Petri.co.il forums Home Forums Start Page Forums Frequently Asked Questions FAQ Member List Members List
Go Back   Petri IT Knowledgebase Forums > Messaging Software > Exchange 2007 / 2010 / 2013
Petri.co.il is happy to award RicklesP the title of Most Valuable Member !!!
Register Calendar Calendar Search Petri IT Knowledgebase Forums Search Todays Posts Today's Posts Mark Forums Read
Notices

Event ID: 12017 & 12018 STARTTLS certificate expire

Event ID: 12017 & 12018 STARTTLS certificate expire

this thread has 3 replies and has been viewed 19253 times

Closed Thread
 
Thread Tools Search this Thread Display Modes
  #1  
Old 19th May 2008, 10:19
drlamer drlamer is offline
Casual
Casual
 
 Join Date: Feb 2005
  6 month star 12 month star
 Posts: 21
 Reputation: drlamer is on a distinguished road (10)
Default Event ID: 12017 & 12018 STARTTLS certificate expire

hi.

in the last couple days I am getting the following message in my application log on my Exchange 2007 server

The STARTTLS certificate will expire soon: subject: mailserver.doamin.local, hours remaining: 90C0654B16782B2789652A7634EA732CC4F34BD3. Run the New-ExchangeCertificate cmdlet to create a new certificate

why im getting it?
is there a way to keep the old certificate without creating new one(many users connecting remotely via RPCoverHTTP)?

thanks
  #2  
Old 19th May 2008, 12:05
fazal fazal is offline
Casual
It's not a coincidence
 
 Join Date: May 2008
  6 month star 12 month star
 Location: India
 Posts: 70
  Send a message via MSN to fazal
 Reputation: fazal is on a distinguished road (21)
Default Re: Event ID: 12017 & 12018 STARTTLS certificate expire

Hii

I have seen such kind of issues if theres problems in loading of the certificate thats used for starttls processes..Things we might check may be....

---> A certificate from an untrusted authority has been installed
---> A public FQDN has been defined on an Exchange 2007 Hub or Edge server's receive or send connector and there is no certificate installed with a matching public FQDN under the certificate domains field.
-----> A third party certificate which contains a matching public FQDN but the certificate is not enabled for the SMTP service.

Check certificate configurations and use these commands

Get-ExchangeCertificate | fl *...There are two other commands for send and recieve connector..which I donot rememberu may google them out

Once u have the outputs

Then compare the fqdns in the event id to the fqdns on the connectors(send & recieve)...and certificate domain.
Check if the FQDN's have been configured on the connectors and whether there is a certificate installed that has a matching CertificateDomain and is the SMTP service enabled on the certificate...


I hope the explanation is enuf..(Tried my best)

Regards
Fazal
  #3  
Old 20th May 2008, 22:58
Sembee's Avatar
MVP Sembee Sembee is offline
MVP
MVP
 
 Join Date: Apr 2006
  6 month star 12 month star
 Location: Newbury, UK
 Posts: 6,464
 Reputation: Sembee has much to be proud ofSembee has much to be proud ofSembee has much to be proud ofSembee has much to be proud ofSembee has much to be proud ofSembee has much to be proud ofSembee has much to be proud ofSembee has much to be proud ofSembee has much to be proud of (1116)
Default Re: Event ID: 12017 & 12018 STARTTLS certificate expire

To answer your specific question - no you cannot keep the certificate. It has an expiry date and that is fixed. It cannot be extended. When the certificate expires then the remote clients will fail to work.

What you need to do next depends on what type of certificate it is.

If it is a commercial SSL certificate then you just need to replace it.
If you have used the self generated certificate then you need to start to plan how to replace it.

The best way would be to acquire a commercial SSL certificate. That will avoid the need to visit the users, as long as they are using a valid name in their RPC over HTTPs/Outlook Anywhere configuration.

Trying not to sound like my mother, but if you had deployed Exchange correctly, using a commercial SSL certificate then you wouldn't have this problem. Considering you can get SAN/UC certificates for less than US$100/year, trying to use self generated certificates is a false economy.

Simon.
__________________
--
Simon Butler
Exchange MVP

Blog: http://blog.sembee.co.uk/
More Exchange Content: http://exchange.sembee.info/
Exchange Resources List: http://exbpa.com/
In the UK? Hire me: http://www.sembee.co.uk/

Sembee is a registered trademark, used here with permission.
  #4  
Old 22nd May 2008, 15:22
drlamer drlamer is offline
Casual
Casual
 
 Join Date: Feb 2005
  6 month star 12 month star
 Posts: 21
 Reputation: drlamer is on a distinguished road (10)
Default Re: Event ID: 12017 & 12018 STARTTLS certificate expire

Thanks A Lot For Your Answers!!
Very Helpful
Closed Thread


Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Event 644 & Local Administrator account Lisatech07 Active Directory 2 15th April 2008 17:41
Event ID 32 & 59 - SideBySide on EXchange charlsteve Exchange 2000 / 2003 1 29th July 2007 20:33
Local security & event log tab under win2k srv pfunck Windows Server 2000 / 2003 / 2003 R2 1 25th June 2007 08:38
Group Policy Problem (event id 1030 & 1058) LincFu Active Directory 12 19th April 2005 02:04
EVENT ID 8019 & 8001 tama_popo Windows Server 2000 / 2003 / 2003 R2 0 13th December 2004 23:06


All times are GMT +3. The time now is 21:05.

Steel Blue 3.5.4 vBulletin Style ©2006 vBEnhanced
Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
 

Valid XHTML 1.0!   Valid CSS!

Copyright 2005 Daniel Petri