I am running Exchange 2007. I keep receiving transport tls errors. I have tried the recommended solution of locating the certificate that exchange uses and run the command inside of powershel with no successful. The cert I used was the one we use for Go Daddy for our OWA. Below is the event viewer and the output from powershell get- exchange cert command----- Microsoft Exchange couldn't find a certificate that contains the domain name mailsrv1.cei.local.com in the personal store on the local computer. Therefore, it is unable to support the STARTTLS SMTP verb for the connector Internet with a FQDN parameter of mailsrv1.cei.local.com. If the connector's FQDN is not specified, the computer's FQDN is used. Verify the connector configuration and the installed certificates to make sure that there is a certificate with a domain name for that FQDN. If this certificate exists, run Enable-ExchangeCertificate -Services SMTP to make sure that the Microsoft Exchange Transport service has access to the certificate key.Below is the output from the powershell command get-exchange certificateThumbprint Services Subject ---------- -------- ------- B54B0F2D9F720F1D50A412FAAC3EC3ED9EE23D8E ...WS AA7406D7892ED6F06730AA9D7C6366EF13AD3473 ..... 9A3F2870F0892BD01DDC67B83C577F93913015B9 ..... D90DBA529CEE61A984DD0B16D6F55E2CE2EB58D3 ..... B156CD9A1E41062AFAD4C9C0DD4BB5B2E39051AA IP..S CN=mailsrv1

1. Open "Exchange Management Shell ". 2. Write "get-ExchangeCertificate " and press on "Enter " button. 3. Write down the Thumbprint of the certificate thatreflect the required FQDN name of the server. 4. Review the current certificate that use by the Exchange server and each certificate function. 5.Write "Enable-ExchangeCertificate -Thumbprint 2afd26617915932ad096c48eb3b847fc7457662 -Services "SMTP" and press on 'Enter " button. The value of -Thumbprint obtained in stage 3. 6. Restart the Exchange server. Check this out http://support.microsoft.com/kb/555855 Vinod |CCNA|MCSE 2003 +Messaging|MCTS|ITIL V3|

Hi,Please first run get-exchangecertificate |fl command in EMS, then post the information on the forum.To make TLS work, we need to implement the below steps:1. Generate or get the certificate2. Import the certificate on the Edge server or Hub Transport server3. Enable the certificate for the SMTP service.4. Specify the domain which you want to send domain secured email.5. Configuring the send connector.For detailed information, please refer to the below article:http://technet.microsoft.com/en-us/library/bb123543.aspxThanksAllen

Hi was this resolved? Getting the same error: My Output if i run the command: [PS] C:\Windows\System32>get-ExchangeCertificate |fl AccessRules : {System.Security.AccessControl.CryptoKeyAccessRule, System .Security.AccessControl.CryptoKeyAccessRule} CertificateDomains : {SVVDAC001.dac.co.za} HasPrivateKey : True IsSelfSigned : False Issuer : CN=dac-SVVDAC001-CA, DC=dac, DC=local NotAfter : 2011/08/13 04:58:05 PM NotBefore : 2009/08/13 04:58:05 PM PublicKeySize : 1024 RootCAType : Registry SerialNumber : 14659D2A00000000000C Services : POP, IIS Status : Valid Subject : CN=SVVDAC001.dac.co.za, OU=Infra, O=Dac Systems, L=HQ, S=G P, C=ZA Thumbprint : 9136BE293168BF062187BA969CA5F363BF8788A3 AccessRules : {System.Security.AccessControl.CryptoKeyAccessRule, System .Security.AccessControl.CryptoKeyAccessRule} CertificateDomains : {SVVDAC001.dac.local} HasPrivateKey : True IsSelfSigned : False Issuer : CN=dac-SVVDAC001-CA, DC=dac, DC=local NotAfter : 2010/08/09 01:33:15 PM NotBefore : 2009/08/09 01:33:15 PM PublicKeySize : 1024 RootCAType : Registry SerialNumber : 6153AEDA000000000004 Services : None Status : Valid Subject : CN=SVVDAC001.dac.local Thumbprint : 4991B0BC87A00A8CCABB966BBE064768B55E712B AccessRules : {System.Security.AccessControl.CryptoKeyAccessRule, System .Security.AccessControl.CryptoKeyAccessRule} CertificateDomains : {dac-SVVDAC001-CA} HasPrivateKey : True IsSelfSigned : True Issuer : CN=dac-SVVDAC001-CA, DC=dac, DC=local NotAfter : 2014/08/09 12:32:29 PM NotBefore : 2009/08/09 12:22:31 PM PublicKeySize : 2048 RootCAType : Registry SerialNumber : 09B8AC074537A8A4414B2F32A2206572 Services : None Status : Valid Subject : CN=dac-SVVDAC001-CA, DC=dac, DC=local Thumbprint : 1226B10D9D6E62168CE2E3C5FEFE8280DB910D9B

Ok, i rOpen up the Exchange "Command Prompt" and enter the following:get-exchangeCertificate | flLook at all the certificates that are displayed. I would suggest that youtake note and maybe remove all those that you do not need......but Idigress.Look for the "Services" along the left edge. Look for the "SMTP". If youdo not find that then you do not have a certificate for SMTP. This would bethe problem.Do you have a UCC Certificate installed?If you do, and you did not enable it for SMTP (let's say that it is enabledfor IIS) then this is simple. All you would do is enter the following:enable-exchangeCertificate -Thumbprint -Services "SMTP"That is it.Now, lets say that you also need to enable IMAP (boss bought herself aniPhone....). You would do this:enable-exchangeCertificate -Thumbprint XYZ -Services "SMTP, IMAP"