Monitor unlimited number of servers
Filter log events
Create email and web-based reports

Direct access to Microsoft articles
Customized keywords for major search engines
Access to premium content

Event ID: 12023 Source: MSExchangeTransport

Level
Description
Microsoft Exchange could not load the certificate with thumbprint of <old_certificate_thumbprint> from the personal store on the local computer. This certificate was configured for authentication with other Exchange servers. Mail flow to other Exchange servers could be affected by this error. If the certificate with this thumbprint still exists in the personal store run Enable-ExchangeCertificate <old_certificate_thumbprint> -Services SMTP to resolve the issue. If the certificate does not exist in the personal store restore it from backup by using the Import-ExchangeCertificate cmdlet or create a new certificate for the FQDN or the server enabled for SMTP by running the following command: New-ExchangeCertificate -DomainName serverfqdn -Services SMTP. Meanwhile the certificate with thumbprint <new_certificate_thumbprint> is being used.
Comments
 
I got this warning on an SBS 2008 Server where I had replaced the originally generated self-signed certificate for my server's external FQDN. For some reason the new certificate hadn't properly registered as replacing the old one in Exchange didn't seem to cause any delivery/receipt issues but the warning was a little worrying. Strangely running Get-ExchangeCertificate produced the following result:

[PS] C:\Windows\system32>Get-ExchangeCertificate

Thumbprint                                Services   Subject
----------                                --------   -------

<new_certificate_thumbprint>  IP.WS      CN=<external_fqdn>

Indicating that my new certificate was supposedly already enabled.

The Microsoft TechNet detail for this event was unhelpful: MSEX2K3DB.

I decided to try and forcibly re-enable the certificate for the relevant services. I ran the following commands from the Exchange Management Shell:

[PS] C:\Windows\system32>Enable-ExchangeCertificate -Thumbprint <new_certificate_thumbprint> -Services None
[PS] C:\Windows\system32>Enable-ExchangeCertificate -Thumbprint <new_certificate_thumbprint> -Services "IMAP POP IIS SMTP"

Confirm
Overwrite existing default SMTP certificate '<old_certificate_thumbprint>' (expires <old_certificate_expiration_date>) with certificate '<new_certificate_thumbprint>' (expires <new_certificate_expiration_date>)
[Y] Yes  [A] Yes to All  [N] No  [L] No to All  [S] Suspend  [] Help (default is "Y"): A

Again running Get-ExchangeCertificate produced the following result:

[PS] C:\Windows\system32>Get-ExchangeCertificate

Thumbprint                                Services   Subject
----------                                --------   -------

<new_certificate_thumbprint>  IP.WS      CN=<external_fqdn>

But the following event was record in the Application log:

Source: MSExchangeTransport
Event ID: 16002
The new transport server configuration has been read and components have been notified.

After this no more warnings were encountered.

Windows Event Log Analysis Splunk App

Build a great reporting interface using Splunk, one of the leaders in the Security Information and Event Management (SIEM) field, linking the collected Windows events to www.eventid.net.

Read more...

 

Cisco ASA Log Analyzer Splunk App

Obtain enhanced visibility into Cisco ASA firewall logs using the free Firegen for Cisco ASA Splunk App. Take advantage of dashboards built to optimize the threat analysis process.

Read more...