Error 12014
I keep getting these errors on my exchange 2k7 server for both our receive connector, and send connector. I followed the directions according to KB555855, and I am still getting these errors. I am using anExtended ValidationVerisign certificiate if it matters. Any thougts on why it would still not find the certificate? Thanks. Event Type:ErrorEvent Source:MSExchangeTransportEvent Category:TransportService Event ID:12014Date:3/5/2008Time:1:10:36 PMUser:N/AComputer:SERVERNAMEDescription:Microsoft Exchange couldn't find a certificate that contains the domain name mail.mydomain.com in the personal store on the local computer. Therefore, it is unable to support the STARTTLS SMTP verb for the connector Default SERVERNAME with a FQDN parameter of mail.mydomain.com. If the connector's FQDN is not specified, the computer's FQDN is used. Verify the connector configuration and the installed certificates to make sure that there is a certificate with a domain name for that FQDN. If this certificate exists, run Enable-ExchangeCertificate -Services SMTP to make sure that the Microsoft Exchange Transport service has access to the certificate key. For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
March 6th, 2008 12:22am

/bump
Free Windows Admin Tool Kit Click here and download it now
March 18th, 2008 8:16pm

Have tried multiple times now following the kb artical, and its still not working. Are there any known problems with this when using a verisign EV certificate? Anything? Normally the steps in a KB artical fix any problem the KB describes.
March 20th, 2008 2:41am

I'm not using a Verisign EV certificate, have tried to follow the KB article and still receive the message. Has anyone been able to resolve this?
Free Windows Admin Tool Kit Click here and download it now
August 28th, 2008 12:48am

Hello Folks, Which KB article are we following? Did we ran get-Exchangecertificate command and check if any of the certificate has expired? Also, do we have SAN on the Exchange 2007 certificate we are talking about? Thanks..Deb
August 28th, 2008 2:35pm

Are you using a wildcard certificate ?
Free Windows Admin Tool Kit Click here and download it now
August 28th, 2008 6:05pm

Nope. Not using a wildcard cert here. The cert works fine for https.
August 28th, 2008 6:48pm

Here is the kb artical. http://support.microsoft.com/kb/555855 Had to look up what SAN is, but no our cert does not have a SAN.
Free Windows Admin Tool Kit Click here and download it now
August 28th, 2008 6:53pm

I reviewed the KB article and in doing so determined that the certificate had exprired. I executed get-ExchangeCertificate | fl * to determine the thumbprint and then exectuted get-ExhcangeCertificate -thumbprint <thumbprint> | new-exchangecertificate and received the following New-ExchangeCertificate : Access is denied.At line:1 char:103+ Get-ExchangeCertificate -thumbprint "4FDBE52741B4D49167710140305AA90C7E00DF06" |new-exchangecertificate <<<<[PS] F:\> I am a member of the Domain Admins, Enterprise Admin, Exchange Organizational Administrators, and the Exchange Recipient Administrators. I have also checked the security for C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA folder. Any suggestions what I should do next? Thanks. Jim
September 3rd, 2008 8:39am

I am still having problems getting this to work. Anyone else figure it out yet?I thought the issue might be related to our Verisign EV SSL Cert having a chaining problem. That turned out to be a problemdue toMS installing a Verisign Root CA on the server so the Intermediate CA was being bypassed. When I got that resolved I almost expected this issue to go away, but it has not. Microsoft Exchange couldn't find a certificate that contains the domain name mail.mydomain.com in the personal store on the local computer. Therefore, it is unable to support the STARTTLS SMTP verb for the connector Default MYMAILSERVER with a FQDN parameter of mail.mydomain.com. If the connector's FQDN is not specified, the computer's FQDN is used. Verify the connector configuration and the installed certificates to make sure that there is a certificate with a domain name for that FQDN. If this certificate exists, run Enable-ExchangeCertificate -Services SMTP to make sure that the Microsoft Exchange Transport service has access to the certificate key.My cert definatly exists in the cert store as mail.mydomain.com and the cert works fine in IIS.Get-ExchangeCertificate shows the certTumbprint...not going to show it because I dont know if its a security issue so ha...Services.P.WSSubject CN=mail.mydomain.com, OU=T...Running Enable-ExchangeCertificate -Services SMTP<thumbprint for mail.mydomain.com listed in Get-ExchangeCertificate> does not fix the problem.
Free Windows Admin Tool Kit Click here and download it now
February 11th, 2009 9:57pm

I found some more info. It looks like Exchange does not see the cert as a valid certificate. What is causing it to be invalid though.Get-ExchangeCertificate | FL * AccessRules : {System.Security.AccessControl.CryptoKeyAccessRule, Syst em.Security.AccessControl.CryptoKeyAccessRule, System.Se curity.AccessControl.CryptoKeyAccessRule}CertificateDomains : {mail.mydomain.com}CertificateRequest :IisServices : {IIS://MYMAILSERVER/W3SVC/1}IsSelfSigned : FalseKeyIdentifier : YAHNORootCAType : UnknownServices : POP, IIS, SMTPStatus : InvalidPrivateKeyExportable : TrueArchived : FalseExtensions : {System.Security.Cryptography.Oid, System.Security.Crypt ography.Oid, System.Security.Cryptography.Oid, System.Se curity.Cryptography.Oid, System.Security.Cryptography.Oi d, System.Security.Cryptography.Oid, System.Security.Cry ptography.Oid, System.Security.Cryptography.Oid}FriendlyName : mail.mydomain.comIssuerName : System.Security.Cryptography.X509Certificates.X500Distin guishedNameNotAfter : 1/24/2011 3:59:59 PMNotBefore : 1/15/2009 4:00:00 PMHasPrivateKey : TruePrivateKey : System.Security.Cryptography.RSACryptoServiceProviderPublicKey : System.Security.Cryptography.X509Certificates.PublicKeyRawData : SOME DATA WAS HERESerialNumber : MORE STUFF WAS HERESubjectName : System.Security.Cryptography.X509Certificates.X500Distin guishedNameSignatureAlgorithm : System.Security.Cryptography.OidThumbprint : YEP MORE WAS HERE TOOVersion : 3Handle : YAH HERE TOOIssuer : CN=VeriSign Class 3 Extended Validation SSL SGC CA, OU=T erms of use at https://www.verisign.com/rpa (c)06, OU=Ve riSign Trust Network, O="VeriSign, Inc.", C=USSubject : YES AND EVEN HERE
February 11th, 2009 10:19pm

I finally got this working correctly! Turns out that there were several of the Intermediate Certificates missing so my cert was showing upwithaStatus"Invalid". I re-imported my Cert, and it created the correct Intermediate certificates, and all is well.
Free Windows Admin Tool Kit Click here and download it now
July 8th, 2009 1:15am

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics