Group_007
asked on
Microsoft Exchange 2007 R2 Certificate errors Event ID 12014
Hello EE:
here's the scenario.
Yesterday I noticed an expired certificate in and had event logs complaiining about it. After I replaced the expired cert with a new cert I began to receive a new Event ID: 12014. Which contains:
Microsoft Exchange could not find a certificate that contains the domain name data1.xxx.com in the personal store on the local computer. Therefore it is unable to support the STARTTLS SMTP verb for connector DefaultInternet w/ FQDN parameter of data1.xxx.com. Verify the connectors configuration and the installed certificate to make sure there is a certificate w/ a domain name for the FQDN.
My questions are:
1. How do I go back and look at the cert that had expired to see how it was configured? I am thinking that my new cert did not have the correct parameters for data1.xxx.com
2. The data1.xxx.com is our external DNS pointer for our MX records for xxx.com. So by the Event errors I am guessing that I need to take care of this error asap.
3. If i install/redo the cert; it is necessary to verify connectors and such. This Exchange has been in place for several years so I now it is set up and configured correctly.
Thanks in advance!
here's the scenario.
Yesterday I noticed an expired certificate in and had event logs complaiining about it. After I replaced the expired cert with a new cert I began to receive a new Event ID: 12014. Which contains:
Microsoft Exchange could not find a certificate that contains the domain name data1.xxx.com in the personal store on the local computer. Therefore it is unable to support the STARTTLS SMTP verb for connector DefaultInternet w/ FQDN parameter of data1.xxx.com. Verify the connectors configuration and the installed certificate to make sure there is a certificate w/ a domain name for the FQDN.
My questions are:
1. How do I go back and look at the cert that had expired to see how it was configured? I am thinking that my new cert did not have the correct parameters for data1.xxx.com
2. The data1.xxx.com is our external DNS pointer for our MX records for xxx.com. So by the Event errors I am guessing that I need to take care of this error asap.
3. If i install/redo the cert; it is necessary to verify connectors and such. This Exchange has been in place for several years so I now it is set up and configured correctly.
Thanks in advance!
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
I have ran the command but I'm not sure what the parameter requirements need to be to regenerate the data1.xxx.com. I know how to run the cmd for certificates but I'm not sure how to view the old certificate that I had removed with the remove command.
ASKER
Comment to answer 2: will do on your suggestion for answer 2 and will reply.
Is the old certificate still available if view via MMC? To proceed further, please advice if you see certificate error while accessing Outlook Web Access? Create a new outlook profile using autodiscover and also run MS Connectivity settings (https://www.testexchangeconnectivity.com/) then post the result here
ASKER
Setting up a new profile makes it past the "allow" autodiscover prompt. But then complains about an encrypted connection to you mail server is not available. Click next to attempt using an unencrypted connection.
Log on to server (unencrypted). I then get a prompt to either configure manually. I try to connect manually using out companies webmail address. I get the error: The content source <mapi://{S-1-5-21-34610654 00-4013944 075-129963 3618-1004} /> cannot be accessed.
Responce from Connectivity test:
Testing RPC/HTTP connectivity.
The RPC/HTTP test failed.
Test Steps
ExRCA is attempting to test Autodiscover for tmcentire@kmgchemicals.com .
Testing Autodiscover failed.
Test Steps
Attempting each method of contacting the Autodiscover service.
The Autodiscover service couldn't be contacted successfully by any method.
Test Steps
Attempting to test potential Autodiscover URL https://kmgchemicals.com/AutoDiscover/AutoDiscover.xml
Testing of this potential Autodiscover URL failed.
Test Steps
Attempting to resolve the host name kmgchemicals.com in DNS.
The host name resolved successfully.
Additional Details
IP addresses returned: 70.42.5.173
Testing TCP port 443 on host kmgchemicals.com to ensure it's listening and open.
The port was opened successfully.
Testing the SSL certificate to make sure it's valid.
The SSL certificate failed one or more certificate validation checks.
Test Steps
ExRCA is attempting to obtain the SSL certificate from remote server kmgchemicals.com on port 443.
ExRCA successfully obtained the remote SSL certificate.
Additional Details
Remote Certificate Subject: OU=Software appliances, O=TurnKey Linux, Issuer: OU=Software appliances, O=TurnKey Linux.
Validating the certificate name.
Certificate name validation failed.
Additional Details
ExRCA couldn't parse the common name from certificate subject OU=Software appliances, O=TurnKey Linux.
Attempting to test potential Autodiscover URL https://autodiscover.kmgchemicals.com/AutoDiscover/AutoDiscover.xml
Testing of this potential Autodiscover URL failed.
Test Steps
Attempting to resolve the host name autodiscover.kmgchemicals. com in DNS.
The host name couldn't be resolved.
