Kazmarek

Free Site Analysis 1-858-952-5400
REMOTE ASSISTANCE
  • Home
  • OnGoing Management
  • IT Services
    • Microsoft 365, Exchange Services, and Consulting
    • Cloud Solutions
    • Virtualization
    • Mobility
    • Backup & Disaster Recovery
    • Server Installation/Migration
    • VoIP
    • Network & System Administration
    • Additional Solutions
  • Why Kazmarek
    • Case Studies
    • Testimonials
    • KTS Values
  • For Clients
    • O365 Log In
    • Client Portal
    • KTS Documents
    • SonicWALL VPN Client
  • News
    • Newsletters
  • Who We Are
    • Company
    • Team
    • KTS E-Award Winners
    • KTS Values
    • Charities We Support
  • Contact Us
    • Contact Us
    • Careers

Exchange 2007 Certificate Errors

July 31, 2007 by Kazmarek Administrator

I received several certificate errors when attempting to connect Outlook to Exchange 2007.  This is because Outlook 2007 and Exchange 2007 encrypt all communications between themselves.  The solution was to create a new certificate (using Exchange PowerShell) for the intranet.  The relevent Microsoft Article can be found here:

http://technet.microsoft.com/en-us/library/aa995942.aspx

**This article says to use the same cert for IIS however, to use a third party cert (i.e. from Thawte) don’t include IIS when assigning the certficate to services.  If you do (as I originally did) use the following command:

Get-ExchangeCertificate -DomainName “<Exchange-Server-Name>” 

to get the thumbprint of the third party certificate and then use the command:

Enable-ExchangeCertificate -thumbprint <certificate-thumbprint> -services “IIS,SMTP”

to assign it to IIS and SMTP (see below).

I was then noticing some issues with Outlook Anywhere and found the following in the event log:

Product:
Exchange

ID:
12014

Source:
MSExchangeTransport

Version:
8.0

Symbolic Name:
CannotLoadSTARTTLSCertificateFromStore

Message:
Microsoft Exchange couldn’t find a certificate that contains the domain name %1 in the personal store on the local computer. Therefore, it is unable support the STARTTLS SMTP verb for the connector %2 with a FQDN parameter of %1 (if connector’s FQDN is not specified, the machine’s FQDN is used). Verify that connector configuration and the installed certificates to make sure that there is a certificate with a domain name for that connector FQDN. If this certificate exists, run Enable-ExchangeCertificate –services SMTP to ensure transport service has access to its key.

Explanation

This Warning event indicates that there is a problem loading a certificate to be used for STARTTLS purposes. Generally, this problem occurs if one or both of the following conditions is true:

  • The fully qualified domain name (FQDN) that is specified in the Warning event has been defined on a Receive connector or Send connector on a Microsoft Exchange Server 2007 transport server, and no certificate is installed on the same computer that contains the FQDN in the Subject or Subject Alternative Name fields.
  • A third-party or custom certificate has been installed on the server and it contains a matching FQDN. However, the certificate is not enabled for the SMTP service.

To fix this, I simply ran the command referenced above (Enable-ExchangeCertificate…) to assign the Thawte cert to the SMTP service.

Categories

  • Active Directory
  • Backup Exec (All Versions)
  • Blackberry / Blackberry Enterprise Server
  • Citrix
  • Cool Tech Stuff
  • CRM
  • Dell
  • Exchange 2007
  • Exchange 2010
  • Exchange 2013
  • Exchange Hosted
  • Exchange Server
  • Group Policy
  • IIS
  • Kaseya
  • kazmarek
  • MacOS
  • Microsoft
  • Networking
  • newsletter
  • Office
  • Office 365
  • Office Communications Server
  • OfficeScan
  • Outlook
  • Printing
  • SBS 2003
  • SBS 2008
  • SBS 2011
  • Server 2003
  • Sharepoint
  • Spyware
  • SQL
  • Symantec
  • Terminal Server
  • Thawte
  • Trend Micro
  • Uncategorized
  • Virtual Server
  • Websense
  • Windows 7
  • Windows Mobile
  • Windows Server 2008
  • Windows Server 2012
  • Windows Vista
  • Windows XP Pro/Home
Copyrights: © 2023 Kazmarek. All rights reserved.

Designed by TinyFrog & N Halie Designs