MsExchange Blog Spot Telnet25

September 30, 2009

The Security certificate has Expired or is not yet valid

Filed under: General — telnet25 @ 7:42 pm

your users are receiving fallowing message when they open their outlook “The Security certificate has Expired or is not yet valid”

image

You also are receiving fallowing errors on your mail server

  • Event Type: Error
  • Event Source: MSExchangeTransport
  • Event Category: TransportService
  • Event ID: 12014
  • Date: Date
  • Time: Time
  • User: N/A
  • Computer: Server_Name
  • Description:

Microsoft Exchange couldn’t find a certificate that contains the domain name Domain_Name in the personal store on the local computer. Therefore, it is unable to support the STARTTLS SMTP verb for the connector Default Server with a FQDN parameter of FQDN. If the connector’s FQDN is not specified, the computer’s FQDN is used. Verify the connector configuration and the installed certificates to make sure that there is a certificate with a domain name for that FQDN. If this certificate exists, run Enable-ExchangeCertificate -Services SMTP to make sure that the Microsoft Exchange Transport service has access to the certificate key.

  • Event Type: Warning
  • Event Source: MSExchangeTransport
  • Event Category: TransportService
  • Event ID: 12015
  • Date: Date
  • Time: Time
  • User: N/A
  • Computer: Server_Name
  • Description:
  • An internal transport certificate expired.
  • Thumbprint:Thumb_Print_Value

Cause:  the internal certificate used by Exchange is expired due to limitation, check out bb851554

Limitations of the Self-Signed Certificate

The following list describes some limitations of the self-signed certificate.

  • Expiration Date: The self-signed certificate expires 12 months after Exchange 2007 is installed. When the certificate expires, a new self-signed certificate must be manually generated by using the New-ExchangeCertificate cmdlet.
  • Outlook Anywhere: The self-signed certificate cannot be used with Outlook Anywhere. We recommend that you obtain a certificate from a Windows PKI or a trusted commercial third party if you will be using Outlook Anywhere.
  • Exchange ActiveSync: The self-signed certificate cannot be used to encrypt communications between Microsoft Exchange ActiveSync devices and the Exchange server. We recommend that you obtain a certificate from a Windows PKI or a trusted commercial third party for use with Exchange ActiveSync.
  • Outlook Web Access: Microsoft Outlook Web Access users will receive a prompt informing them that the certificate being used to help secure Outlook Web Access is not trusted. This error occurs because the certificate is not signed by an authority that the client trusts. Users will be able to ignore the prompt and use the self-signed certificate for Outlook Web Access. However, we recommend that you obtain a certificate from a Windows PKI or a trusted commercial third party.

Solution:

Logon to Exchange server issue fallowing command from EMS

 

Get-ExchangeCertificate | FL

image

Now pay attention to Status and  the dates and also you will need to copy and paste “Thumbprint”

Now copy paste or type below into EMS

Get-ExchangeCertificate -Thumbprint 56BB128980C53883BBF09AA0281FBC6471FB04FE | New- ExchangeCertificate

Do not forget to copy and paste the Thumbprint corresponds to your own exchange server

image

Type letter “Y” when it is prompted

Issue once more 

Get-ExchangeCertificate | FL

image

Now get rid of from the old one simply use below PS and corresponding thumbprint

Remove-ExchangeCertificate –thumbprint 56BB128980C53883BBF09AA0281FBC6471FB04FE

oz Casey Dedeal,

MVP (Exchange)
MCITP (EMA), MCITP (SA)
MCSE 2003, M+, S+, MCDST
Security+, Project +, Server +

Http://smtp25.blogspot.com (Blog)

Http://telnet25.spaces.live.com (Blog)

Http://telnet25.wordpress.com (Blog

About these ads

Leave a Comment »

No comments yet.

RSS feed for comments on this post. TrackBack URI

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

The Rubric Theme. Blog at WordPress.com.

Follow

Get every new post delivered to your Inbox.

Join 37 other followers

%d bloggers like this: