Home News Event Exchange Solutions 2010 ID 12014 Starttls

Event Exchange Solutions 2010 ID 12014 Starttls





Hi guys

I inherited from Small Business Server 2011 with Exchange 2010. Exchange was built on SBS with fully qualified local domain names. When I recently purchased new SSL certificates for this, GoDaddy (rightly so) no longer supported adding local FQDNs to the certificate. As a result, there is mail. .com and auto discovery. .com on the certificate, sbs2k11. However, there is no .lan (local name), and the Exchange server is, of course, littered with references to the local name. We are now getting STARTTLS errors (event ID 12014) due to a mismatch between the certificate and the local domain name. I don’t know what to do to fix this problem. Full error text:

exchange 2010 event id 12014 starttls

Microsoft Exchange could not find a certificate in the personal store on the local computer with the domain name SBS2K11. .lan contains. Therefore, the SMTP STARTTLS command for the SBS2K11 standard connector can be used with the SBS2K11 FQDN parameter. .lan are not supported. If the FQDN of the connector is not specified, the FQDN of the computer is used. Check the connection configuration Owner and installed certificates to make sure that there is a certificate with a domain name for that FQDN. If this certificate exists, run Enable-ExchangeCertificate -Services SMTP to verify that the Microsoft Exchange Transport service has access to the certificate key. Ï “¿

When I start EMC and navigate to Server Configuration >> Hub Transport, I see that some Receive connectors specify local as a fully qualified domain name and others as public. I can change all but one: the standard SBS2K11 (the one I’m getting the error on). This recipient is giving me an error when I try to change it to an FQDN that is between SBS2K11, SBS2K11. You must select .lan or $ null. Is there a way to fix this? Am I looking in the right place? Is this something I should fix, or should I just leave it?

As a rule, you should use the New-ExchangeCertificate cmdlet to create a new self-signed certificate. You don’t need to enter any parameters (your inner full housethe given name is used automatically). You will be prompted to replace the existing certificate for the SMTP service.

Thai pepper


What Is Exchange Error Event ID 12014?

Exchange error ID 12014 occurs because Microsoft Exchange Server cannot find the certificate, and the user receives a certificate containing the domain name mail.cnd-net.at in the local system store. Therefore, it cannot support the STARTTLS-SMTP command for the Internet connector with the mail.cnd-net.at FQDN directives. If the FQDN of the connector is not specified, the system FQDN is used.

Check the connector structure and installed certificates to ensure that there is a domain name certificate for that FQDN. If you have an FQDN certificate, run Enable-Exchange Certificate -Services SMTP to see if the Microsoft Exchange Transport service has permission to use the certificate key.


To resolve this event ID 12014, you need to do the following:

  1. First, check your authentication configsi that will be presented on the Exchange server, and the configuration of all Sender and Receiver connectors presented on the server. Write a command to view the configuration: Event ID 12014


    Note. To see what services are enabled for an installed certificate, you must use an asterisk (*) when running the FL argument to the Get-ExchangeCertificate cmdlet. Service values ​​are not displayed if * is not specified in the task parameters.

  2. An asterisk must be used in the FL argument of the above command to indicate the installed certificate. The command will not be executed by the service if the command does not use an asterisk.
  3. After running the command, compare the FQDN returned by the alert event against the FQDN defined on the connector, and the CertificateDomain values ​​defined in the certificate.
  4. The goal is to verify that the connector has the appropriate certificate, including the fully qualified domain name of the connector in the domain of the certificate that is using transport layer security.
  5. Then check the service value in each certificate. If a TLS certificate is used, it must also be enabled for the SMTP service.
  6. If the FQDN is not listed in the domain of the certificate, create a new certificate for it and include the FQDN of the connector returned in the error message.
    Use this command to create a new New-ExchangeCertificate.