The internal transport certificate for this server is missing


Topic Last Modified: 2007-11-16

The Microsoft Exchange Server 2007 Management Pack for Microsoft Operations Manager (MOM) monitors the Windows Application log on computers that are running Exchange Server 2007 and generates this alert when the event or events specified in the following Details table are logged.

To learn more about this event, do one or more of the following:

  • Review the description of the event that includes the variables specific to your environment. From the MOM Operator Console, select this alert, and then click the Properties tab.

  • Review all events that have been logged that meet the criteria of this MOM alert. From the MOM Operator Console, click the Events tab, and then double-click the event in the list for which you want to review the event description.


Product Name


Product Version

8.0 (Exchange Server 2007)

Event ID


Event Source


Alert Type

Critical Error

MOM Rule Path

Microsoft Exchange Server/Exchange 2007/Common Components/Hub Transport and Edge Transport/Transport

MOM Rule Name

The internal transport certificate for this server is missing. Run New-ExchangeCertificate cmdlet without arguments on this computer and restart the Exchange Transport service.


This Error event occurs when Microsoft Exchange Server detects that the Transport Layer Security (TLS) certificate (also referred to as an internal transport certificate) that this computer uses for Exchange Server authentication is not published to the Active Directory directory service. Specifically, Exchange Server has detected that the version of the certificate located on the server that is running Exchange Server is more current than the version of the certificate published to Active Directory.

This error may occur if the following conditions are true:

  • If the Enable-ExchangeCertificate cmdlet was not run after the new certificate was installed.

  • If the certificate update has not yet been replicated to the domain controller that the Exchange server uses after the Enable-ExchangeCertificate cmdlet is run.

  • If the Enable-ExchangeCertificate cmdlet did not update the certificate information in Active Directory.

User Action

To resolve this error, do the following:

  • If you did not run the Enable-ExchangeCertificate cmdlet after you installed a certificate, run the cmdlet now.

  • If you did run the Enable-ExchangeCertificate cmdlet after you installed a certificate, wait for Active Directory replication to occur. If the issue persists beyond the Active Directory replication latency configured for your organization, run the Enable-ExchangeCertificate cmdlet again.

For more information, see Creating a Certificate or Certificate Request for TLS and Enable-ExchangeCertificate.

For More Information

To search the Microsoft Knowledge Base articles based on criteria that generated this alert, visit the Search the Support Knowledge Base (KB) Web site.

To review Exchange 2007 event message articles that may not be represented by Exchange 2007 MOM alerts, see the Events and Errors Message Center.

If you are not already doing so, consider running the tools that Microsoft Exchange offers to help administrators analyze and troubleshoot their Exchange environment. These tools can help you make sure that your configuration is in line with Microsoft best practices. They can also help you identify and resolve performance issues, improve mail flow, and better manage disaster recovery scenarios. Go to the Toolbox node of the Exchange Management Console to run these tools now. For more information about these tools, see Toolbox in the Exchange Server 2007 Help.