question

GavinRoss-3568 avatar image
0 Votes"
GavinRoss-3568 asked ·

Microsoft Exchange self signed cert missing

I noticed in the event viewer that there was an error related to a certificate.

Microsoft Exchange could not find a certificate that contains the domain name SERVERNAME.domainname.com in the personal store on the local computer. Therefore, it is unable to support the STARTTLS SMTP verb for the connector Default SERVERNAME with a FQDN parameter of SERVERNAME.domainname.com. If the connector's FQDN is not specified, the computer's FQDN is used. Verify the connector configuration and the installed certificates to make sure that there is a certificate with a domain name for that FQDN. If this certificate exists, run Enable-ExchangeCertificate -Services SMTP to make sure that the Microsoft Exchange Transport service has access to the certificate key.

After checking the certificates, I noticed that the "Microsoft Exchange" Self Signed cert is missing from the list of certificates. I checked all the other servers and they all have that cert so the issue is only on the one server. Does anyone know how I can recreate that certificate so I can fix this error?

Thanks,
Gavin

office-exchange-server-connectivityoffice-exchange-server-itpro
10 |1000 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

GavinRoss-3568 avatar image
0 Votes"
GavinRoss-3568 answered ·

I figured out a way to create the cert, I used the SAN cert that we have on IIS and added it to the Exchange Back End in IIS, after I did this, I was able to open the Exchange Management Shell and manually create the cert. I then changed the cert in Exchange Back End to the newly created cert and was able to open the Shell again without any errors. The error in the event logs has also been cleared.

· 1 ·
10 |1000 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Hi, @GavinRoss-3568

Glad to hear the issue has been resolved!
And thanks for your sharing.

Please feel free to mark your reply as the answer to the question.
It will be helpful to other community members who come up with the same issue.
Thanks for your understanding.


If the response is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

0 Votes 0 ·
AndyDavid avatar image
0 Votes"
AndyDavid answered ·

You can create it in EAC:
https://docs.microsoft.com/en-us/exchange/architecture/client-access/create-self-signed-certificates?view=exchserver-2019
For the domain, use the server's FQDN and its Netbios name

so:

ServerName
and
SERVERNAME.domainname.com

Then ensure its bound to the backend website on the Exchange Server. you can do that from my blog: ( Or what cert is assigned to that now?)

https://ehloergosum.com/2020/01/25/renewing-that-pesky-microsoft-exchange-certificate/








·
10 |1000 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

GavinRoss-3568 avatar image
0 Votes"
GavinRoss-3568 answered ·

So I am trying to add it using Exchange powershell as I can't seem to get the correct names when using ECP, adds abunch of other names to the cert that I dont want. So when trying to open PS, I get this error;

New-PSSession : [servername.domainname.com] Connecting to remote server servername.domainname.com failed with the following error message :
[ClientAccessServer=SERVERNAME,BackEndServer=servername.domainname.com,RequestId=802d0eac-210b-4738-9549-704ef08548d2,TimeStamp=3/10/2021 4:24:51 PM]
[FailureCategory=Cafe-SendFailure] For more information, see the about_Remote_Troubleshooting Help topic.
At line:1 char:1
+ New-PSSession -ConnectionURI "$connectionUri" -ConfigurationName Microsoft.Excha ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : OpenError: (System.Manageme....RemoteRunspace:RemoteRunspace) [New-PSSession], PSRemotingTransportException
+ FullyQualifiedErrorId : -2144108477,PSSessionOpenFailed

Any ideas on what is causing this?

· 3 ·
10 |1000 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Keeps adding in the wrong info to the cert, cannot seem to just add it with just the servername and servername.domainname.com with just iis and smtp, keeps saying the issuer is a different name and adds other services to it?

0 Votes 0 ·

can you post screen shots with your domain name blocked out..

0 Votes 0 ·