RSS
Aside
10 Jan

emailDescription:

Microsoft Exchange could not find a certificate that contains the domain name hub01.msexchangeguru.com in the personal store on the local computer. Therefore, it is unable to support the STARTTLS SMTP verb for the connector Default HUB01 with a FQDN parameter of hub01.msexchangeguru.com. If the connector’s FQDN is not specified, the computer’s FQDN is used. Verify the connector configuration and the installed certificates to make sure that there is a certificate with a domain name for that FQDN. If this certificate exists, run Enable-ExchangeCertificate -Services SMTP to make sure that the Microsoft Exchange Transport service has access to the certificate key.

1. Run this cmdlet in Exchange management shell on the HUB Server and copy the THUMBPRINT to a notepad

[PS] C:\Windows\System32>Get-ExchangeCertificate |FL AccessRules     : {System.Security.AccessControl.CryptoKeyAccessRule, System .Security.AccessControl.CryptoKeyAccessRule, System.Securi ty.AccessControl.CryptoKeyAccessRule, System.Security.Acce ssControl.CryptoKeyAccessRule} CertificateDomains     : {hub01, hub01.msexchangeguru.com } HasPrivateKey     : True IsSelfSigned     : True Issuer         : CN= hub01 NotAfter         : 8/20/2010 1:31:23 PM –> This has expired NotBefore     : 8/20/2009 1:31:23 PM PublicKeySize     : 2048 RootCAType     : Unknown SerialNumber     : 2A7D56E59E654E3E48E15BDDDAE5BD43 Services         : SMTP Status         : Invalid Subject         : CN=nbe-vexch-hub1 Thumbprint     : A4530629717651BE6C4443FAC376F23412184CF3

2. Run this cmdlet:

Get-ExchangeCertificate -Thumbprint “A4530629717651BE6C4443FAC376F23412184CF3″ | New-ExchangeCertificate

Click Yes when prompted

3. Now type:

[PS] C:\Windows\System32>Get-ExchangeCertificate |FL

AccessRules            : {System.Security.AccessControl.CryptoKeyAccessRule, System

.Security.AccessControl.CryptoKeyAccessRule, System.Securi

ty.AccessControl.CryptoKeyAccessRule, System.Security.Acce

ssControl.CryptoKeyAccessRule}

CertificateDomains     : {hub01, hub01.msexchangeguru.com }

HasPrivateKey          : True

IsSelfSigned           : True

Issuer                     : CN= hub01

NotAfter                   : 6/22/2016 3:23:25 PM

NotBefore                  : 6/22/2011 3:23:25 PM

PublicKeySize          : 2048

RootCAType             : None

SerialNumber           : 54852328E21942B34F3745DA0859BB34

Services                   : SMTP

Status                     : Valid

Subject                    : CN= hub01

Thumbprint             : 3A25CDB554EF6DDF81D32C2D54873DSF7FE54F71

AccessRules            : {System.Security.AccessControl.CryptoKeyAccessRule, System

.Security.AccessControl.CryptoKeyAccessRule, System.Securi

ty.AccessControl.CryptoKeyAccessRule, System.Security.Acce

ssControl.CryptoKeyAccessRule}

CertificateDomains     : {hub01, hub01.msexchangeguru.com }

HasPrivateKey          : True

IsSelfSigned           : True

Issuer                     : CN= hub01

NotAfter                   : 8/20/2010 1:31:23 PM

NotBefore                  : 8/20/2009 1:31:23 PM

PublicKeySize          : 2048

RootCAType             : Unknown

SerialNumber           : 2A7D56E59E654E3E48E15BDDDAE5BD43

Services                   : SMTP

Status                     : Invalid

Subject                    : CN= hub01

Thumbprint             : A4530629717651BE6C4443FAC376F23412184CF3

4. Now type:

[PS] C:\Windows\System32>Enable-ExchangeCertificate -Thumbprint 3A25CDB554EF6DDF81D32C2D54873DSF7FE54F71 -Services SMTP

Remember that this THUMBPRINT is the one for the new Certificate which we just created and we are enabling it for SMTP

5. Remove the old certificate

[PS] C:\Windows\System32>Remove-ExchangeCertificate -Thumbprint A4530629717651BE6C4443FAC376F23412184CF3

Just confirm Yes when prompted.

If you got the error:

Remove-ExchangeCertificate : The internal transport certificate cannot be removed because that would cause the Microsoft Exchange Transport service to stop. To replace the internal transport certificate, create a new certificate. The new certificate will automatically become the internal transport certificate. You can then remove the existing certificate.

Parameter name: Thumbprint

At line:1 char:27

+ Remove-ExchangeCertificate  <<<< -Thumbprint A4530629717651BE6C4443FAC376F23412184CF3

This is caused because you haven’t followed step4 properly and enabled the renewed certificate. So, exchange is still looking at the old one.

Just follow step 4 again and try to remove the certificate.

Event 12014

 
Leave a comment

Posted by on January 10, 2013 in Exchange

 

Tags:

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

 
%d bloggers like this: