Msexchangetransport Error 12016
Contents |
(Русский)ישראל (עברית)المملكة العربية السعودية (العربية)ไทย (ไทย)대한민국 (한국어)中华人民共和国 (中文)台灣 (中文)日本 (日本語) HomeLibraryWikiLearnGalleryDownloadsSupportForumsBlogs Ask a question Quick access Forums home Browse forums users FAQ Search related threads Remove From My Forums Answered by: Event ID: 12016 - MS Exchange Transport Previous Versions of Exchange > Exchange Previous Versions - Mail Flow and Secure Messaging Question event id 12016 sbs 2011 0 Sign in to vote Hi folks, I run SBS 2008 and Exchange 2007
There Is No Valid Smtp Transport Layer Security (tls) Certificate For The Fqdn Exchange 2010
SP3. I looked at my event viewer today and see that I am getting an event ID: 12016. It says "There is
Creating A Certificate Or Certificate Request For Tls
no valid SMTP Transport Layer Security (TLS) certificate for the FQDN of remote.domain.com. The existing certificate for that FQDN has expired." When I run the best practices analyzer it mentions this error and says " The SSL
New-exchangecertificate Task
certificate of the IMAP4 services on server remote.domain.com expired 06/19/2012. Users may be unable to connect with the server". I've gotten no complaints from users about email issues, but assume I need to address this and fix it. Any idea what the right steps are to fix this? I'm afraid to do something without asking the experts for fear of breaking something else. Any direction would be appreciated. Thanks, Mike Monday, July 30, no valid smtp tls certificate for fqdn 2012 6:20 PM Reply | Quote Answers 0 Sign in to vote On Fri, 3 Aug 2012 17:21:15 +0000, kywildcatfanone wrote: >Thanks for the reply. I started to run this command to renew the old certificate (Get-ExchangeCertificate -Thumbprint "XXXXXX" | New-ExchangeCertificate > >It gives me this warning message: Warning: This certificate will not be used for external TLS connections with an FQDN of remote.domain.com because the CA-signed certificate with thumbprint 'XXXXXX' (the old certificate from the command above) takes precedence. The following connectors match that FQDN: Copier 3, Windows SBS Internet Receive DomainName. You want the 3rd-party cert to be used for external connections, not the self-signed cert, so that's fine. >I cancelled out since I wasn't expecting that message and wasn't sure if I was about to break something. When I said "no" to the overwrite, it created it anyway. Is that message because the old one is still there, and I should complete the new one and then remove the old one? Even though I said "no" to continue and it created it, can I use it anyway if the above is true? > > Any advice folks on how I should proceed? Once you renew the self-signed cert you can delete the expired (or unused) certs from the certifica
for Help Receive Real-Time Help Create a Freelance Project Hire for a Full Time Job Ways to Get Help Ask a Question Ask for new-exchangecertificate 2007 Help Receive Real-Time Help Create a Freelance Project Hire for a get-exchangecertificate Full Time Job Ways to Get Help Expand Search Submit Close Search Login Join Today Products enable-exchangecertificate BackProducts Gigs Live Careers Vendor Services Groups Website Testing Store Headlines Experts Exchange > Questions > How to resolve App Evt Error 12016 Want to Advertise Here? https://social.technet.microsoft.com/Forums/en-US/694f1c90-2965-49c3-8f54-f61bf5bababe/event-id-12016-ms-exchange-transport?forum=exchangesvrsecuremessaginglegacy Solved How to resolve App Evt Error 12016 Posted on 2011-03-07 Exchange Windows Server 2003 2 Verified Solutions 9 Comments 3,447 Views Last Modified: 2012-06-21 I have been receiving the above (and 12015) App Evt errors on my Exchg 2K7 SP2 server. I have a valid CA cert (UCC) installed that doesn't expire until https://www.experts-exchange.com/questions/26868066/How-to-resolve-App-Evt-Error-12016.html next year. Now, I did have an expired internal, self-signed TLS cert. Following the Evt suggestion, I went to http://technet.microsoft.com/en-us/library/aa998327.aspx and simply ran New-ExchangeCertificate in the EMShell and thought that would take care of it. I saw a new cert created in my Cert Console, yet I'm still getting the 12016 error. Any ideas how to resolve this? BTW...I hate dealing with certs! Mostly, cause I don't understand them fully in Exchg :) Regards, ~coolsport00 0 Question by:coolsport00 Facebook Twitter LinkedIn Google LVL 41 Active today Best Solution byAmit Hi Coolsport00, Thanks for posting the event details. As you already mentioned your question that you have already tried New-ExchangeCertificate command. Below article deals with same issue http://forums.msexchange.org/m_1800511051/tm.htm Go to Solution 9 Comments LVL 41 Overall: Level 41 Exchange 38 Windows Server 2003 10 Message Active today Expert Comment by:Amit2011-03-07 Please post the complete Event detail 0 LVL 9 Overall: Level 9 Exchange 8 Windows Server 2003 3 Messa
