Event ID/Source search
Keyword searchExample: Windows cannot unload your registry file
Event ID: 12014 Source: MSExchangeTransport
Microsoft Exchange couldn't find a certificate that contains the domain name <name> in the personal store on the local computer. Therefore it is unable to offer the STARTTLS SMTP verb for any connector with a FQDN parameter of <name>. Verify the connector configuration and the installed certificates to make sure that there is a certificate with a domain name for every connector FQDN.
|English: This information is only available to subscribers. An example of English, please!|
|Concepts to understand:|
What is STARTTLS?
See EV100420 (How to fix MSExchangeTransport Event ID 12014 on Edge and Hub Transport servers).
On our Exchange 2007 server, we got this message because the Self-signed certificate had expired. We had a third party certificate, but the self-signed was still being used by the SMTP service. When I renewed, using
Get-ExchangeCertificate –Thumbprint “58C846DEEA2865CA9E6DD4B42329A9AC994EBF63” | New-ExchangeCertificate,
and removed the old certificate it stopped reporting the 12014 error.
We had this error 12014 with source MSExchangeTransport showing every 15 minutes in the Application section of the Event Viewer on the Exchange 2007 machine with Hub Transport role. This event is reported when SMTP connectors (Receive and/or Send) are unassigned altogether or assigned an improper SSL certificate. To troubleshoot this error see TB510128 (“How to Troubleshoot STARTTLS Certificate Error 12014”).
The general steps are:
1. Identify already installed certificates: Get-ExchangeCertificate.
2. Create new certificates: New-ExchangeCertificate.
3. Enable certificates: Enable-ExchangeCertificate with -Services "SMTP".
See TechNet article “Creating a Certificate or Certificate Request for TLS” for more details.
As per Microsoft: "This Warning event indicates that there is a problem loading a certificate to be used for STARTTLS purposes. Generally, this problem occurs if one or both of the following conditions is true:
- The fully qualified domain name (FQDN) that is specified in the Warning event has been defined on a Receive connector or Send connector on a Microsoft Exchange Server 2007 transport server, and no certificate is installed on the same computer that contains the FQDN in the Subject or Subject Alternative Name fields.
- A third-party or custom certificate has been installed on the server and it contains a matching FQDN. However, the certificate is not enabled for the SMTP service".
See MSEX2K3DB and TA998840 ("Creating a Certificate or Certificate Request for TLS") for information on solving this problem.
See ME555855 for information on solving this problem.
|Private comment: Subscribers only. See example of private comment|
|Search: Google - Bing - Microsoft - Yahoo - EventID.Net Queue (0) - More links...|
|Custom search for *****: Google - Bing - Microsoft - Yahoo|
Send comments or solutions
- Notify me when updated