I keep getting these errors on my exchange 2k7 server for both our receive connector, and send connector. I followed the directions according to KB555855, and I am still getting these errors. I am using anExtended ValidationVerisign certificiate if it matters. Any thougts on why it would still not find the certificate? Thanks. Event Type:ErrorEvent Source:MSExchangeTransportEvent Category:TransportService Event ID:12014Date:3/5/2008Time:1:10:36 PMUser:N/AComputer:SERVERNAMEDescription:Microsoft Exchange couldn't find a certificate that contains the domain name mail.mydomain.com in the personal store on the local computer. Therefore, it is unable to support the STARTTLS SMTP verb for the connector Default SERVERNAME with a FQDN parameter of mail.mydomain.com. If the connector's FQDN is not specified, the computer's FQDN is used. Verify the connector configuration and the installed certificates to make sure that there is a certificate with a domain name for that FQDN. If this certificate exists, run Enable-ExchangeCertificate -Services SMTP to make sure that the Microsoft Exchange Transport service has access to the certificate key. For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

/bump

Have tried multiple times now following the kb artical, and its still not working. Are there any known problems with this when using a verisign EV certificate? Anything? Normally the steps in a KB artical fix any problem the KB describes.

I'm not using a Verisign EV certificate, have tried to follow the KB article and still receive the message. Has anyone been able to resolve this?

Hello Folks, Which KB article are we following? Did we ran get-Exchangecertificate command and check if any of the certificate has expired? Also, do we have SAN on the Exchange 2007 certificate we are talking about? Thanks..Deb

Are you using a wildcard certificate ?

Nope. Not using a wildcard cert here. The cert works fine for https.

Here is the kb artical. http://support.microsoft.com/kb/555855 Had to look up what SAN is, but no our cert does not have a SAN.

I reviewed the KB article and in doing so determined that the certificate had exprired. I executed get-ExchangeCertificate | fl * to determine the thumbprint and then exectuted get-ExhcangeCertificate -thumbprint <thumbprint> | new-exchangecertificate and received the following New-ExchangeCertificate : Access is denied.At line:1 char:103+ Get-ExchangeCertificate -thumbprint "4FDBE52741B4D49167710140305AA90C7E00DF06" |new-exchangecertificate <<<<[PS] F:\> I am a member of the Domain Admins, Enterprise Admin, Exchange Organizational Administrators, and the Exchange Recipient Administrators. I have also checked the security for C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA folder. Any suggestions what I should do next? Thanks. Jim

I am still having problems getting this to work. Anyone else figure it out yet?I thought the issue might be related to our Verisign EV SSL Cert having a chaining problem. That turned out to be a problemdue toMS installing a Verisign Root CA on the server so the Intermediate CA was being bypassed. When I got that resolved I almost expected this issue to go away, but it has not. Microsoft Exchange couldn't find a certificate that contains the domain name mail.mydomain.com in the personal store on the local computer. Therefore, it is unable to support the STARTTLS SMTP verb for the connector Default MYMAILSERVER with a FQDN parameter of mail.mydomain.com. If the connector's FQDN is not specified, the computer's FQDN is used. Verify the connector configuration and the installed certificates to make sure that there is a certificate with a domain name for that FQDN. If this certificate exists, run Enable-ExchangeCertificate -Services SMTP to make sure that the Microsoft Exchange Transport service has access to the certificate key.My cert definatly exists in the cert store as mail.mydomain.com and the cert works fine in IIS.Get-ExchangeCertificate shows the certTumbprint...not going to show it because I dont know if its a security issue so ha...Services.P.WSSubject CN=mail.mydomain.com, OU=T...Running Enable-ExchangeCertificate -Services SMTP<thumbprint for mail.mydomain.com listed in Get-ExchangeCertificate> does not fix the problem.

I found some more info. It looks like Exchange does not see the cert as a valid certificate. What is causing it to be invalid though.Get-ExchangeCertificate | FL * AccessRules : {System.Security.AccessControl.CryptoKeyAccessRule, Syst em.Security.AccessControl.CryptoKeyAccessRule, System.Se curity.AccessControl.CryptoKeyAccessRule}CertificateDomains : {mail.mydomain.com}CertificateRequest :IisServices : {IIS://MYMAILSERVER/W3SVC/1}IsSelfSigned : FalseKeyIdentifier : YAHNORootCAType : UnknownServices : POP, IIS, SMTPStatus : InvalidPrivateKeyExportable : TrueArchived : FalseExtensions : {System.Security.Cryptography.Oid, System.Security.Crypt ography.Oid, System.Security.Cryptography.Oid, System.Se curity.Cryptography.Oid, System.Security.Cryptography.Oi d, System.Security.Cryptography.Oid, System.Security.Cry ptography.Oid, System.Security.Cryptography.Oid}FriendlyName : mail.mydomain.comIssuerName : System.Security.Cryptography.X509Certificates.X500Distin guishedNameNotAfter : 1/24/2011 3:59:59 PMNotBefore : 1/15/2009 4:00:00 PMHasPrivateKey : TruePrivateKey : System.Security.Cryptography.RSACryptoServiceProviderPublicKey : System.Security.Cryptography.X509Certificates.PublicKeyRawData : SOME DATA WAS HERESerialNumber : MORE STUFF WAS HERESubjectName : System.Security.Cryptography.X509Certificates.X500Distin guishedNameSignatureAlgorithm : System.Security.Cryptography.OidThumbprint : YEP MORE WAS HERE TOOVersion : 3Handle : YAH HERE TOOIssuer : CN=VeriSign Class 3 Extended Validation SSL SGC CA, OU=T erms of use at https://www.verisign.com/rpa (c)06, OU=Ve riSign Trust Network, O="VeriSign, Inc.", C=USSubject : YES AND EVEN HERE

I finally got this working correctly! Turns out that there were several of the Intermediate Certificates missing so my cert was showing upwithaStatus"Invalid". I re-imported my Cert, and it created the correct Intermediate certificates, and all is well.