Event 12014 - Microsoft Exchange could not find a certificate...

Issue

Microsoft Exchange 2007 regularly logs following errors in Windows Application Logs:

Event ID: 12014
Source: MSExchangeTransport
Level: Error
Description:
Microsoft Exchange could not find a certificate that contains the domain name <server-name.domain.local> in the personal store on the local computer. Therefore, it is unable to support the STARTTLS SMTP verb for the connector Default Send Connector with a FQDN parameter of <server-name.domain.local>. If the connector's FQDN is not specified, the computer's FQDN is used. Verify the connector configuration and the installed certificates to make sure that there is a certificate with a domain name for that FQDN. If this certificate exists, run Enable-ExchangeCertificate -Services SMTP to make sure that the Microsoft Exchange Transport service has access to the certificate key.

 

Resolution

As the error description suggest, the issue is caused by Microsoft Exchange not being able to find a certificate with a certificate domain value as it appears in the default Send Connector (very similar error could be also logged for the Receive Connectors).

To resolve the issue create a new self-signed certificate with matching FQDN and assign it to the SMTP service:

  • Open Exchange Management Console and run: New-exchangecertificate -domainName <server-name.domain.local>
  • It should automatically prompt you to assign the new certificate to the SMTP service. If it doesn't, you can do it manually:
    • Run Get-ExchangeCertificate | FL
    • Copy Thumbprint value of your new certificate
    • Run Enable-ExchangeCertificate -thumbprint "<Thumbprint_Value>" -services SMTP

 

December 2016
Windows Small Business Server 2008
Microsoft Exchange Server 2007

Newsletter

Subscribe to receive occasional updates on new posts.
Your email will not be used for any other purpose and you can unsubscribe at any time.
Please wait