MSExchangeTransport Event ID 12014

  • Thread starter un1c0rn
  • Start date Views 3,516
Status
Not open for further replies.
U

un1c0rn

Hi,

Currently we are running exchange 2007 on Server 2003 R2 64bit.

Can anyone please help with the following error:

Event Type: Error

Event Source: MSExchangeTransport

Event Category: TransportService

Event ID: 12014

Date: 25/01/2010

Time: 7:53:25 AM

User: N/A

Computer: IBBNE02

Description:

Microsoft Exchange couldn't find a certificate that contains the domain name

mail.implicitbioscience.com.au in the personal store on the local computer.

Therefore, it is unable to support the STARTTLS SMTP verb for the connector

Exchange default with a FQDN parameter of mail.implicitbioscience.com.au. If

the connector's FQDN is not specified, the computer's FQDN is used. Verify

the connector configuration and the installed certificates to make sure that

there is a certificate with a domain name for that FQDN. If this certificate

exists, run Enable-ExchangeCertificate -Services SMTP to make sure that the

Microsoft Exchange Transport service has access to the certificate key.
 
E

Ed Crowley [MVP]

The way I read it, your Exchange server wants to send SMTP mail with other

Exchange servers using TLS, but it can't do that because you don't have a

proper certificate installed that matches your domain. You can fix that by

installing a certificate.

Ed Crowley MVP

"There are seldom good technological solutions to behavioral problems."

> .

"un1c0rn" <un1c0.rn@yahoo.com> wrote in message

news:CFFC69F5-63EF-401A-9805-7B32B3FB8CA0@microsoft.com...
> Hi,

> Currently we are running exchange 2007 on Server 2003 R2 64bit.
> Can anyone please help with the following error:

> Event Type: Error

> Event Source: MSExchangeTransport

> Event Category: TransportService

> Event ID: 12014

> Date: 25/01/2010

> Time: 7:53:25 AM

> User: N/A

> Computer: IBBNE02

> Description:

> Microsoft Exchange couldn't find a certificate that contains the domain
> name mail.implicitbioscience.com.au in the personal store on the local
> computer. Therefore, it is unable to support the STARTTLS SMTP verb for
> the connector Exchange default with a FQDN parameter of
> mail.implicitbioscience.com.au. If the connector's FQDN is not specified,
> the computer's FQDN is used. Verify the connector configuration and the
> installed certificates to make sure that there is a certificate with a
> domain name for that FQDN. If this certificate exists, run
> Enable-ExchangeCertificate -Services SMTP to make sure that the Microsoft
> Exchange Transport service has access to the certificate key.
>
 
R

Rich Matheisen [MVP]

On Sun, 24 Jan 2010 23:29:00 -0800, "Ed Crowley [MVP]"

<curspice@nospam.net> wrote:


> The way I read it, your Exchange server wants to send SMTP mail with other
> Exchange servers using TLS, but it can't do that because you don't have a
> proper certificate installed that matches your domain. You can fix that by
> installing a certificate.


Or by adding SMTP as one of the services the cert is used for.

Use get-exchangecertificate and see if there's a "S" beneath the

"Services" header for the certificate. Use enable-exchangecertificate

to change the services if it's not there.

-
Rich Matheisen

 
U

un1c0rn

Thanks but I have tried this with no success.

"Ed Crowley [MVP]" <curspice@nospam.net> wrote in message

news:ujg7QAZnKHA.2100@TK2MSFTNGP05.phx.gbl...
> The way I read it, your Exchange server wants to send SMTP mail with other
> Exchange servers using TLS, but it can't do that because you don't have a
> proper certificate installed that matches your domain. You can fix that
> by installing a certificate.
> > Ed Crowley MVP
> "There are seldom good technological solutions to behavioral problems."
> .

> "un1c0rn" <un1c0.rn@yahoo.com> wrote in message
> news:CFFC69F5-63EF-401A-9805-7B32B3FB8CA0@microsoft.com...
> > Hi,
>

>> Currently we are running exchange 2007 on Server 2003 R2 64bit.
> > Can anyone please help with the following error:
>

>> Event Type: Error
>

>> Event Source: MSExchangeTransport
>

>> Event Category: TransportService
>

>> Event ID: 12014
>

>> Date: 25/01/2010
>

>> Time: 7:53:25 AM
>

>> User: N/A
>

>> Computer: IBBNE02
>

>> Description:
>

>> Microsoft Exchange couldn't find a certificate that contains the domain
> > name mail.implicitbioscience.com.au in the personal store on the local
> > computer. Therefore, it is unable to support the STARTTLS SMTP verb for
> > the connector Exchange default with a FQDN parameter of
> > mail.implicitbioscience.com.au. If the connector's FQDN is not specified,
> > the computer's FQDN is used. Verify the connector configuration and the
> > installed certificates to make sure that there is a certificate with a
> > domain name for that FQDN. If this certificate exists, run
> > Enable-ExchangeCertificate -Services SMTP to make sure that the Microsoft
> > Exchange Transport service has access to the certificate key.
> >

>
 
U

un1c0rn

Tried that and seems to go without issue but the same error appears in the

event log.

"Rich Matheisen [MVP]" <richnews@rmcons.com.NOSPAM.COM> wrote in message

news:49drl5hl6pp53mpl15514g2sfh0il8u29t@4ax.com...
> On Sun, 24 Jan 2010 23:29:00 -0800, "Ed Crowley [MVP]"
> <curspice@nospam.net> wrote:
>
> >The way I read it, your Exchange server wants to send SMTP mail with other
> >Exchange servers using TLS, but it can't do that because you don't have a
> >proper certificate installed that matches your domain. You can fix that
> >by
> >installing a certificate.


