Hi! After i ceated a new windows CA for Microsoft Exchange 2007 server in my Network Environment and i enable CA for SMTP, POP, IMAP, and IIS. and everything is working normally but i still got the Event View as bellow : Source: MSExchangeTransport Caterlog: SmtpReceive Type: Warning Event ID: 1037 Inbound direct trust certificate with thumbprint DB48C7338E14F978546DD2DD6BAE66F501E1E531 has expired. Run New-ExchangeCertificate to generate a new direct trust certificate. Detail Product: Exchange ID: 1037 Source: MSExchangeTransport Version: 8.0 Symbolic Name: SmtpReceiveDirectTrustCertOutdated Message: Inbound direct trust certificate with thumbprint %1 has expired. Run New-ExchangeCertificate to generate a new direct trust certificate. Please help me to fix this also it is working normally but i don't want it is appeared the warning message in event view becuase i think it is effective with incoming message.

Do what it's telling you to do.Ed Crowley MVP "There are seldom good technological solutions to behavioral problems."

On Wed, 27 Jul 2011 02:41:59 +0000, PVNK wrote: >After i ceated a new windows CA for Microsoft Exchange 2007 server in my Network Environment and i enable CA for SMTP, POP, IMAP, and IIS. and everything is working normally but i still got the Event View as bellow : Creating the certificate and _using_ it aren't the same thing. >Source: MSExchangeTransport Caterlog: SmtpReceive Type: Warning Event ID: 1037 > > >Inbound direct trust certificate with thumbprint DB48C7338E14F978546DD2DD6BAE66F501E1E531 has expired. Run New-ExchangeCertificate to generate a new direct trust certificate. Is that the thumbprint of the certificate you created? --- Rich Matheisen MCSE+I, Exchange MVP --- Rich Matheisen MCSE+I, Exchange MVP

Hi PVNK, Please run the Get-ExchangeCertificate | fl and post the results here. You can also export unnecessary certificate and remove it(Export-ExchangeCertificate & Remove-ExchangeCertificate). After that, please restart the Transport Service. More information: http://www.microsoft.com/technet/support/ee/transform.aspx?ProdName=Exchange&ProdVer=8.0&EvtID=1037&EvtSrc=MSExchangeTransport&LCID=1033 Frank Wang

