Search This Blog

Wednesday, 14 December 2011

Exchange 2007/2010 - There is not valid SMTP Transport Layer Security (TLS) Certificate

Event Log ID 12016 is displayed in the Application Log for the MSExchangeTransport Source

Event Log Error


The SSL Certificate used for SMTP has expired and the event log error 12016 is logged.

Show Exchange Certificates


Run the EMS command Get-ExchangeCertificate to show the current certificates and the associated Services, in this case we can see two Thumbprints associated with the Service SMTP (S). Once of these has expired so we need to see which one.

Output Certificate Details to a text file


Use the command Get-ExchangeCertificate | fl| out-file -FilePath C:\certs.txt to export the full details to a text file.

Expired Certificate


Look through the text file for the certificate that has expired, in this case we can see the certificate has expired and has an Invalid Date.

Valid Certificate


Look through the text file for the certificate that is valid and make a copy of the Thumbprint.

Enable the Valid Certificate for use with SMTP


Use the command Enable-ExchangeCertificate - Thumbprint thumbprint -Services "SMTP" to enable the valid certificate

Remove the expired Certificate


Use the Remove-ExchangeCertificate -Thumbprint thumbprint to remove the expired certificate

Confirm the change


Use the Get-ExchangeCertificate command to confirm you now have the correct valid certificate associated to the SMTP Service. Restart the Exchange Transport Service to complete the change.

No comments:

Post a Comment