I inherited from Small Business Server 2011 with Exchange 2010. Exchange was built on SBS with fully qualified local domain names. When I recently purchased new SSL certificates for this, GoDaddy (rightly so) no longer supported adding local FQDNs to the certificate. As a result, there is mail.
Microsoft Exchange could not find a certificate in the personal store on the local computer with the domain name SBS2K11.
When I start EMC and navigate to Server Configuration >> Hub Transport, I see that some Receive connectors specify local as a fully qualified domain name and others as public. I can change all but one: the standard SBS2K11 (the one I’m getting the error on). This recipient is giving me an error when I try to change it to an FQDN that is between SBS2K11, SBS2K11. You must select
As a rule, you should use the New-ExchangeCertificate cmdlet to create a new self-signed certificate. You don’t need to enter any parameters (your inner full housethe given name is used automatically). You will be prompted to replace the existing certificate for the SMTP service.
What Is Exchange Error Event ID 12014?
Exchange error ID 12014 occurs because Microsoft Exchange Server cannot find the certificate, and the user receives a certificate containing the domain name mail.cnd-net.at in the local system store. Therefore, it cannot support the STARTTLS-SMTP command for the Internet connector with the mail.cnd-net.at FQDN directives. If the FQDN of the connector is not specified, the system FQDN is used.
Check the connector structure and installed certificates to ensure that there is a domain name certificate for that FQDN. If you have an FQDN certificate, run Enable-Exchange Certificate -Services SMTP to see if the Microsoft Exchange Transport service has permission to use the certificate key.
To resolve this event ID 12014, you need to do the following:
- First, check your authentication configsi that will be presented on the Exchange server, and the configuration of all Sender and Receiver connectors presented on the server. Write a command to view the configuration: Event ID 12014
Note. To see what services are enabled for an installed certificate, you must use an asterisk (*) when running the FL argument to the Get-ExchangeCertificate cmdlet. Service values are not displayed if * is not specified in the task parameters.
- An asterisk must be used in the FL argument of the above command to indicate the installed certificate. The command will not be executed by the service if the command does not use an asterisk.
- After running the command, compare the FQDN returned by the alert event against the FQDN defined on the connector, and the CertificateDomain values defined in the certificate.
- The goal is to verify that the connector has the appropriate certificate, including the fully qualified domain name of the connector in the domain of the certificate that is using transport layer security.
- Then check the service value in each certificate. If a TLS certificate is used, it must also be enabled for the SMTP service.
- If the FQDN is not listed in the domain of the certificate, create a new certificate for it and include the FQDN of the connector returned in the error message.
Use this command to create a new New-ExchangeCertificate.