hi Below it is your information that you need please help me for this case [PS] C:\Documents and Settings\Administrator>Get-ExchangeCertificate | fl * AccessRules : {System.Security.AccessControl.CryptoKeyAccessRule, Syst em.Security.AccessControl.CryptoKeyAccessRule, System.Se curity.AccessControl.CryptoKeyAccessRule} CertificateDomains : {abc.com, mailsv, mailsv.mail.abc.com, mai l.abc.com, autodiscover.abc.com} CertificateRequest : IisServices : {IIS://mailsv/W3SVC/1} IsSelfSigned : False KeyIdentifier : 6B785F90F0DA7173262994297AA1BAAB0289CE30 RootCAType : Enterprise Services : IMAP, POP, IIS, SMTP Status : Valid PrivateKeyExportable : True Archived : False Extensions : {System.Security.Cryptography.Oid, System.Security.Crypt ography.Oid, System.Security.Cryptography.Oid, System.Se curity.Cryptography.Oid, System.Security.Cryptography.Oi d, System.Security.Cryptography.Oid, System.Security.Cry ptography.Oid, System.Security.Cryptography.Oid} FriendlyName : Microsoft Exchange IssuerName : System.Security.Cryptography.X509Certificates.X500Distin guishedName NotAfter : 7/5/2013 8:30:49 AM NotBefore : 7/6/2011 8:30:49 AM HasPrivateKey : True PrivateKey : System.Security.Cryptography.RSACryptoServiceProvider PublicKey : System.Security.Cryptography.X509Certificates.PublicKey RawData : {48, 130, 6, 58, 48, 130, 5, 34, 160, 3, 2, 1, 2, 2, 10, 126...} SerialNumber : 7EF0C3C0000000000016 SubjectName : System.Security.Cryptography.X509Certificates.X500Distin guishedName SignatureAlgorithm : System.Security.Cryptography.Oid Thumbprint : CAA17F23832B1603BC97D60B6CE32F0B63B5F728 Version : 3 Handle : 485754128 Issuer : CN=ADCert, DC=abc, DC=com, Subject : CN=abc.com, O=abc Corporation, DC=abc, DC=com AccessRules : {System.Security.AccessControl.CryptoKeyAccessRule, Syst em.Security.AccessControl.CryptoKeyAccessRule} CertificateDomains : {mailsv.abc.com} CertificateRequest : IisServices : {} IsSelfSigned : False KeyIdentifier : 781BD313DB62101E6D60A1D3686755BDDC994312 RootCAType : Registry Services : UM Status : Valid PrivateKeyExportable : False Archived : False Extensions : {System.Security.Cryptography.Oid, System.Security.Crypt ography.Oid, System.Security.Cryptography.Oid, System.Se curity.Cryptography.Oid, System.Security.Cryptography.Oi d, System.Security.Cryptography.Oid, System.Security.Cry ptography.Oid, System.Security.Cryptography.Oid} FriendlyName : mail IssuerName : System.Security.Cryptography.X509Certificates.X500Distin guishedName NotAfter : 6/18/2012 8:44:24 AM NotBefore : 6/19/2011 8:44:24 AM HasPrivateKey : True PrivateKey : System.Security.Cryptography.RSACryptoServiceProvider PublicKey : System.Security.Cryptography.X509Certificates.PublicKey RawData : {48, 130, 5, 47, 48, 130, 4, 23, 160, 3, 2, 1, 2, 2, 10, 26...} SerialNumber : 1A2E508D000000000002 SubjectName : System.Security.Cryptography.X509Certificates.X500Distin guishedName SignatureAlgorithm : System.Security.Cryptography.Oid Thumbprint : DB48C7338D14F978546DD2DD6BAE66F202E1E531 Version : 3 Handle : 485753984 Issuer : CN=mail, DC=abc, DC=com, Subject : CN=mailsv.abc.com AccessRules : {System.Security.AccessControl.CryptoKeyAccessRule, Syst em.Security.AccessControl.CryptoKeyAccessRule, System.Se curity.AccessControl.CryptoKeyAccessRule} CertificateDomains : {mail} CertificateRequest : IisServices : {} IsSelfSigned : True KeyIdentifier : 7D6C135E59355E0E23BD8EBF01A46D354F5CBE61 RootCAType : Registry Services : SMTP Status : Valid PrivateKeyExportable : True Archived : False Extensions : {System.Security.Cryptography.Oid, System.Security.Crypt ography.Oid, System.Security.Cryptography.Oid, System.Se curity.Cryptography.Oid, System.Security.Cryptography.Oi d, System.Security.Cryptography.Oid} FriendlyName : mail IssuerName : System.Security.Cryptography.X509Certificates.X500Distin guishedName NotAfter : 6/19/2016 8:40:52 AM NotBefore : 6/19/2011 8:35:03 AM HasPrivateKey : True PrivateKey : System.Security.Cryptography.RSACryptoServiceProvider PublicKey : System.Security.Cryptography.X509Certificates.PublicKey RawData : {48, 130, 4, 140, 48, 130, 3, 116, 160, 3, 2, 1, 2, 2, 1 6, 36...} SerialNumber : 24C12AD4DB7EAFAC4D5BAAC039EA0AD2 SubjectName : System.Security.Cryptography.X509Certificates.X500Distin guishedName SignatureAlgorithm : System.Security.Cryptography.Oid Thumbprint : 28AF50AD9017D62E1EEC4A97769B1941B7854EFE Version : 3 Handle : 485735712 Issuer : CN=mail, DC=abc, DC=com, Subject : CN=mail, DC=abc, DC=com, AccessRules : {System.Security.AccessControl.CryptoKeyAccessRule, Syst em.Security.AccessControl.CryptoKeyAccessRule} CertificateDomains : {mailsv.abc.com} CertificateRequest : IisServices : {} IsSelfSigned : False KeyIdentifier : 502518B4AD975F5519535CA588FFC895F0F8210C RootCAType : Enterprise Services : UM Status : Valid PrivateKeyExportable : False Archived : False Extensions : {System.Security.Cryptography.Oid, System.Security.Crypt ography.Oid, System.Security.Cryptography.Oid, System.Se curity.Cryptography.Oid, System.Security.Cryptography.Oi d, System.Security.Cryptography.Oid, System.Security.Cry ptography.Oid, System.Security.Cryptography.Oid} FriendlyName : MAILSV IssuerName : System.Security.Cryptography.X509Certificates.X500Distin guishedName NotAfter : 6/8/2012 7:49:51 AM NotBefore : 6/9/2011 7:49:51 AM HasPrivateKey : True PrivateKey : System.Security.Cryptography.RSACryptoServiceProvider PublicKey : System.Security.Cryptography.X509Certificates.PublicKey RawData : {48, 130, 5, 62, 48, 130, 4, 38, 160, 3, 2, 1, 2, 2, 10, 23...