MSExchangeTransport EventID:12019, expired certificate - but not expired?

Receiving the event and was wondering if anyone ran into a similar situation:

The remote internal transport certificate expired. Certificate subject: CN=*.X.com, OU=Domain Control Validated - RapidSSL(R), OU=See www.rapidssl.com/resources/cps (c)09, OU=GT91933575, O=*.X.com, C=US.

but the cert itself isn't expired.

4 certs listed in get-exchangecertifcate | FL, all have expirey > todays date

cert in question:

CertificateDomains : {*.X.com, X.com}
HasPrivateKey      : True
IsSelfSigned       : False
Issuer             : CN=RapidSSL CA, O="GeoTrust, Inc.", C=US
NotAfter           : 8/28/2016 3:55:38 AM
NotBefore          : 7/27/2011 9:03:38 PM

Anyone ran into this?

Things of note: Wildcard cert, only service assigned to WC is iis, cert status reports as valid.

setup:

Exch2013
2 MBX - dag
2 CAS LB
2 Edge

Old Exch2007 env still hanging around (being phased out during moves to '13).

Issue impact:
Nil. as far as can i can see. All cert usage from forward facing checks show in the green, no user reports of issues. Issue was noticed after dealing with a corrupt database. It might have been going on before that, however.

Thoughts/Speculation:
Related to the old exchange environment and somehow showing up in the events of the new exch setup. Cannot find an expired cert in old environment, certs appear valid, forward facing also shows in the green on old setup.

I imagine I'm just missing something obvious, if anyone has any suggestions, lemme know :)

July 8th, 2015 10:17am
Check all your certificates.  I would wager that you have an expired one in addition to your valid one.  Simply remove the expired ones.
Free Windows Admin Tool Kit Click here and download it now
July 8th, 2015 11:22am
I agree with Ed.  There's probably an expired one floating around somewhere that just hasn't been removed yet.
July 8th, 2015 1:49pm

Try generating a report using Paul's script and see if you can find any expired there....

Exchange Certificate Report PowerShell Script - https://gallery.technet.microsoft.com/Exchange-Certificate-91578ac4

Free Windows Admin Tool Kit Click here and download it now
July 8th, 2015 6:59pm

Hi Soko,

Thank you for your question.

Because you have check the certificate in EMS, you could check certificate in EAC to check if it expired.

We could refer to the following steps to check if the certificate is expired in Exchange local:

  1.        Run MMC in RUN
  2.        File->Add/Remove Snap-inCertificate->Computer account->local computer
  3.        Then navigate to Certificate->Trusted Root Certificate->Certificate
  4.        Then we could check the item which is Expiration Date if there are expired certificate.

If there are any questions regarding this issue, please be free to let me know.

Best Regard,

Jim

July 8th, 2015 10:37pm

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics