I get the following error in myWindows 2003 Server 64 bitApplication event viewer logs. This is our Exchange 2007 server: Source- MSExchangeTransport Category- SmtpReceive Event ID: 1037 Description: Inbound direct trust certificate with thumbprint E610AA2B1BA8AE299F85903CE776CA8AD3A0CF84 has expired. Run New-ExchangeCertificate to generate a new direct trust certificate.When I run Get-Exchange Certificates on Exchange this is what I get below. The thumbprint mentioned in the error is valid according to the output below. Not sure what all the other certificates are for. Any help will be appeciated. Thanks. [PS] C:\Documents and Settings\burnettj>Get-ExchangeCertificate | fl AccessRules : {System.Security.AccessControl.CryptoKeyAccessRule, System .Security.AccessControl.CryptoKeyAccessRule, System.Securi ty.AccessControl.CryptoKeyAccessRule}CertificateDomains : {Exchange Server, Mail.domain.com}HasPrivateKey : TrueIsSelfSigned : TrueIssuer : CN=Exchange ServerNotAfter : 8/19/2010 2:09:53 PMNotBefore : 8/19/2009 2:09:53 PMPublicKeySize : 2048SerialNumber : 27C3D7BDB0AB64BA4C2965CDE4FA99B0Status : ValidSubject : CN=Exchange ServerThumbprint : 5189D73C84C9EDC75B46E9F73EC4C3FCCBF22D9E AccessRules : {System.Security.AccessControl.CryptoKeyAccessRule, System .Security.AccessControl.CryptoKeyAccessRule, System.Securi ty.AccessControl.CryptoKeyAccessRule}CertificateDomains : {Exchange Server.domain.com}HasPrivateKey : TrueIsSelfSigned : TrueIssuer : C=US, S=VA, L=Vienna, O=Domain, OU=Exchange Server, CN=Exchange Server.domain.co mNotAfter : 8/19/2010 2:01:20 PMNotBefore : 8/19/2009 2:01:20 PMPublicKeySize : 1024SerialNumber : 687A1686F6381BA34C47226756DEE651Status : ValidSubject : C=US, S=VA, L=Vienna, O=Domain, OU=Exchange Server, CN=Exchange Server.domain.com Thumbprint : E6D31707794560388768F6D3CF14EF1C02856B82 AccessRules : {System.Security.AccessControl.CryptoKeyAccessRule, System .Security.AccessControl.CryptoKeyAccessRule, System.Securi ty.AccessControl.CryptoKeyAccessRule}CertificateDomains : {Exchange Server.domain.com}HasPrivateKey : TrueIsSelfSigned : TrueIssuer : C=US, S=VA, L=Vienna, O=Domain, OU=Exchange Server, CN=Exchange Server.domain.com NotAfter : 8/19/2010 1:47:18 PMNotBefore : 8/19/2009 1:47:18 PMPublicKeySize : 1024SerialNumber : 8050888885E2809A4362F726A51061DFStatus : ValidSubject : C=US, S=VA, L=Vienna, O=Domain, OU=Exchange Server, CN=Exchange Server.domain.com Thumbprint : 7DF93246DA7329CD363A2CF2B440ACB55A0CA68B AccessRules : {System.Security.AccessControl.CryptoKeyAccessRule, System .Security.AccessControl.CryptoKeyAccessRule, System.Securi ty.AccessControl.CryptoKeyAccessRule}CertificateDomains : {Exchange Server.domain.com}HasPrivateKey : TrueIsSelfSigned : TrueIssuer : C=US, S=VA, L=Vienna, O=MSPX, OU=Exchange Server, CN=Exchange Server.domain.com NotAfter : 8/19/2010 1:47:17 PMNotBefore : 8/19/2009 1:47:17 PMPublicKeySize : 1024SerialNumber : 1CC0B6615E7F2C8D4596BB60BA6D00F3Status : ValidSubject : C=US, S=VA, L=Vienna, O=Domain, OU=Exchange Server, CN=Exchange Server.domain.comThumbprint : F4CA1A31E07A0D9A62DD1163B1216EB8ED89A05D AccessRules : {System.Security.AccessControl.CryptoKeyAccessRule, System .Security.AccessControl.CryptoKeyAccessRule, System.Securi ty.AccessControl.CryptoKeyAccessRule}CertificateDomains : {Exchange Server, Exchange Server, Mail.domain.com}HasPrivateKey : TrueIsSelfSigned : TrueIssuer : CN=Exchange ServerNotAfter : 8/19/2010 11:27:18 AMNotBefore : 8/19/2009 11:27:18 AMPublicKeySize : 2048SerialNumber : A9C11F89C1F9169F41AAD12E54D3F3B5Status : ValidSubject : CN=Exchange ServerThumbprint : 4306CC0D8F24C19CC0EE6ACC3B0A4E763B8A9C96 AccessRules : {System.Security.AccessControl.CryptoKeyAccessRule, System .Security.AccessControl.CryptoKeyAccessRule, System.Securi ty.AccessControl.CryptoKeyAccessRule}CertificateDomains : {Exchange Server, Exchange Server.domain.com}HasPrivateKey : TrueIsSelfSigned : TrueIssuer : CN=Exchange ServerNotAfter : 8/19/2010 11:27:10 AMNotBefore : 8/19/2009 11:27:10 AMPublicKeySize : 2048SerialNumber : 099B878467EB938C492677B5D0C8FD78Status : ValidSubject : CN=Exchange ServerThumbprint : 08052A510B51F50343B21BDF76230A318F42A531 AccessRules : {System.Security.AccessControl.CryptoKeyAccessRule, System .Security.AccessControl.CryptoKeyAccessRule, System.Securi