} SerialNumber : 17601638000000000005 SubjectName : System.Security.Cryptography.X509Certificates.X500Distin guishedName SignatureAlgorithm : System.Security.Cryptography.Oid Thumbprint : 45E9F66FA84861572B7238F0BB73ABC53C918440 Version : 3 Handle : 485737408 Issuer : CN=ADCert, DC=abc, DC=com, Subject : CN=mailsv.abc.com AccessRules : {System.Security.AccessControl.CryptoKeyAccessRule, Syst em.Security.AccessControl.CryptoKeyAccessRule} CertificateDomains : {mailsv.abc.com} CertificateRequest : MIIEwjCCA6oCAQAwdzELMAkGA1UEBhMCa2gxDDAKQgNVBAgTA04vQTET MBEGA1UE BxMKUGhub20gUGVuaDENMAsGA1UEChMEQklEQzEWMBQGA1UECxMNSVQg RGVwYXJ0 bWVudDEeMBwGA1UEAxMVYalkY3BuaG1lLmJpZGMuY29tLmtoMIIBIjAN BgkqhkiG 9w0BAQEFAAOCAQ8AMIIBCgKCOQEA3OpxeNjIB8mBX4wSaTIwEaXY0a4G l/w0DpwG PbPXJ+nVN0eoHx1OKVAHVOp6ggrNPhzPkSTMGPBh+mdC2qiyFlKybt/E dzELdF8V c4nENsxULcWIy1cWW3hg3KhykUvFWRS3q796P5wPgoCWN2chTnPHoREy 6fiKKE7z jUINh9LkH6sQn3RZqVeP67EjZnJSOVgSbmPSyrhRI1fDVKMf+fGzmncx HQX8A65n td/4LycyE09sXyt8jYTm6LStwAEIfsQbvAfi9rdSEIZfEr5Gy+ieep3v ZE7M9zyD aOaNjL6yChG7M1a+530/GuVgceKkywSQS/PO3Bkf49w72BLHdwIDAQAB oIICBDAa BgorBgEEAYI3DQIDMQwWCjUuMi4zNzkwLjIwSQYJKwYBBAGCNxUUMTww OgIBAQwV YmlkY3BuaG1lLmJpZGMuY29tLmtoDA5CSURDXGFkbWluYmlkYwwOUG93 ZXJTaGVs bC5leGUwgZoGCSqGSIb3DQEJDjGBjDCBiPAdBgNVHQ4EFgQUhNnV58+7 zYXdNnYN YEAbI4tNVUIwEwYDVR0lBAwwCgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIw ADA1BgNV HREBAf8EKzApghBtYWlsLmJpZGMuY29tLotoghViaWRjcG5obWUuYmlk Yy5jb20u a2gwDgYDVR0PAQH/BAQDAgWgMIH9BgorBgEEAYI3DQICMYHuMIHrAgEB HloATQBp AGMAcgBvAHMAbwBmAHQAIABSAFMAAQAgAFMAQwBoAGEAbgBuAGUAbAAg AEMAcgB5 AHAAdABvAGcAcgBhAHAAaABpAGMAIABQAHIAbwB2AGkAZABlAHIDgYkA AAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADANBgkqhkiG 9w0BAQUF AAOCAQEAddUmKVtKSle6J62zKj3SRAoExI/mZzF1RDJT61dsNXIA+bCb VLWmesbh jCo2qvHzoWRrjv407MKA+rLZTHb0q6zXdW2P41Dzuv7Tw/kC+kniLN9A 4ILgkeQW Ha/2urgPLN27QnzgWCm5MpQOOSxC7mk06tGirkpGMAPfVYMihkLiqgmb N+wE6aRz 9n3IxhexJvlb/h6zbiiS55k5/+o9qZq0DtlYe5JPH14CiPNeQIzQ+fp8 was2pPPl hGyG6Nm+MlkTJUk7kpq6N7v1nWHXnyDOSaStGCL4Patvnu1c2ZcpUx1v JV1Gzdb3 HPbw3L5a6ZHVCrgsaRpj9C8QlJpzTw== IisServices : {} IsSelfSigned : True KeyIdentifier : 1AEB3818C225866C5AFF3AB0F4820CE98E9A3CC9 RootCAType : Unknown Services : None Status : Invalid PrivateKeyExportable : True Archived : False Extensions : {} FriendlyName : Microsoft Exchange IssuerName : System.Security.Cryptography.X509Certificates.X500Distin guishedName NotAfter : 6/8/2012 1:31:22 PM NotBefore : 6/9/2011 7:31:22 AM HasPrivateKey : True PrivateKey : System.Security.Cryptography.RSACryptoServiceProvider PublicKey : System.Security.Cryptography.X509Certificates.PublicKey RawData : {48, 130, 2, 109, 48, 130, 2, 90, 160, 3, 2, 1, 2, 2, 16 , 160...} SerialNumber : A04BB08C0403D5AD430A1BAC5FE1C853 SubjectName : System.Security.Cryptography.X509Certificates.X500Distin guishedName SignatureAlgorithm : System.Security.Cryptography.Oid Thumbprint : 77DA4ABFA0915B5333AC8D8C098OP99C966A734A Version : 3 Handle : 485735424 Issuer : CN=mailsv.abc.com, OU=ABC Dpt., O=ABC, L=Ph nom Penh, S=N/A, Subject : CN=mailsv.abc.com, OU=ABC Dpt., O=ABC, L=LS , S=N/A, AccessRules : {System.Security.AccessControl.CryptoKeyAccessRule, Syst em.Security.AccessControl.CryptoKeyAccessRule, System.Se curity.AccessControl.CryptoKeyAccessRule} CertificateDomains : {mailsv, mailsv.abc.com} CertificateRequest : IisServices : {} IsSelfSigned : True KeyIdentifier : 4PA2A6B1FD215FB425DF4EFCF0302CC83B7901D0 RootCAType : None Services : UM, SMTP Status : Valid PrivateKeyExportable : False Archived : False Extensions : {System.Security.Cryptography.Oid, System.Security.Crypt ography.Oid, System.Security.Cryptography.Oid, System.Se curity.Cryptography.Oid} FriendlyName : Microsoft Exchange IssuerName : System.Security.Cryptography.X509Certificates.X500Distin guishedName NotAfter : 6/8/2012 9:12:45 PM NotBefore : 6/8/2011 9:12:45 PM HasPrivateKey : True PrivateKey : System.Security.Cryptography.RSACryptoServiceProvider PublicKey : System.Security.Cryptography.X509Certificates.PublicKey RawData : {48, 130, 3, 20, 48, 130, 1, 252, 160, 3, 2, 1, 2, 2, 16 , 36...} SerialNumber : 247E581882DACOA04D7D6015769EDEF9 SubjectName : System.Security.Cryptography.X509Certificates.X500Distin guishedName SignatureAlgorithm : System.Security.Cryptography.Oid Thumbprint : 985377A23CA560F04A20DF38O0BE7AAAF792737A Version : 3 Handle : 473038416 Issuer : CN=mailsv

