Event ID 2005

Hi

I have Exchange 2013 migrated from Exchange 2010

I have Event id:2005

Federation or Auth certificate not found: ED2C3E86EBE821AAC2C0DEA85CAB5787E2CAC5F3. Unable to find the certificate in the local or neighboring sites. Confirm that the certificate is available in your topology and if necessary, reset the certificate on the Federation Trust to a valid certificate using Set-FederationTrust or Set-AuthConfig. The certificate may take time to propagate to the local or neighboring sites.

I want to know what is the causes for this issue and how can I solve it ?

March 29th, 2015 4:05am

Hello

You need to search on old server for cert that thumbprint is ....
export with private key and import to new exch server and try repair trust
Get-FederationTrust | Set-FederationTrust RefreshMetadata

Free Windows Admin Tool Kit Click here and download it now
March 29th, 2015 5:04am

Already we uninstalling the old Exchange 2010 and migrate to 2013

how we can solve this issue

March 29th, 2015 5:25am

Hello

and haven't got any public cert like from godady or....

Free Windows Admin Tool Kit Click here and download it now
March 29th, 2015 5:27am

already i have from digitcert and it is working with no issue

but the thumprint shown in the event id is different , i dont know from where

March 29th, 2015 5:30am

Hello

plese run Get-FederationTrust |fl

Free Windows Admin Tool Kit Click here and download it now
March 29th, 2015 5:51am
There is no output from this command
March 29th, 2015 7:08am

Hello

empty?
from ecp org-->share is not enabled?

check adsiedt:
CN=Microsoft Federation Gateway,CN=Federation Trusts,CN=First Organization,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=domain,DC=local

and remove entry if not need.

Free Windows Admin Tool Kit Click here and download it now
March 29th, 2015 10:40am

Hi Yasser,

The cause is that  the Certificate used by Authentication configuration is not exist on the server or deleted.

I recommend you refer to the following method to solve it :

Recreate a new Microsoft Exchange Server Auth Certificate by using the following command In EMS on the MBX server: 

1. Create a new certificate with SubjectName cn=Microsoft Exchange Server Auth Certificate

New-ExchangeCertificate -KeySize 2048 -PrivateKeyExportable $true -SubjectName "cn=Microsoft Exchange Server Auth Certificate" -FriendlyName "Microsoft Exchange Server Auth Certificate" -Services smtp

Note: Do not accept to replace the SMTP certificate when prompted.

2. Note the thumbprint of the new certificate. We can use command Get-Certificate to retrieve all the cetificate information on the server.

3. Get the date of today, which will be used to set the new Certificates effective Date.

$a=get-date

4. Configure the authentication configuration to use the new certificate and set the effective date.

Set-AuthConfig -NewCertificateThumbprint Certificate_Thumbprint in step2 NewCertificateEffectiveDate $a

Note: Accept to continue despite the fact that the certificate effective date is not 48 hours into the future.

5. Configure the certificate

Set-AuthConfig PublishCertificate

6. Make sure to remove any potential reference to the previous certificate (which might not exist anymore) by command:

Set-AuthConfig -ClearPreviousCertificate

7. Do iisreset on both CAS and MBX servers.

Best regards,

March 30th, 2015 3:39am

This is certificate coming from The old Exchange 2010 and we already uninstalled how we can remove this event id

still shown .

Free Windows Admin Tool Kit Click here and download it now
March 30th, 2015 6:56am

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics