Great reference point on resolving this "annoying" error message.
Alert : Exchange 2007 - Problem loading a certificate to be used for STARTTLS Purpose.
Generally this condition occurs if one or both of the following conditions is true:
1. The fully qualified domain name (FQDN) that is specified in the Warning event has been defined on a Receive connector or Send connector on a Microsoft Exchange Server 2007 transport server, and no certificate is installed on the same computer that contains the FQDN in the Subject or Subject Alternative Name fields.
2. A third-party or custom certificate has been installed on the server and it contains a matching FQDN. However, the certificate is not enabled for the SMTP service Others Exchange
Knowledge Base Details
Possible Cause :
As per Microsoft: "This Warning event indicates that there is a problem loading a certificate to be used for STARTTLS purposes. Generally, this problem occurs if one or both of the following conditions is true:
- The fully qualified domain name (FQDN) that is specified in the Warning event has been defined on a Receive connector or Send connector on a Microsoft Exchange Server 2007 transport server, and no certificate is installed on the same computer that contains the FQDN in the Subject or Subject Alternative Name fields.
- A third-party or custom certificate has been installed on the server and it contains a matching FQDN. However, the certificate is not enabled for the SMTP service".
User Acton :
1. Open "Exchange Management Shell".
2. Write "get-ExchangeCertificate" and press on "Enter" button.
3. Write down the Thumbprint of the certificate that reflect the required FQDN name of the server.
4. Review the current certificate that use by the Exchange server and
each certificate function.
5. Write "Enable-ExchangeCertificate -Thumbprint 2afd26617915932ad096c48eb3b847fc7457662 -Services "SMTP"
and press on 'Enter" button.
The value of -Thumbprint obtained in stage 3.
6. Restart the Exchange server.
For Creating a Certificate or Certificate Request for TLS check the below article
http://technet.microsoft.com/en-us/library/aa998840.aspx
Monday, April 26, 2010
Exchange 2007 - The STARTTLS certificate will soon expire
Sometimes too much security can add to your to do list.... It's good to keep on top of this as TLS security does indeed serve a purpose.
The certificate that is used for Transport Layer Security (TLS) on this computer will expire soon. Critical Non-Impact Alerts Exchange 2007
Knowledge Base Details
Run "Get-ExchangeCertificate |fl" and look for the relevant Thumbprint referred to in the event id 12017 / 12018.
The default self-signed cert has to be renewed. A 12017 warning that contains the number of hours you have left to do this precedes this event.
Run the following Exchange PowerShell commands to resolve this issue:
1. get-exchangecertificate | fl
2. new-exchangecertificate -confirm -DomainName servername servername.domain.name -Keysize 2048 -Services SMTP
3. enable-exchangecertificate -Thumbprint LONGHEXNUMBER -Services:None
The first command gives you the list of your certificates. Find the matching thumbprint (long hex number) to see the one that is expiring. Use the parameters shown in that certificate to fill in the fields for your second command. Then, once successful use the third command to disable the expiring certificate from all services.
The certificate that is used for Transport Layer Security (TLS) on this computer will expire soon. Critical Non-Impact Alerts Exchange 2007
Knowledge Base Details
Run "Get-ExchangeCertificate |fl" and look for the relevant Thumbprint referred to in the event id 12017 / 12018.
The default self-signed cert has to be renewed. A 12017 warning that contains the number of hours you have left to do this precedes this event.
Run the following Exchange PowerShell commands to resolve this issue:
1. get-exchangecertificate | fl
2. new-exchangecertificate -confirm -DomainName servername servername.domain.name -Keysize 2048 -Services SMTP
3. enable-exchangecertificate -Thumbprint LONGHEXNUMBER -Services:None
The first command gives you the list of your certificates. Find the matching thumbprint (long hex number) to see the one that is expiring. Use the parameters shown in that certificate to fill in the fields for your second command. Then, once successful use the third command to disable the expiring certificate from all services.
Friday, April 23, 2010
Microsoft releases Office 2010, SharePoint 2010 to TechNet, MSDN
If you have an MSDN or TechNet subscription, Office 2010 is now available for download. In addition, Microsoft has made SharePoint 2010 and the Office Web Apps 2010 package (which requires a SharePoint Server) available for subscribers of both services.
Anyone considering an Office 2010 deployment should be testing both the 32-bit and 64-bit versions. But if you’re planning to use the software in production environments for normal business use, I strongly recommend installing the 32-bit version, even on 64-bit Windows installations? There’s no real advantage to using 64-bit code unless you expect to work with very large Excel files, and there are potentially substantial compatibility headaches caused by add-ins that aren’t 64-bit aware.
http://blogs.zdnet.com/Bott/?p=2025
Anyone considering an Office 2010 deployment should be testing both the 32-bit and 64-bit versions. But if you’re planning to use the software in production environments for normal business use, I strongly recommend installing the 32-bit version, even on 64-bit Windows installations? There’s no real advantage to using 64-bit code unless you expect to work with very large Excel files, and there are potentially substantial compatibility headaches caused by add-ins that aren’t 64-bit aware.
http://blogs.zdnet.com/Bott/?p=2025
Subscribe to:
Posts (Atom)