Microsoft Exchange could not load the certificate with thumbprint of... should i run  New-ExchangeCertificate?

Hello all,

My exchange environment seems to be working well, although in my eventvwr i get the error:

"Microsoft Exchange could not load the certificate with thumbprint of 356538ED3D9052E44DF25C54292DE586E1A22D from the personal store on the local computer. This certificate was configured for authentication with other Exchange servers. Mail flow to other Exchange servers could be affected by this error. If the certificate with this thumbprint still exists in the personal store, run Enable-ExchangeCertificate 356538ED3D9052E44D2CF25C292DE586E1A22D -Services SMTP 

I dont have a certificate like that in my personal store. I only have certificates for mail.contoso.com from godaddy, as well as a cert that just says EXCHANGE2013 (my computer name) and a Microsoft Exchange Server Aut... and WMSVC-Exchange2013.

None of these have the thumbprint described in the error.

Is this something i should be worrying about? Some articles suggest running new-exchangecertificate , but will this replace or mess up my existing certs?

Thanks.

July 22nd, 2015 3:42pm

Run get-exchangecertificate to check, if there is no other certificate with SMTP service assigned. If not, please create a certificate with FQDN of your Exchange server as a common name using your enterprise CA or just a selfsigned.

Free Windows Admin Tool Kit Click here and download it now
July 22nd, 2015 4:09pm
Thanks for your support M, When i run get-exchangecertificate | fl it shows me that i have my main ssl cert from godaddy assigned to IMAP, POP, IIS, SMTP. Why am i still getting the eventvwr error if that's the case? Any way to get rid of the check for the cert that doesn't exist?
July 22nd, 2015 4:25pm

You can try to run remove old certificate that is no longer in certification store using remove-exchangecertificate

https://technet.microsoft.com/en-us/library/aa997569%28v=exchg.150%29.aspx?f=255&MSPPError=-2147217396

You get an error, because godaddy has certificate for mail.domain.com. Create a certificate for FQDN of your server and assign SMTP service and check if problem disappears.

Free Windows Admin Tool Kit Click here and download it now
July 22nd, 2015 5:04pm

Hi,

You can't remove the certificate that's being used.

If you run get-certificate command and only see the godaddy certificate. You can try to use the below command to remove the certificate:

Remove-ExchangeCertificate -Thumbprint 356538ED3D9052E44D2CF25C292DE586E1A22D

Regards,

David 


July 22nd, 2015 9:43pm

Hi,

You can't remove the certificate that's being used.

If you run get-certificate command and only see the godaddy certificate. You can try to use the below command to remove the certificate:

Remove-ExchangeCertificate -Thumbprint 356538ED3D9052E44D2CF25C292DE586E1A22D

Regards,

David 


Free Windows Admin Tool Kit Click here and download it now
July 23rd, 2015 1:41am

Great, so just to confirm... Exchange is looking for a certificate that doesn't exist... so using

remove-exchangecertificate -thumbprint 356538ED3D9052E44D2CF25C292DE586E1A22D 

Will not affect my environment in any way? I could do this during business hours because all this is doing is removing a check for a certificate that isn't there?

Thanks.

July 23rd, 2015 10:42am

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics