Event ID/Source search
Keyword searchExample: Windows cannot unload your registry file
Event ID: 12025 Source: MSExchangeTransport
An internal transport certificate expired. Thumbprint: CF9511B50EA83055D8E8BBF44A5C5A4591525497
|English: Request a translation of the event description in plain English.|
According to Microsoft, this event indicates that the certificate that was used for internal trust on this computer has expired. Internal trust means that Microsoft Exchange Server 2007 uses a self-signed certificate for encryption. Internal refers to the fact that the data paths are between Exchange 2007 servers and within the corporate network that is defined by Active Directory.
When you subscribe an Edge Transport server to the Exchange organization, the subscription publishes the Edge Transport server certificate in Active Directory for the Hub Transport servers to validate. The Microsoft Exchange EdgeSync service updates ADAM with the set of Hub Transport server certificates for the Edge Transport server to validate.
To resolve this warning, you must use the New-ExchangeCertificate cmdlet to create a new internal transport certificate (also referred to as a direct trust certificate) on the computer that returned this Warning event. Running the New-ExchangeCertificate cmdlet with no arguments creates a Simple Mail Transfer Protocol (SMTP)-enabled certificate for direct trust. For more information, see New-ExchangeCertificate.
If this warning occurred on a Hub Transport server, you must create the internal transport certificate on the Hub Transport server where the warning occurred. After you have created the certificate, restart the Microsoft Exchange EdgeSync service to update the certificate information on the Edge Transport servers that are subscribed to the organization.
If this warning occurred on an Edge Transport server, you must create the internal transport certificate on the Edge Transport server where the warning occurred. After you have created the certificate, resubscribe the Edge Transport server to the Exchange organization to update the certificate information in Active Directory.
If you are not running the Microsoft Exchange EdgeSync service, you must manually update the certificate. For more information, see Configuring Mail Flow Between an Edge Transport Server and Hub Transport Servers Without Using EdgeSync.
If you are not already doing so, consider running the tools that Microsoft Exchange offers to help administrators analyze and troubleshoot their Exchange environment. These tools can help you make sure that your configuration is in line with Microsoft best practices. They can also help you identify and resolve performance issues, improve mail flow, and better manage disaster recovery scenarios. Go to the Toolbox node of the Exchange Management Console to run these tools now. For more information about these tools, see Toolbox in the Exchange Server 2007 Help.
See TA997569 on how to use the remove-exchangecertificate utility to remove an expired certificate.
|Private comment: Subscribers only. See example of private comment|
|Search: Google - Bing - Microsoft - Yahoo - EventID.Net Queue (0) - More links...|
|Custom search for *****: Google - Bing - Microsoft - Yahoo|
Send comments or solutions
- Notify me when updated