When i open outlook i am getting the error message " The Security certificate has Expired or is not yet valid" (For the hub and cas server ) Heres the log details (application log in Exchange CAS AND HUB server) event id : 12014 Description : Microsoft Exchange could not find a certificate that contains the domain name CA01.test.local in the personal store on the local computer. Therefore, it is unable to support the STARTTLS SMTP verb for the connector Default Receive CA01.test.local with a FQDN parameter of CA01.test.local. If the connector's FQDN is not specified, the computer's FQDN is used. Verify the connector configuration and the installed certificates to make sure that there is a certificate with a domain name for that FQDN. If this certificate exists, run Enable-ExchangeCertificate -Services SMTP to make sure that the Microsoft Exchange Transport service has access to the certificate key. And i run Get-ExchangeCertificate | FL there are 3 certificates but none of them are expired .At the same time i could see 5 certificates in the registry (HKLM>Software>Microsoft>SystemCertificates>My>Certificates.) is there a way to check the certificate validity by Thumbprint ? Please help

On Tue, 7 Jun 2011 15:14:59 +0000, supportsib wrote: >When i open outlook i am getting the error message " The Security certificate has Expired or is not yet valid" (For the hub and cas server ) When you use OWA do you get a certificate warning? If so, look at the certificate details and see which one is being used. It's probably the same one used for Outlook Anywhere. > >Heres the log details (application log in Exchange CAS AND HUB server) > >event id : 12014 > >Description : Microsoft Exchange could not find a certificate that contains the domain name CA01.test.local in the personal store on the local computer. Therefore, it is unable to support the STARTTLS SMTP verb for the connector Default Receive CA01.test.local with a FQDN parameter of CA01.test.local. If the connector's FQDN is not specified, the computer's FQDN is used. Verify the connector configuration and the installed certificates to make sure that there is a certificate with a domain name for that FQDN. If this certificate exists, run Enable-ExchangeCertificate -Services SMTP to make sure that the Microsoft Exchange Transport service has access to the certificate key. That's not telling you about an expired certificate, it's telling you that there's no certificate in the machine name's certificate store that has a CN or SAN that matches "ca01.test.local" >And i run Get-ExchangeCertificate | FL > > there are 3 certificates but none of them are expired . Start with the problem identified in the event 12014. Which of the certificates is enabled for SMTP? If they don't have the name ca01.test.local in them then get a certificate to match the way your machine's configured, load it into the local server's certificate store and use enable-exchangecertificate to start using it. At the same time i could see 5 certificates in the registry (HKLM>Software>Microsoft>SystemCertificates>My>Certificates.) > >is there a way to check the certificate validity by Thumbprint ? The "fl" output for each certificate would tell you if the certificate's valid. --- Rich Matheisen MCSE+I, Exchange MVP --- Rich Matheisen MCSE+I, Exchange MVP

Hi rich thanks for your reply Get-ExchangeCertificate | FL when i run EMC , i could find only 3 certificate with expired date and all but in the registry there are more thumbrints (5 No's ), But it wont give any details When you use OWA do you get a certificate warning? No owa users are not getting any security warning , only outlook users

On Wed, 8 Jun 2011 16:14:43 +0000, supportsib wrote: > Get-ExchangeCertificate | FL when i run EMC , i could find only 3 certificate with expired date and all Well, use the certificates snapin in the MMC and remove the expired certificates from the local machine account's cerrtificate store. Keeping them jut confises things. >but in the registry there are more thumbrints (5 No's ), But it wont give any details Why are you using regedit wnen there's a perfrectly good MMC snap-in that's alot easier to use and abstracts all the ugly stuff? >>When you use OWA do you get a certificate warning? >No owa users are not getting any security warning , only outlook users How many places in IIS do yu have certificates installed? Use the IIS manager snap-in and see what certificates are installed on which virtual directories. It sounds like you have more than one. --- Rich Matheisen MCSE+I, Exchange MVP --- Rich Matheisen MCSE+I, Exchange MVP

Hello, Open MMC on the CAS server and add the certificate snap-in. Find the expired certificate and remove it. Thanks, Simon

i think i mislead you all , sorry for that i open MMC on the Cas server and added the certificate snap-in to find out the expired certificates , but i could not find any expired certificate there .But i could find 5 entries in registry . So i think still the entry for expired certificates exists in the registry ,and it might be the cause of the problem

On Thu, 9 Jun 2011 17:33:06 +0000, supportsib wrote: >i think i mislead you all , sorry for that > >i open MMC on the Cas server and added the certificate snap-in to find out the expired certificates , but i could not find any expired certificate there .But i could find 5 entries in registry . So i think still the entry for expired certificates exists in the registry ,and it might be the cause of the problem When you added the Certificates snap-in to the MMC did you select "Computer Account" on the 1st dialog box and "Local Computer" on the 2nd dialog box? The certificates you should be looking for are in the "Personal > Certificates" container. Certificates in Trusted Root Certification Authorities or Internediate Certification Authorities may also be expired so check to be sure the CA that issued youre cert, and any CSs in the chain of trust, haven't expired. --- Rich Matheisen MCSE+I, Exchange MVP --- Rich Matheisen MCSE+I, Exchange MVP