> Or by adding SMTP as one of the services the cert is used for.

> Use get-exchangecertificate and see if there's a "S" beneath the
> "Services" header for the certificate. Use enable-exchangecertificate
> to change the services if it's not there.
> -> Rich Matheisen
>
 
R

Rich Matheisen [MVP]

On Wed, 27 Jan 2010 15:59:44 +1000, "un1c0rn" <un1c0.rn@yahoo.com
wrote:


> Tried that and seems to go without issue but the same error appears in the
> event log.


What does "go without issue" mean? Does the "S" show up beneath the

"Services" column or not?

How many certificates show up in that get-exchangecertificate output?

For the one that you /think/ you're using, do this:

get-exchangecertificate <thumbprint> | fl

In the "CertificateDomains", what names do you see?

Is the certificate "Status" valid?

-
Rich Matheisen

 
U

un1c0rn

Yes, the S is showing. I have pasted the results below:

AccessRules : {System.Security.AccessControl.CryptoKeyAccessRule,

System.Security.AccessControl.CryptoKeyAccessRule,

System.Security.AccessControl.Crypt

oKeyAccessRule}

CertificateDomains : {ibbne02.implicitbioscience.com}

HasPrivateKey : True

IsSelfSigned : True

Issuer : CN=ibbne02.implicitbioscience.com

NotAfter : 25/01/2011 4:34:57 PM

NotBefore : 25/01/2010 4:34:57 PM

PublicKeySize : 1024

RootCAType : None

SerialNumber : 0B904E42A8BF7497442B5D0C996F10DA

Services : IMAP, POP, SMTP

Status : Valid

Subject : CN=ibbne02.implicitbioscience.com

Thumbprint : EE6A8770B794FA4A820C3F007D6FF48C921A629D

AccessRules : {System.Security.AccessControl.CryptoKeyAccessRule,

System.Security.AccessControl.CryptoKeyAccessRule,

System.Security.AccessControl.Crypt

oKeyAccessRule}

CertificateDomains : {ibbne02.implicitbioscience.com}

HasPrivateKey : True

IsSelfSigned : True

Issuer : CN=ibbne02.implicitbioscience.com

NotAfter : 25/01/2011 12:58:13 PM

NotBefore : 25/01/2010 12:58:13 PM

PublicKeySize : 1024

RootCAType : None

SerialNumber : A042EAACF8B7AE9E442AAD4DED8A2114

Services : IMAP, POP, IIS, SMTP

Status : Valid

Subject : CN=ibbne02.implicitbioscience.com

Thumbprint : A4F371262BBE4361E26AC31CBEE50B129C332FB0

"Rich Matheisen [MVP]" <richnews@rmcons.com.NOSPAM.COM> wrote in message

news:htq0m5p5e4jhf70mc0msoc8e7ehtbo7qr4@4ax.com...
> On Wed, 27 Jan 2010 15:59:44 +1000, "un1c0rn" <un1c0.rn@yahoo.com
> wrote:
>
> >Tried that and seems to go without issue but the same error appears in the
> >event log.


> What does "go without issue" mean? Does the "S" show up beneath the
> "Services" column or not?

> How many certificates show up in that get-exchangecertificate output?
> For the one that you /think/ you're using, do this:

> get-exchangecertificate <thumbprint> | fl

> In the "CertificateDomains", what names do you see?

> Is the certificate "Status" valid?
> -> Rich Matheisen
>
 
R

Rich Matheisen [MVP]

On Fri, 29 Jan 2010 09:24:39 +1000, "un1c0rn" <un1c0.rn@yahoo.com
wrote:


> Yes, the S is showing. I have pasted the results below:


Both certificates have the same name. Neither of them are for

mail.implicitbioscience.com -- so the error message is correct,

there's no certificate that matches the name.


> CertificateDomains : {ibbne02.implicitbioscience.com}
> CertificateDomains : {ibbne02.implicitbioscience.com}


Have you changed the FQDN on the Send or Receive Connectors from

ibbne02.implicitbioscience.com to mail.implicitbioscience.com?

You can get a certificate with multiple names (a "SAN" or "UC")

certificate. You'll need one if you're going to use different names

for different things (OWA, autodoscover, email, etc.).

-
Rich Matheisen

 
U

un1c0rn

Thankyou Rich, That worked! You are a genius! :)

"Rich Matheisen [MVP]" <richnews@rmcons.com.NOSPAM.COM> wrote in message

news:5oh4m5li7sf03khddi509i1lkpqtruj395@4ax.com...
> On Fri, 29 Jan 2010 09:24:39 +1000, "un1c0rn" <un1c0.rn@yahoo.com
> wrote:
>
> >Yes, the S is showing. I have pasted the results below:


> Both certificates have the same name. Neither of them are for
> mail.implicitbioscience.com -- so the error message is correct,
> there's no certificate that matches the name.
>
> >CertificateDomains : {ibbne02.implicitbioscience.com}
> >CertificateDomains : {ibbne02.implicitbioscience.com}


> Have you changed the FQDN on the Send or Receive Connectors from
> ibbne02.implicitbioscience.com to mail.implicitbioscience.com?

> You can get a certificate with multiple names (a "SAN" or "UC")
> certificate. You'll need one if you're going to use different names
> for different things (OWA, autodoscover, email, etc.).
> -> Rich Matheisen
>
 
Status
Not open for further replies.
Top