MSExchangeTransport Event ID: 12014
· We have been receiving the following error in event viewer. We are on Exchange 2007 sp2, Server 2008, we have tried all fixes listed, like Enable-exchangecerificate. Any ideas?"Microsoft Exchange could not find a certificate that contains the domain name mail.hagley.org in the personal store on the local computer. Therefore, it is unable to support the STARTTLS SMTP verb for the connector To Internet with a FQDN parameter of mail.hagley.org. If the connector's FQDN is not specified, the computer's FQDN is used. Verify the connector configuration and the installed certificates to make sure that there is a certificate with a domain name for that FQDN. If this certificate exists, run Enable-ExchangeCertificate -Services SMTP to make sure that the Microsoft Exchange Transport service has access to the certificate key."
February 4th, 2010 4:21am

My guess is that it is one of the following.. send connector is set to use a fqdn other than what is on the certificate certificate is expired Can you paste the output of the these commands? Get-ExchangeCertificate | fl * Get-SendConnector | fl name, fqdn
Free Windows Admin Tool Kit Click here and download it now
February 4th, 2010 7:07am

Hi,The event 12014 indicates there is a problem loading a certificate to be used for STARTTLS purposes. Generally, this problem occurs if one or more of the following conditions is present: 1. A public FQDN has been defined on an E2k7 Hub or Edge server's receive connector or send connector and there is no certificate installed with a matching public FQDN defined in the certificate domains field. 2. A 3rd party or custom certificate has been installed on the server and it contains a matching public FQDN but the certificate is not enabled for the SMTP service. 3. A certificate from an untrusted authority has been installed. In order to troubleshoot the issue, we need run the following cmdlet and check the result. Get-ExchangeCertificate | fl * Get-ReceiveConnector | fl name, fqdn, objectClass Get-SendConnector | fl name, fqdn, objectClass NOTE: For the Get-ExchangeCertificate command, it is essential to use the asterisk (*) in the parameters in order to see the Services value on the certificates. The Services will not display if the * is not specified in the task parameters. Related article for your reference: Microsoft Exchange could not load the STARTTLS certificate from the local store because it did not match the FQDN from the connector configuration http://technet.microsoft.com/en-us/library/bb217330.aspx Selection of Inbound STARTTLS Certificates http://technet.microsoft.com/en-us/library/bb430748.aspxHope this helps. Thanks,Elvis
February 9th, 2010 11:01am

Hey, I'm having the same problem as you, I can across this fix but I haven't try it yet because I do not have Microsoft CA Server in my network yet. http://blogs.microsoft.co.il/blogs/roneng/archive/2008/03/20/create-certificate-for-exchange-2007-servers-using-windows-ca.aspx
Free Windows Admin Tool Kit Click here and download it now
February 12th, 2010 9:45pm

HiThe issue is with the DNS record for internal and external, the link below will go into more detail. http://www.tek-tips.com/faqs.cfm?fid=6595I think this should help you fix your problem, I'm also having the same issues.i haven't try this fix yet because i don't have Microsoft CA Server in my network at the moment. http://blogs.microsoft.co.il/blogs/roneng/archive/2008/03/20/create-certificate-for-exchange-2007-servers-using-windows-ca.aspx
February 12th, 2010 9:50pm

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics