert seen at the bottom and it appears to be using it but the errors persist.  Removing the cert from Exchange doesn't work since it doesn't exist and assigning it to -Service None doesn't work either, also since it doesn't exist.  

    When I run Get-ExchangeCertificate I see my new cert and can see that it is assigned to SMTP, however, when I try to re-enable it by assigning it to -Services None, then back to -Services SMTP I get the following error when attempting to set it back to SMTP:

    The error message is: Unknown error (0xe0434352)

    I wouldn't worry too much about the errors but this morning the Mailbox Transport Delivery Service was stopped and users were not receiving mail.  Anyone know how to remove the non-existent cert and stop the errors?

    Thanks

    Friday, June 21, 2019 2:33 AM

All replies

  • Please tell us exactly and completely the command you are issuing.  If you are doing it from the EAC, please try using PowerShell.

    Do you find the certificate in question in the computer's personal store when you use the Certificates snap-in?


    Ed Crowley MVP "There are seldom good technological solutions to behavioral problems."
    Celebrating 20 years of providing Exchange peer support!

    Saturday, June 22, 2019 3:55 AM
    Moderator
  • It looks Exchange is trying to use a certificate that's not existing any more. Have you checked users' clients for the certificate using the Microsoft Management Console (MMC) in the computer's personal certificate store? Remove it from users' computer if you find it.

    A similar issue was logged in the following article, you may have a look at it and try the method suggested:

    Exchange couldn't find a certificate in the personal store on the local computer

    (Although the article is for Exchange 2010, it also applies to Exchange 2013)

    Regards,
    Steve Fan


    Please remember to mark the replies as answers if they helped. If you have feedback for TechNet Subscriber Support, contact tnsf@microsoft.com.


    Click here to learn more. Visit the dedicated forum to share, explore and talk to experts about Microsoft Teams.

    Monday, June 24, 2019 8:10 AM
    Moderator
  • Thanks for the reply.  I am running these commands through the shell.  

    Basically any command regarding certificates returns the Unknown Error, a couple of examples:

    enable-exchangecertificate -thumbprint 9392EB234EE6B04C6F4AFED54D32A70A944A7778 -services smtp

    new-exchangecertificate -domain myserversFQDN -services SMTP

    Interestingly, when I run that first command with -services none, it appears to work, but I run get-exchangecertificate and SMTP is still assigned to it.  

    Also, although new-exchangecertificate gives me the Unknown Error, it does in fact create two new certificates.  


    Wednesday, June 26, 2019 8:09 PM
  • I checked Users store for all users that have ever administered this Exchange Box and came up empty.  

    That article does seem similar, but creating a new certificate errors out...although it creates 2 new certificates.  It does seem to use the correct and new certificates but it still throws constant errors looking for the old one.  

    Wednesday, June 26, 2019 8:14 PM
  • Have you checked the certificate bindings in IIS? Check both Default Web Site and Exchange Back End on https:

    Regards,
    Steve Fan


    Please remember to mark the replies as answers if they helped. If you have feedback for TechNet Subscriber Support, contact tnsf@microsoft.com.


    Click here to learn more. Visit the dedicated forum to share, explore and talk to experts about Microsoft Teams.

    Monday, July 1, 2019 8:29 AM
    Moderator
  • Just wanted to say hi and check if there is anything that we can do for you on this problem. If so, please do not hesitate to let us know and we will be happy to help.

    Best regards,
    Steve Fan 


    Please remember to mark the replies as answers if they helped. If you have feedback for TechNet Subscriber Support, contact tnsf@microsoft.com.


    Click here to learn more. Visit the dedicated forum to share, explore and talk to experts about Microsoft Teams.

    Wednesday, July 3, 2019 2:29 AM
    Moderator