Event Log ID 12016 is displayed in the Application Log for the MSExchangeTransport Source
Event Log Error
The SSL Certificate used for SMTP has expired and the event log error 12016 is logged.
Show Exchange Certificates
Run the EMS command Get-ExchangeCertificate to show the current certificates and the associated Services, in this case we can see two Thumbprints associated with the Service SMTP (S). Once of these has expired so we need to see which one.
Output Certificate Details to a text file
Use the command Get-ExchangeCertificate | fl| out-file -FilePath C:\certs.txt to export the full details to a text file.
Expired Certificate
Look through the text file for the certificate that has expired, in this case we can see the certificate has expired and has an Invalid Date.
Valid Certificate
Look through the text file for the certificate that is valid and make a copy of the Thumbprint.
Enable the Valid Certificate for use with SMTP
Use the command Enable-ExchangeCertificate - Thumbprint thumbprint -Services "SMTP" to enable the valid certificate
Remove the expired Certificate
Use the Remove-ExchangeCertificate -Thumbprint thumbprint to remove the expired certificate
Confirm the change
Use the Get-ExchangeCertificate command to confirm you now have the correct valid certificate associated to the SMTP Service. Restart the Exchange Transport Service to complete the change.
No comments:
Post a Comment