Tell me more about this issue and how to resolve it
Additional Details
Host autodiscover.kmgchemicals. com couldn't be resolved in DNS InfoDomainNonexistent.
Attempting to contact the Autodiscover service using the HTTP redirect method.
The attempt to contact Autodiscover using the HTTP Redirect method failed.
Test Steps
Attempting to resolve the host name autodiscover.kmgchemicals. com in DNS.
The host name couldn't be resolved.
Tell me more about this issue and how to resolve it
Additional Details
Host autodiscover.kmgchemicals. com couldn't be resolved in DNS InfoDomainNonexistent.
Attempting to contact the Autodiscover service using the DNS SRV redirect method.
ExRCA failed to contact the Autodiscover service using the DNS SRV redirect method.
Test Steps
Attempting to locate SRV record _autodiscover._tcp.kmgchem icals.com in DNS.
The Autodiscover SRV record was successfully retrieved from DNS.
Additional Details
The Service Location (SRV) record lookup returned host mail.kmgchemicals.com.
Attempting to test potential Autodiscover URL https://mail.kmgchemicals.com/Autodiscover/Autodiscover.xml
Testing of this potential Autodiscover URL failed.
Test Steps
Attempting to resolve the host name mail.kmgchemicals.com in DNS.
The host name couldn't be resolved.
Tell me more about this issue and how to resolve it
Additional Details
Host mail.kmgchemicals.com couldn't be resolved in DNS InfoDomainNonexistent.
Exchange-autodiscover.docx
Log on to server (unencrypted). I then get a prompt to either configure manually. I try to connect manually using out companies webmail address. I get the error: The content source <mapi://{S-1-5-21-34610654
Responce from Connectivity test:
Testing RPC/HTTP connectivity.
The RPC/HTTP test failed.
Test Steps
ExRCA is attempting to test Autodiscover for tmcentire@kmgchemicals.com
Testing Autodiscover failed.
Test Steps
Attempting each method of contacting the Autodiscover service.
The Autodiscover service couldn't be contacted successfully by any method.
Test Steps
Attempting to test potential Autodiscover URL https://kmgchemicals.com/AutoDiscover/AutoDiscover.xml
Testing of this potential Autodiscover URL failed.
Test Steps
Attempting to resolve the host name kmgchemicals.com in DNS.
The host name resolved successfully.
Additional Details
IP addresses returned: 70.42.5.173
Testing TCP port 443 on host kmgchemicals.com to ensure it's listening and open.
The port was opened successfully.
Testing the SSL certificate to make sure it's valid.
The SSL certificate failed one or more certificate validation checks.
Test Steps
ExRCA is attempting to obtain the SSL certificate from remote server kmgchemicals.com on port 443.
ExRCA successfully obtained the remote SSL certificate.
Additional Details
Remote Certificate Subject: OU=Software appliances, O=TurnKey Linux, Issuer: OU=Software appliances, O=TurnKey Linux.
Validating the certificate name.
Certificate name validation failed.
Additional Details
ExRCA couldn't parse the common name from certificate subject OU=Software appliances, O=TurnKey Linux.
Attempting to test potential Autodiscover URL https://autodiscover.kmgchemicals.com/AutoDiscover/AutoDiscover.xml
Testing of this potential Autodiscover URL failed.
Test Steps
Attempting to resolve the host name autodiscover.kmgchemicals.
The host name couldn't be resolved.
Tell me more about this issue and how to resolve it
Additional Details
Host autodiscover.kmgchemicals.
Attempting to contact the Autodiscover service using the HTTP redirect method.
The attempt to contact Autodiscover using the HTTP Redirect method failed.
Test Steps
Attempting to resolve the host name autodiscover.kmgchemicals.
The host name couldn't be resolved.
Tell me more about this issue and how to resolve it
Additional Details
Host autodiscover.kmgchemicals.
Attempting to contact the Autodiscover service using the DNS SRV redirect method.
ExRCA failed to contact the Autodiscover service using the DNS SRV redirect method.
Test Steps
Attempting to locate SRV record _autodiscover._tcp.kmgchem
The Autodiscover SRV record was successfully retrieved from DNS.
Additional Details
The Service Location (SRV) record lookup returned host mail.kmgchemicals.com.
Attempting to test potential Autodiscover URL https://mail.kmgchemicals.com/Autodiscover/Autodiscover.xml
Testing of this potential Autodiscover URL failed.
Test Steps
Attempting to resolve the host name mail.kmgchemicals.com in DNS.
The host name couldn't be resolved.
Tell me more about this issue and how to resolve it
Additional Details
Host mail.kmgchemicals.com couldn't be resolved in DNS InfoDomainNonexistent.
Exchange-autodiscover.docx
ASKER
So I think I need to create a new cert but Im not sure about the paramenters.
get-exchangecertificate | fl