Microsoft Exchange couldn't find a certificate in the personal store on the local computer

 

Topic Last Modified: 2007-11-16

The Microsoft Exchange Server 2007 Management Pack for Operations Manager monitors the Windows Application log on computers that are running Exchange Server 2007 and generates this alert when the event or events specified in the following Details table are logged.

To learn more about this alert, if you are using Microsoft Operations Manager 2005, do one or more of the following:

  • From the Operator Console, select this alert, and then click the Properties tab. Review the description of the alert that includes the variables specific to your environment.

  • From the Operator Console, click the Events tab, and then double-click the event in the list for which you want to review the event description. Review the events that have been logged that meet the criteria of this Operations Manager alert.

To learn more about this alert, if you are using System Center Operations Manager 2007, do one or more of the following:

  • From the Operations Console, double-click this alert, and then click the General tab. Review the description of the alert that includes the variables specific to your environment.

  • From the Operations Console, double-click this alert, and then click the Alert Context tab. Review the events that have been logged that meet the criteria of this Operations Manager alert.

Details

Product Name

Exchange

Product Version

8.0 (Exchange Server 2007)

Event ID

12013

Event Source

MSExchangeTransport

Alert Type

Critical Error

MOM Rule Path

Microsoft Exchange Server/Exchange 2007/Common Components/Hub Transport and Edge Transport/Transport

MOM Rule Name

Microsoft Exchange couldn't find a certificate in the personal store on the local computer. This certificate was configured for authentication with other Exchange servers. Mail flow will be affected by this error.

Explanation

This Error event indicates that the certificate that is used for direct trust authentication with other Microsoft Exchange servers on this computer has cannot be found. Direct trust means that Microsoft Exchange Server 2007 uses a trusted store, such as Active Directory directory service or Active Directory Application Mode (ADAM) directory service. Direct trust also means that the presence of the certificate in the store validates the certificate. When you subscribe an Edge Transport server to the Exchange organization, the Edge Subscription publishes the Edge Transport server certificate in Active Directory for the Hub Transport servers to validate. The Microsoft Exchange EdgeSync service updates ADAM with the set of Hub Transport server certificates for the Edge Transport server to validate.

The transport server that returned this error is configured to use a specific certificate, which is identified by the Thumbprint field on the certificate. The certificate that has been configured for this server no longer exists in the computer personal certificate store, or if it does exist, it is not enabled for the Simple Mail Transfer Protocol (SMTP).

User Action

To resolve this error, you must search the computer's personal certificate store to determine whether the certificate exists. Open the computer's personal certificate store, open each certificate, and compare the Thumbprint value on each certificate to the Thumbprint value that was returned with this error. If the certificate exists, you must enable the certificate for SMTP by running the Enable-ExchangeCertificate cmdlet.

For more information about how to enable the certificate for SMTP, see Enable-ExchangeCertificate.

For more information about how to use MMC to open and view certificates in the computer's personal certificate store, see How to Add Certificate Manager to Microsoft Management Console.

If the certificate does not exist, you must use the New-ExchangeCertificate cmdlet to create a new internal transport certificate on the computer that returned this Error event. Running the New-ExchangeCertificate cmdlet with no arguments creates an SMTP-enabled internal transport certificate for direct trust. For more information, see New-ExchangeCertificate.

If this error occurred on a Hub Transport server, you must create the internal transport certificate on the Hub Transport server where the error occurred. After you have created the certificate, restart the Microsoft Exchange EdgeSync service to update the certificate information on the Edge servers that are subscribed to the organization.

If this error occurred on an Edge Transport server, you must create the internal transport certificate on the Edge Transport server where the error occurred. After you have created the certificate, re-subscribe the Edge Transport server to the Exchange organization to update the certificate information in Active Directory.

If you are not running the Microsoft Exchange EdgeSync service, you must manually update the certificate. For more information, see Configuring Mail Flow Between an Edge Transport Server and Hub Transport Servers Without Using EdgeSync.

For More Information

To search the Microsoft Knowledge Base articles based on criteria that generated this alert, visit the Search the Support Knowledge Base (KB) Web site.

To review Exchange 2007 event message articles that may not be represented by Exchange 2007 alerts, see the Events and Errors Message Center.

If you are not already doing so, consider running the tools that Microsoft Exchange offers to help administrators analyze and troubleshoot their Exchange environment. These tools can help you make sure that your configuration is in line with Microsoft best practices. They can also help you identify and resolve performance issues, improve mail flow, and better manage disaster recovery scenarios. Go to the Toolbox node of the Exchange Management Console to run these tools now. For more information about these tools, see Toolbox in the Exchange Server 2007 Help.