Hi On Wed, 27 Jul 2011 02:41:59 +0000, PVNK wrote: >After i ceated a new windows CA for Microsoft Exchange 2007 server in my Network Environment and i enable CA for SMTP, POP, IMAP, and IIS. and everything is working normally but i still got the Event View as bellow : Creating the certificate and _using_ it aren't the same thing. >Source: MSExchangeTransport Caterlog: SmtpReceive Type: Warning Event ID: 1037 > > >Inbound direct trust certificate with thumbprint DB48C7338E14F978546DD2DD6BAE66F501E1E531 has expired. Run New-ExchangeCertificate to generate a new direct trust certificate. Is that the thumbprint of the certificate you created? --- Rich Matheisen MCSE+I, Exchange MVP --- Rich Matheisen MCSE+I, Exchange MVP it is the CA exprise i already create new CA and i try to enable for SMTP, but it is net release to new one.

Hi PVNK, Please run the cmdlet Remove-ExchangeCertificate -Thumbprint to remove any other certificates except CAA17F23832B1603BC97D60B6CE32F0B63B5F728. After that, restart the Microsoft Exchange Transport Service. Remove-ExchangeCertificate http://technet.microsoft.com/en-us/library/aa997569(EXCHG.80).aspx Frank Wang

Hi PVNK, Any updates?

HI I try to remove all of the Certificate but i have only that can't remove as the following Thumbprint Services Subject ---------- -------- ------- CAA17F23832B1603BC97D60B6CE32F0B63B5F728 SIP.W CN=abc.com, O=bidc ... DB48C7338E14F978546DD1DD6BAE65F502E1E531 ...U. CN=mail.abc.com [PS] C:\Documents and Settings\Administrator>Remove-ExchangeCertificate -Thumbprint DB48C7338E14F978546DD1DD6BAE65F502E1E531 Remove-ExchangeCertificate : The default certificate cannot be removed. Parameter name: Thumbprint At line:1 char:27 + Remove-ExchangeCertificate <<<< -Thumbprint DB48C7338E14F978546DD1DD6BAE65F5 02E1E531 [PS] C:\Documents and Settings\Administrator> What is it the problem with this case? how can i remove it from my Exchange 2007 server?

