|
Question : exchange certifacat
|
|
Hi , I am getting the following problem, and don´t know why I am getting that. I have a certifacat installed and enabled, but I still get the event id 12014, also when I visit the site in my web browser using https://mail.domain.com/owa I get a certifacate error Any one can help please.
Event ID: 12014 Microsoft Exchange couldn't find a certificate that contains the domain name MAIL.DOMAIN.COM in the personal store on the local computer. Therefore, it is unable to support the STARTTLS SMTP verb for the connector internet with a FQDN parameter of mail.domain.com. If the connector's FQDN is not specified, the computer's FQDN is used. Verify the connector configuration and the installed certificates to make sure that there is a certificate with a domain name for that FQDN. If this certificate exists, run Enable-ExchangeCertificate -Services SMTP to make sure that the Microsoft Exchange Transport service has access to the certificate key. The following is what I get when I write Get-ExchangeCertificate [PS] C:\Windows\System32>Get-ExchangeCertificate Thumbprint Services Subject ---------- -------- ------- 896B74B25F7EBF330C93E56DA2A76CFC6A7 ....S CN=SERVERNAME NETBIOS NAME 136849A2963709E2753214BED76C7D6DB1E4A270 IP.WS CN=MAIL.DOMAIN.COM, ...
AND HERE IS SOME MORE INFO ABOUT THE CERTS when I write get-exchangecertificate | fl
[PS] C:\Windows\System32>get-exchangecertificate | fl AccessRules : {System.Security.AccessControl.CryptoKeyAccessRule, System .Security.AccessControl.CryptoKeyAccessRule, System.Securi ty.AccessControl.CryptoKeyAccessRule, System.Security.Acce ssControl.CryptoKeyAccessRule} CertificateDomains : { SERVERNAME NETBIOS NAME, SERVERNAME NETBIOS NAME.DOMAIN.COM} HasPrivateKey : True IsSelfSigned : True Issuer : CN= SERVERNAME NETBIOS NAME NotAfter : 2/5/2011 10:03:31 PM NotBefore : 2/5/2010 10:03:31 PM PublicKeySize : 2048 RootCAType : None SerialNumber : CED1C1111B11EAC111AC1C1111BC1 Services : SMTP Status : Valid Subject : CN= SERVERNAME NETBIOS NAME Thumbprint : 896B74B25F7EBF330C93E56DA2A76CFC6A7
AccessRules : {System.Security.AccessControl.CryptoKeyAccessRule, System .Security.AccessControl.CryptoKeyAccessRule, System.Securi ty.AccessControl.CryptoKeyAccessRule, System.Security.Acce ssControl.CryptoKeyAccessRule} CertificateDomains : {MAIL.DOMAIN.COM, SERVERNAME NETBIOS NAME, AUTODISCOVER.DOMAIN.COM } HasPrivateKey : True IsSelfSigned : False Issuer : CN=AAA Certificate Services, O=XXX, L=XXX d, S=XXX, C=XX NotAfter : 5/29/2013 1:59:59 AM NotBefore : 5/29/2009 2:00:00 AM PublicKeySize : 2048 RootCAType : ThirdParty SerialNumber : 001111FAE711DF41E9A111F4B62E111 Services : IMAP, POP, IIS, SMTP Status : Valid Subject : CN=MAIL.DOMAIN.COM, OU=XXX Unified Communications, O U=Hosted by XXX, OU=XX, O=XX, STREET=XXX, L=XXX S=XXX, PostalCode=111 11, C=XXX Thumbprint : 136849A2963709E2753214BED76C7D6DB1E4A270
|
|
Answer : exchange certifacat
|
|
Type the below exchange command in Exchange management console
get-exchangecertificate -thumbprint 896B74B25F7EBF330C93E56DA2A76CFC6A7 | renew-exchangecertificate
then
Enable-exchangecertificate -thumbprint (Now the updated thumbprint of the above certificate) -services SMTP
Then for the second certificate
get-exchangecertificate -thumbprint 136849A2963709E2753214BED76C7D6DB1E4A270 | renew-exchangecertificate
then
Enable-exchangecertificate -thumbprint (Now the updated thumbprint of the above certificate) -services SMTP,IMAP,POP,IIS
Then restart Msexchange transport service and then update us
|
|
|
|