Event Id 12014 Occurs in Event viewer
Hi i am running Exchange server 2007 on SBS 2008 and i am getting Event Id 12014 errors in my event viewer, i know the reason for that its because of the expiration of the certificate but i dont know exactly what certificate was expired on my server because i have around 5certificates on my server and none of them are expired actually.
So i thought of creating a new certificate but i dont know how to create a new certificate i mean what are the details i need to create a new certificate also i dont know wheather there was a certificate availabel for the the FQDN shown in the event log.How can i find if there are any certificates related to the FQDN in the event log.
Plzzz help me out,
Thanks,
TRI
February 23rd, 2010 7:48pm
Is this the error you are seeing?http://technet.microsoft.com/en-us/library/bb510128(EXCHG.80).aspxHow to Troubleshoot STARTTLS Certificate Error 12014
Free Windows Admin Tool Kit Click here and download it now
February 23rd, 2010 10:25pm
Hey Andy,
According to the article it says that i should verify if the FQDN in the warning msg is listed in the certificate domains of the certificate list,IF it is not listed its asking me to create a new certificate,
So to create a certificate i donno how the existing certificates were created,Is there a way to find out how the existing certificates are created i mean are they created using 3rd party or are they Self created.IF they are 3rd party i can go ahead and create from the SBS console or else if they are Self created i donno how to create them selfly.
Can anyone help me to find out how the existing certificates were created plzzzzz,
Thanks,
TRI
February 23rd, 2010 10:51pm
get-exchangecertificate | fl will list all the details of each certificate.You may want to pipe it to a text file for easier reading.get-exchangecertificate | fl > text.txtOr: Get-ExchangeCertificate | fl thumbprint,isselfsigned,Issuer,RootCAType,subjectisselfsigned,Issuer,RootCAType will tell you who issued the cert and if its 3rd party or sef-signedStatus will tell you if its still valid, etc...
Free Windows Admin Tool Kit Click here and download it now
February 23rd, 2010 11:02pm
Hey Andy,
here are the details i have 5 certificates and among them 4 are not self issued and only 1 is self issued ,
But the issuer name for all of them is showing as domain-server-CA where domain in my domain name and also the ROOTCAType for all of them is showing as Registry and the subject name for them is as follows: System.Security.Cryptography.x509certificates.distinguished name.
Now my doubt is as the value of selfissued showing false i can think that the certificates are third party certificates but the issuername for everyone of them is showing same domain-server-CA ,
SO how do u suggest me to proceed forward in creating a new certificate
Plzz help me out,
Thanks,
TRI
February 24th, 2010 1:41am
You can create a new exchange certificate request with new-exchangecertificate:http://technet.microsoft.com/en-us/library/aa998327(EXCHG.80).aspxSee the examples in that doc.New-ExchangeCertificate -GenerateRequest -Path c:\certificates\request.req -SubjectName "c=ES, o=Diversión de Bicicleta, cn=mail1. DiversiondeBicicleta.com" -DomainName woodgrove.com, example.com -PrivateKeyExportable $trueThen submit to the CA, process the retuned cert with import-exchangecertificate and apply with enable-exchangecertificateMore info:http://technet.microsoft.com/en-us/library/bb124424(EXCHG.80).aspxhttp://technet.microsoft.com/en-us/library/aa997231(EXCHG.80).aspxhttp://www.entrust.net/knowledge-base/technote.cfm?tn=7031http://msexchangeteam.com/archive/2007/07/02/445698.aspxhttp://msexchangeteam.com/archive/2007/02/19/435472.aspx
Free Windows Admin Tool Kit Click here and download it now
February 24th, 2010 1:48am