| My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out Event ID: 12016 about SMTP TLS certificate expired Users viewing this topic: none Logged in as: Guest Tree http://forums.msexchange.org/Event_ID:_12016_about_SMTP_TLS_certificate_expired/m_1800497293/tm.htm Style Printable Version All Forums >> [Microsoft Exchange 2007] >> General >> Event ID: 12016 about SMTP TLS certificate expired Page: [1] Login Message << Older Topic Newer Topic >> Event ID: 12016 about SMTP TLS certificate expired http://www.networksteve.com/exchange/topic.php/Event_12016,_MSExchangeTransport/?TopicId=14128&Posts=6 - 31.Dec.2008 1:57:35 PM htsource Posts: 37 Joined: 13.Mar.2008 Status: offline I was just checking the Event Logs on our CAS server and found a bunch of these errors: Event Type:Error Event Source:MSExchangeTransport Event Category:TransportService no valid Event ID:12016 Date:12/31/2008 Time:1:44:56 PM User:N/A Computer:CAS1 Description: There is no valid SMTP Transport Layer Security (TLS) certificate for the FQDN of exchcas1.ad.gennum.com. The existing certificate for that FQDN has expired. The continued use of that FQDN will cause mail flow problems. A new certificate that contains the FQDN of cas1.ad.companyname.com should be installed on this server as soon as possible. You can create a new certificate by using the New-ExchangeCertificate task. For more information, no valid smtp see Help and Support Center at http://go.microsoft.com/fwlink/events.asp. Exchange seems to be working fine, is this only being used for POP3/SMTP/IMAP? Everyone is the organization is using Outlook to connect to Exchange. How can I update the certificate? Apprecite your response. < Message edited by htsource -- 31.Dec.2008 2:47:47 PM > Post #: 1 Featured Links* RE: Event ID: 12016 about SMTP TLS certificate expired - 31.Dec.2008 2:13:11 PM mark@mvps.org Posts: 6811 Joined: 9.Jun.2004 From: Philadelphia PA Status: offline Can you just follow what it says in: http://support.microsoft.com/kb/555855(the resolution section) and then see where you are. _____________________________Mark Arnold (Exchange MVP) List Moderator (in reply to htsource) Post #: 2 Page: [1] << Older Topic Newer Topic >> All Forums >> [Microsoft Exchange 2007] >> General >> Event ID: 12016 about SMTP TLS certificate expired Page: [1] Jump to: Select a ForumAll Forums---------------------- [Microsoft Office 365] - - Exchange Online [Microsoft Exchange 2013] - - Installation - - General - - Management - - Outlook Web Access - - Mobility - - Migration - - Message Routing - - Secure Messaging - - Compliance - - High Availability - - Unified Messaging [Microsoft Exchange 2010] - - Installation - - General - - Management - - Outlook Web Access - - Mobility - - Migration - - Message Routing - -
detail out there about this event and I have looked at it but do not fully understand what I should do in this particular situation. Let me give you a picture of what's going in this case and what I'm unsure about. I have repeated events in the application log that states: "There is no valid SMTP Transport Layer Security (TLS) certificate for the FQDN of ZOO.hq.mydomain.com. The existing certificate for that FQDN has expired. The continued use of that FQDN will cause mail flow problems. A new certificate that contains the FQDN of ZOO.hq.mydomain.com should be installed on this server as soon as possible. You can create a new certificate by using the New-ExchangeCertificate task." The FQDN above is internal. I have a SAN cert of external names and have, on the pertinent services (EWS, OAB, CAS), set internal and external URLs to the subjects on the cert. From what I can tell, the only area where this FQDN shows up is in the "Default ZOO" Receive Connector. It may exist elsewhere that I'm not seeing. If I try to change the FQDN to the primary subject name which is listed in my SAN cert, I get the following error: "When the AuthMechanism paramteter on a Receive connector is set to the value ExchangeServer, you must set the FQDN parameter on the Receive connector to one of the following values: the FQDN of the transport server, the NetBIOS name of the transport server, or $null." ...so I seem to be forced to keep it as the internal FQDN of the server. I recently renewed that SAN cert and I figured everything was working. I created a new CSR, acquired the cert, installed and enabled it, and removed the old one. I'm thinking the timing is just a red herring. These events date back prior to the renewal. When I list the Exchange certs from EMS using "Get-ExchangeCertificate | fl *" the certificate with Subject matching the above FQDN shows a "NotAfter" date of 7/11/2011 so it's not expired. The only thing listed next to "Services" is UM. So at this point, it looks to me like the certificate does exist on the server (it's bound to UM, which we're not using anyway at this point) and that it's not expired. So what's next to get rid of this event? Thanks a lot in advance. July 30th, 2009 4:37pm How did you renew the certificate? Through IIS? If so then Exchange doesn't know about the new certificate. You need to tell Exchange to use that certificate for SMTP. You can either do that with PowerShell using the Enable-ExchangeCertificate command or by exporting the cer file from the certificate then import