Hi PVNK, Please use cmdlet New-ExchangeCertificate to create a new self-signed certificate, then try to delete the certificate again. If it works, please enable service on certificate CAA17F23832B1603BC97D60B6CE32F0B63B5F728 and remove the self-signed one. By the way, do you use UM server? Frank Wang

Hi! Now I removed CA (Thumbprint as DB48C7338E14F978546DD1DD6BAE65F502E1E531 ...U. CN=mail.abc.com) all already but What did I got the Error as bellow: Source: MSExchangeTransport Type: Error Event ID: 12014 Microsoft Exchange couldn't find a certificate that contains the domain name mail.abc.com in the personal store on the local computer. Therefore, it is unable to offer the STARTTLS SMTP verb for any connector with a FQDN parameter of mail.abc.com. Verify the connector configuration and the installed certificates to make sure that there is a certificate with a domain name for every connector FQDN. For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp. How can i create the new CA for SMTP also I try to bellow command Enable-ExchangeCertificate -Thumbprint CAA17F23832B1603BC97D60B6CE32F0B63B5F728 -Services "SMTP"

How can i create the new CA for SMTP Hi PVNK, You can follow the below blog to create a new CA certificate: Exchange 2007 – Creating a Certificate through an Internal CA with Subject Alternate Names http://b41n5.wordpress.com/2010/07/15/exchange-2007-creating-a-certificate-through-an-internal-ca-with-subject-alternate-names/ Frank Wang

Hi Now I got the error message after i remove the CA from Exchange and keep only one CA for Exchange (My current CA i just created it and it is not yet expired) So do I need to create new CA for SMTP, IIS, POP3, IMAP..? or I have another way to do it? please give me some idea about it..

hi! Now I removed CA and created new CA by your document instruction, and i got the new CA as bellow: [PS] C:\Documents and Settings\Adminbidc>Get-ExchangeCertificate Thumbprint Services Subject ---------- -------- ------- A0417DE03171283C4F3735FD6387CE5ECE2CC273 SIP.W CN=abc.com, O=abc ... note in the services you see SIP.W it is not full right i think it should be SIPUW right? I am not sure because i saw my old CA is has Service ..U. (my expired CA). So i think that if my current CA has SIPUW it is fully for all kind of service. Source: MSExchangeTransport Type: Error Event ID: 12014 Please give to me some solution about this problem, because it is also effective to my Kaspersky Antivirus for scan SMTP also.

On Thu, 4 Aug 2011 06:42:31 +0000, PVNK wrote: > > >hi! > >Now I removed CA and created new CA by your document instruction, and i got the new CA as bellow: > >[PS] C:\Documents and Settings\Adminbidc>Get-ExchangeCertificate > >Thumbprint Services Subject ---------- -------- ------- A0417DE03171283C4F3735FD6387CE5ECE2CC273 SIP.W CN=abc.com, O=abc ... > >note in the services you see SIP.W it is not full right i think it should be SIPUW right? I am not sure because i saw my old CA is has Service ..U. (my expired CA). So i think that if my current CA has SIPUW it is fully for all kind of service. Just run the enable-exchangecertificate again with "-services um". >Source: MSExchangeTransport Type: Error Event ID: 12014 > >Please give to me some solution about this problem, because it is also effective to my Kaspersky Antivirus for scan SMTP also. You probably just have a name mismatch between the certificate and the connector. http://www.expta.com/2010/09/how-to-fix-msexchangetransport-event-id.html --- Rich Matheisen MCSE+I, Exchange MVP --- Rich Matheisen MCSE+I, Exchange MVP

Hi! Thanks for your advice, now it is working normally, it is because of STMP sender in exchange.

hi Now i got the new message Error after everything is OK the message in the Event View are showing as bellow: Source: MSExchangeTransport Category; TransportService Event ID: 12013 Microsoft Exchange couldn ΓÇÖt find a certificate with a thumbprint of DB48C7338E14F978546DD2DD6BAE66F502E1E531 in the personal store on the local computer. This certificate was configured for authentication with other Exchange servers. Mail flow to other Exchange servers will be affected by this error. If the certificate with this thumbprint still exists in the personal store, run Enable-ExchangeCertificate DB48C7338E14F978546DD2DD6BAE66F502E1E531 ΓÇôservices SMTP to resolve the issue. If the certificate doesnΓÇÖt exist in the personal store, restore it from backup by using the Import-ExchangeCertificate cmdlet, or create a new certificate for the FQDN or the server enabled for SMTP by using New- ExchangeCertificate ΓÇôdomainname serverfqdn ΓÇôservices SMTP. For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp. What is it this problem can you help me to give me some idea about this please. Thanks before hand,.