Monitor unlimited number of servers
Filter log events
Create email and web-based reports

Direct access to Microsoft articles
Customized keywords for major search engines
Access to premium content

Event ID: 12014 Source: MSExchangeTransport

Level
Description
Microsoft Exchange couldn't find a certificate that contains the domain name <name> in the personal store on the local computer. Therefore it is unable to offer the STARTTLS SMTP verb for any connector with a FQDN parameter of <name>. Verify the connector configuration and the installed certificates to make sure that there is a certificate with a domain name for every connector FQDN.
Comments
 
See EV100420 (How to fix MSExchangeTransport Event ID 12014 on Edge and Hub Transport servers).
On our Exchange 2007 server, we got this message because the Self-signed certificate had expired. We had a third party certificate, but the self-signed was still being used by the SMTP service. When I renewed, using

Get-ExchangeCertificate –Thumbprint “58C846DEEA2865CA9E6DD4B42329A9AC994EBF63” | New-ExchangeCertificate,   

and removed the old certificate it stopped reporting the 12014 error.
We had this error 12014 with source MSExchangeTransport showing every 15 minutes in the Application section of the Event Viewer on the Exchange 2007 machine with Hub Transport role. This event is reported when SMTP connectors (Receive and/or Send) are unassigned altogether or assigned an improper SSL certificate. To troubleshoot this error see TB510128 (“How to Troubleshoot STARTTLS Certificate Error 12014”).
The general steps are:
1. Identify already installed certificates: Get-ExchangeCertificate.
2. Create new certificates: New-ExchangeCertificate.
3. Enable certificates: Enable-ExchangeCertificate with -Services "SMTP".
See TechNet article “Creating a Certificate or Certificate Request for TLS” for more details.
As per Microsoft: "This Warning event indicates that there is a problem loading a certificate to be used for STARTTLS purposes. Generally, this problem occurs if one or both of the following conditions is true:
- The fully qualified domain name (FQDN) that is specified in the Warning event has been defined on a Receive connector or Send connector on a Microsoft Exchange Server 2007 transport server, and no certificate is installed on the same computer that contains the FQDN in the Subject or Subject Alternative Name fields.
- A third-party or custom certificate has been installed on the server and it contains a matching FQDN. However, the certificate is not enabled for the SMTP service".

See MSEX2K3DB and TA998840 ("Creating a Certificate or Certificate Request for TLS") for information on solving this problem.
See ME555855 for information on solving this problem.


Windows Event Log Analysis Splunk App

Build a great reporting interface using Splunk, one of the leaders in the Security Information and Event Management (SIEM) field, linking the collected Windows events to www.eventid.net.

Read more...

 

Cisco ASA Log Analyzer Splunk App

Obtain enhanced visibility into Cisco ASA firewall logs using the free Firegen for Cisco ASA Splunk App. Take advantage of dashboards built to optimize the threat analysis process.

Read more...