Microsoft Exchange could not find a certificate that contains the domain name exchcasserver-2.domain.local in the personal store on the local computer. Therefore, it is unable to support the STARTTLS SMTP verb for the connector Default EXCHCASSERVER-2 with a FQDN parameter of exchcasserver-2.domain.local. If the connector's FQDN is not specified, the computer's FQDN is used. Verify the connector configuration and the installed certificates to make sure that there is a certificate with a domain name for that FQDN. If this certificate exists, run Enable-ExchangeCertificate -Services SMTP to make sure that the Microsoft Exchange Transport service has access to the certificate key.

Hi,

The report is about the internal certificate which is presented or not presented in the certificate store.

What happened was, you have some connector which is set with the name exchcasserver-2.domain.local. So, you need to have the certificate with this SAN name within Exchange and certificate personal store. The approach is as follows:

1. If you can find a certificate there in Exchange (get-exchangecertificate), with the name included as exchcasserver-2.domain.local, assign 'SMTP' service to the certificate.

2. If you can't find such a certificate, create a self signed certificate within the server and it should have the same name. Assign, 'SMTP' service. Done !

3. If the certificate is expired, renew it and make sure that 'SMTP' service is assigned

4. In any reason, if you don't have an option to have a certificate with the name, remove the name from the connector

Dear ManU,

thank u for the quick clarification. But i already have a third party certificate and will expire at 2019. and my certificate already include the proper name mail.xxx.com 

but the exchcasserver-2.domain.local already presented as the PS Computer Name nothing else

Hi,

Why don't you create a self signed certificate and assign SMTP service to it?