question

BelyaevDmitry-2551 avatar image
0 Votes"
BelyaevDmitry-2551 asked joyceshen-MSFT commented

The STARTTLS certificate will expire soon.

Dear colleagues!
After Microsoft Office 365 Hybrid Configuration Wizard assigned our valid certificate to the Office 365 Connector, the Application Log started showing "Event ID 12018 The STARTTLS certificate will expire soon..." errors. And this even though there are still almost 3 months before the expiration of the certificate.
Office 365 support as well as Sectigo support (Certificate Authority) couldn't help us.
In search of a solution, we studied and tried the solutions suggested in these threads:
https://social.technet.microsoft.com/Forums/windows/en-US/596929fe-263d-4829-b3ab-b8de881fdb7c/an-internal-transport-certificate-will-expire-soon?forum=exchangesvradmin
https://social.technet.microsoft.com/Forums/tr-TR/078caf9a-0cb2-4ad0-aac7-ab5967da1e5b/monitoring-transportservercertexpiresoonmonitor-property-value?forum=exchangesvradmin
But, unfortunately, none of these 2 commands led to the result:
Add-GlobalMonitoringOverride -Identity "HubTransport\Transport.ServerCertExpireSoon.Monitor" -ItemType Monitor -PropertyName MonitoringThreshold -ApplyVersion 15.1.2375.7 -PropertyValue 360
Add-ServerMonitoringOverride -Server EX2016 -Identity "HubTransport\Transport.ServerCertExpireSoon.Monitor" -ItemType Monitor -PropertyName Enabled -PropertyValue 0 -Duration 7.00:00:00

We receive 400 such messages every day from one server - this is too much. Is there any way to fix this?
Thanks.

office-exchange-server-administration
· 3
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Hi @BelyaevDmitry-2551

Please check if this certificate is a self-signed certificate or a 3rd party certificate?

I found some related threads discusses the similar issue as yours:

STARTTLS certificate clarification
Exchange 2013, Event 12018, 12017 flooding logs (Starttls expiring).. my cert is good for another 3 months though

Seems no related configurations can be used to change the warning time. You could ignore that error or filter the events out. And don't forget to renew your certificate before it get expired
Renew an Exchange Server certificate


0 Votes 0 ·

Hello,
Thanks for your reply.
We have 3rd party certificate Sectigo Certificate Authority (Comodo). We understand that it is necessary to warn about the expiration date of the certificate, but why so much? Why 3 months before the expiration date we get so many floods - 400 messages every day? This makes it difficult to check the logs.

0 Votes 0 ·
joyceshen-MSFT avatar image joyceshen-MSFT BelyaevDmitry-2551 ·

Hi,

I do understand how you feel for this experience, and I try to find if any way can be used to reduce the event frequency or disable the specific eventid. Seems this requirement is hard to meet, or you may need to edit the registry key.

Can I disable Windows Event Logging for a certain service?
Please Note: Since the web site is not hosted by Microsoft, the link may change without notice. Microsoft does not guarantee the accuracy of this information.

Disable Logging of Certain Events



0 Votes 0 ·

0 Answers