This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(204.8, 78%, 29%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EGR%3C/text%3E%3C/svg%3E)
I noticed in the event viewer that there was an error related to a certificate.
Microsoft Exchange could not find a certificate that contains the domain name SERVERNAME.domainname.com in the personal store on the local computer. Therefore, it is unable to support the STARTTLS SMTP verb for the connector Default SERVERNAME with a FQDN parameter of SERVERNAME.domainname.com. If the connector's FQDN is not specified, the computer's FQDN is used. Verify the connector configuration and the installed certificates to make sure that there is a certificate with a domain name for that FQDN. If this certificate exists, run Enable-ExchangeCertificate -Services SMTP to make sure that the Microsoft Exchange Transport service has access to the certificate key.
After checking the certificates, I noticed that the "Microsoft Exchange" Self Signed cert is missing from the list of certificates. I checked all the other servers and they all have that cert so the issue is only on the one server. Does anyone know how I can recreate that certificate so I can fix this error?
Thanks,
Gavin
I figured out a way to create the cert, I used the SAN cert that we have on IIS and added it to the Exchange Back End in IIS, after I did this, I was able to open the Exchange Management Shell and manually create the cert. I then changed the cert in Exchange Back End to the newly created cert and was able to open the Shell again without any errors. The error in the event logs has also been cleared.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(246.4, 22%, 33%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EKY%3C/text%3E%3C/svg%3E)
Hi, @Gavin Ross
Glad to hear the issue has been resolved!
And thanks for your sharing.
Please feel free to mark your reply as the answer to the question.
It will be helpful to other community members who come up with the same issue.
Thanks for your understanding.
If the response is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.
You can create it in EAC:
https://learn.microsoft.com/en-us/exchange/architecture/client-access/create-self-signed-certificates?view=exchserver-2019
For the domain, use the server's FQDN and its Netbios name
so:
ServerName
and
SERVERNAME.domainname.com
Then ensure its bound to the backend website on the Exchange Server. you can do that from my blog: ( Or what cert is assigned to that now?)
https://ehloergosum.com/2020/01/25/renewing-that-pesky-microsoft-exchange-certificate/
So I am trying to add it using Exchange powershell as I can't seem to get the correct names when using ECP, adds abunch of other names to the cert that I dont want. So when trying to open PS, I get this error;
New-PSSession : [servername.domainname.com] Connecting to remote server servername.domainname.com failed with the following error message :
[ClientAccessServer=SERVERNAME,BackEndServer=servername.domainname.com,RequestId=802d0eac-210b-4738-9549-704ef08548d2,TimeStamp=3/10/2021 4:24:51 PM]
[FailureCategory=Cafe-SendFailure] For more information, see the about_Remote_Troubleshooting Help topic.
At line:1 char:1
Any ideas on what is causing this?
Probably because there is no cert :)
If it works in EAC< remove any domains you dont need
step 6
https://learn.microsoft.com/en-us/exchange/architecture/client-access/create-self-signed-certificates?view=exchserver-2019#use-the-eac-to-create-a-new-exchange-self-signed-certificate
Keeps adding in the wrong info to the cert, cannot seem to just add it with just the servername and servername.domainname.com with just iis and smtp, keeps saying the issuer is a different name and adds other services to it?
can you post screen shots with your domain name blocked out..