Monitor unlimited number of servers
Filter log events
Create email and web-based reports

Direct access to Microsoft articles
Customized keywords for major search engines
Access to premium content

Event ID: 12013 Source: MSExchangeTransport

Level
Description
Microsoft Exchange couldn't find a certificate with a thumbprint of 73A9C8A1674A0C1B888BEC98762E03CBDC5038DE in the personal store on the local computer. This certificate was configured for authentication with other Exchange servers. Mail flow to other Exchange servers will be affected by this error. If the certificate with this thumbprint still exists in the personal store run Enable-ExchangeCertificate 73A9C8A1674A0C1B888BEC98762E03CBDC5038DE <services> SMTP to resolve the issue. If the certificate doesn't exist in the personal store restore it from backup by using the Import-ExchangeCertificate cmdlet or create a new certificate for the FQDN or the server enabled for SMTP by using New- ExchangeCertificate <domain name server fqdn> services SMTP.
Comments
 
This happens when you are missing an authorized certificate with the FQDN, and Exchange keeps calling it up to start certain services. Usually this certificate is made when you first install Exchange, but said certificate can be deleted through various means and the system does not prompt you with a warning. Not a lethal error that kills Exchange outright, but it causes some gremlin issues you might overlook.

As per article "New-ExchangeCertificate" from TechNet, you need to use the following cmdlet in the EMS:
New-ExchangeCertificate -DomainController <FQDN>

Replace <FQDN> in the command above, with the fully qualified domain name of the server that shows up in your event id error log. Usually it is something like server.domain.local.

After doing this, you might get EventID 2159 from MSExchangeADAccess. If this is so, you'll need to setup the Certificate Manager, as explained in "How to Add Certificate Manager to Microsoft Management Console" from TechNet.

Export the FQDN certificate you just made using the cmdlet mentioned previously (normally found under Certificates (Local Computer) Personal -> Certificate), and import it into the Certificate folder located under Trusted Root Certification Authority. That will clear the Event ID 2159 error, because you have made the cert authorized.

Windows Event Log Analysis Splunk App

Build a great reporting interface using Splunk, one of the leaders in the Security Information and Event Management (SIEM) field, linking the collected Windows events to www.eventid.net.

Read more...

 

Cisco ASA Log Analyzer Splunk App

Obtain enhanced visibility into Cisco ASA firewall logs using the free Firegen for Cisco ASA Splunk App. Take advantage of dashboards built to optimize the threat analysis process.

Read more...