Replaced Default Cert with SAN on Exchange 2010 - error 12014
I just installed a new SAN Cert on a new installation of Exchange 2010 SP1 RU2. After I installed the Cert I removed the default cert created by exchange during installation. now getting error 12014. What do I do here to tell exchange to always use the san cert - although the internal FQDN is not listed on that SAN. Or do I have to recreate it and enable SMTP services? Microsoft Exchange could not find a certificate that contains the domain name exchangeserver.mydomain.com in the personal store on the local computer. Therefore, it is unable to support the STARTTLS SMTP verb for the connector Internet with a FQDN parameter of exchangeserver.mydomain.com. If the connector's FQDN is not specified, the computer's FQDN is used. Verify the connector configuration and the installed certificates to make sure that there is a certificate with a domain name for that FQDN. If this certificate exists, run Enable-ExchangeCertificate -Services SMTP to make sure that the Microsoft Exchange Transport service has access to the certificate key. Thanks - SJMP
December 30th, 2010 11:08am

Hi, To resolve this problem, you can just create a new self-signed certificate which contains the FQDN of your hub transport server and then enable it for SMTP service: On hub transport server, open EMS, type: new-exchangecertificate |Enable-ExchangeCertificate -services “SMTP” · SMTP sessions between Hub Transport servers: A certificate is used only for encryption of the SMTP session. Authentication is provided by the Kerberos protocol. · SMTP sessions between Hub Transport servers and an Edge Transport server: A certificate is used for encryption of the STMP session and for direct trust authentication. So we must have a certificate contains the FQDN of the receive connectors in your hub transport server. Note: Don’t modify the FQDN value on the default Receive connector Default <Server Name> that's automatically created on Hub Transport servers. If you have multiple Hub Transport servers in your Exchange organization and you change the FQDN value on the Default <Server Name> Receive connector, internal mail flow between Hub Transport servers fails. If you would like to use the public certificate for SMTP service, you need to request a new SAN certificate contains the both External and internal URL, then enable it for SMTP services. More information, please refer the following KB article: http://support.microsoft.com/default.aspx?scid=kb;en-us;555855 Gen Lin TechNet Subscriber Support in forum If you have any feedback on our support, please contact tngfb@microsoft.com Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread. Thanks Gen Lin-MSFT A certificate will be used when the following SMTP session happens:
Free Windows Admin Tool Kit Click here and download it now
December 31st, 2010 2:52am

Hi, Is there any update in this problem?Please remember to click Mark as Answer on the post that helps you, and to click Unmark as Answer if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread. Thanks Gen Lin-MSFT
January 5th, 2011 3:47am

Gen the post you marked as answered was the perfect resolution thanks, sjmp
Free Windows Admin Tool Kit Click here and download it now
January 5th, 2011 8:08am

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics