Event id 12014 is caused by a problem with loading the certificate when setting up a SMTP connection which uses TLS for authentication.
There are several causes which could result in this issue:
- the certificate is not enabled for SMTP
- the server doesn’t have a certificate with the correct FQDN defined in the subject or subject alternate name
The certificate needs to be place in the computer’s personal certificate store.
To check the certificates which are installed and the FQDN used by the connectors we need to use the Powershell commands below
Get-ExchangeCertificate | FL * #this will display a list of certificates available
Get-ReceiveConnector | FL name, fqdn, objectClass #this will display all receive connectors
Get-SendConnector | FL name, fqdn, objectClass #this will display all send connectors</em>
The output of the Get-ExchangeCertificate will contain a field labeled services, this field described for which services the certificate can be used. If you want to use the certificate for SMTP the value after services needs to contain SMTP just as you can see below.
The next step is checking the FQDN, this can be found after the label CertificateDomains. This will look like the screenshot below.
When the incorrect FQDN is displayed you will need to get a new certificate. A new certificate request can be generated by executing the following Powershell command New-ExchangeCertificate. _Besides this type of certificate you can use a 3rd party or custom certificate. _
New-ExchangeCertificate -GenerateRequest -SubjectName 'C=NL, O=Test, CN=mail.test.nl' -IncludeAcceptedDomains -DomainName mail.test.nl -Path c:\certificates\mail.test.nl.req
The command above will generate a certificate request for example an Edge server with the name mail.test.nl.
When you choose to use a 3rd party certificate or custom certificate which contains the correct FQDN but is not enabled for SMTP. Then you need to use the Enable-ExchangeCertificate Powershell command to enable it for SMTP.
Enable-ExchangeCertificate -Thumbprint 5113ae0233a72fccb75b1d0198628675333d010e -Services SMTP
With the command above we enable the certificate for SMTP.
Comments