ty.AccessControl.CryptoKeyAccessRule}CertificateDomains : {Exchange Server, Exchange Server.domain.com}HasPrivateKey : TrueIsSelfSigned : TrueIssuer : CN=Email ServerNotAfter : 8/19/2010 10:19:50 AMNotBefore : 8/19/2009 10:19:50 AMPublicKeySize : 2048SerialNumber : A3CC0438F8B9C0A248E0A30B9F0F1027Status : ValidSubject : CN=Exchange ServerThumbprint : 1C266BA9D8C8666F7269930C7FFD6B78F50AA063 AccessRules : {System.Security.AccessControl.CryptoKeyAccessRule, System .Security.AccessControl.CryptoKeyAccessRule, System.Securi ty.AccessControl.CryptoKeyAccessRule}CertificateDomains : {Exchange Server, Exchange Server.domain.com}HasPrivateKey : TrueIsSelfSigned : TrueIssuer : CN=Exchange ServerNotAfter : 8/19/2010 10:19:33 AMNotBefore : 8/19/2009 10:19:33 AMPublicKeySize : 2048SerialNumber : A2682BE8101BE9AB43DF48E379B7F6C7Status : ValidSubject : CN=Email ServerThumbprint : F14DB5C48DEFDC695B434165424AB292D5EA012F AccessRules : {System.Security.AccessControl.CryptoKeyAccessRule, System .Security.AccessControl.CryptoKeyAccessRule, System.Securi ty.AccessControl.CryptoKeyAccessRule}CertificateDomains : {Exchange Server, Exchange Server.domain.com}HasPrivateKey : TrueIsSelfSigned : TrueIssuer : CN=Exchange ServerNotAfter : 8/19/2010 10:02:47 AMNotBefore : 8/19/2009 10:02:47 AMPublicKeySize : 2048SerialNumber : C1E5D53F1097958E4AF95AFAD99BA506Status : ValidSubject : CN=Exchange ServerThumbprint : E610AA2B1BA8AE299F85903CE776CA8AD3A0CF84 AccessRules : {System.Security.AccessControl.CryptoKeyAccessRule, System .Security.AccessControl.CryptoKeyAccessRule, System.Securi ty.AccessControl.CryptoKeyAccessRule}CertificateDomains : {Exchange Server.domain.com}HasPrivateKey : TrueIsSelfSigned : FalseIssuer : CN=Domain Controller 2, DC=Domain, DC=comNotAfter : 8/14/2011 1:33:51 PMNotBefore : 8/14/2009 1:33:51 PMPublicKeySize : 1024SerialNumber : 12C78A3C000000000014Status : ValidSubject : CN=Exchange Server.domain.com, OU=Exchange Server, O=Domain, L=Vienna, S=VA, C=U SThumbprint : 748F958DA290DC5A940086F8B6357E4184E3162F AccessRules : {System.Security.AccessControl.CryptoKeyAccessRule, System .Security.AccessControl.CryptoKeyAccessRule, System.Securi ty.AccessControl.CryptoKeyAccessRule}CertificateDomains : {Exchange Server, Exchange Server.domain.com}HasPrivateKey : TrueIsSelfSigned : TrueIssuer : CN=Exchange ServerNotAfter : 10/25/2008 3:07:04 PMNotBefore : 10/25/2007 3:07:04 PMPublicKeySize : 2048SerialNumber : 89EF30DC337BC08A4DC2F93318A8F704Status : InvalidSubject : CN=Exchange ServerThumbprint : 5C7893E47E1226406BEC68661A33C44BA8BF7B3C AccessRules : {System.Security.AccessControl.CryptoKeyAccessRule, System .Security.AccessControl.CryptoKeyAccessRule, System.Securi ty.AccessControl.CryptoKeyAccessRule}CertificateDomains : {Exchange Server, Exchange Server.domain.com}HasPrivateKey : TrueIsSelfSigned : TrueIssuer : CN=Exchange ServerNotAfter : 7/6/2008 11:06:56 AMNotBefore : 7/6/2007 11:06:56 AMPublicKeySize : 2048SerialNumber : 6C3CF24EFB85E69941B906DCC6C87FF8Status : InvalidSubject : CN=Exchange ServerThumbprint : C4070060C2BDD980636981AC63090AA92493C7C1

hi,To resolve the problem make sure that the Network Service account has Read permissions on the key (look for the thumbprint) in the following directory: C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys, where C:\ is the root in which Exchange 2007 was installed. You need to set this permission on the individual file, not on the folder.Please go through the Article How to Troubleshoot Direct Trust Certificate Errors 1037 and 2019 it will help you to resolve the problem. http://technet.microsoft.com/en-us/library/bb510126.aspxRegards,Ajaj

Is this a self signed cert? There's been other issues with these expiring before the default 12 months. You can try get-exchangecertificate -thumbprint thumprintguidhere | new-exchangecertificate More information on self signed certs in Exchange 2007 here: http://technet.microsoft.com/en-us/library/bb851554.aspx Vinod |CCNA|MCSE 2003 +Messaging|MCTS|ITIL V3|

Hello, Please read the article provided by Ajaj. If the issue persists, I suggest you recreate the certificate by running Remove-ExchangeCertificate and new-ExchangeCertificate. http://technet.microsoft.com/en-us/library/aa997569.aspx http://technet.microsoft.com/en-us/library/aa998327.aspx Thanks, Elvis