Fix Exchange 2007 error 12014 using New-ExchangeCertificate cmdlet

What is STARTTLS Certificate Error 12014?

To know a brief detail about this error let’s see why this error occurs? The STARTTLS error occurred when loading of certificate or its authentication failed. There are various conditions due to which this error occurred. Some of them are explained here. This article also provides an idea about how to troubleshoot starttls certificate error 12014.

Causes of STARTTLS Certificate exchange 2007 error 12014

There are two main causes of this error.

1. The FQDN is defined on Receiver connector or Send Connector on Microsoft Exchange Server 2007 transport server. No certificate is installed on System contains FQDN in subject or Subject Alternative Name fields.

2. The third party Custom Software is installed that is not enabled for SMTP services. Also, this certificate match with FQDN certificate.

Prerequisites to Solve Error 12014 Exchange 2007

1. Exchange view only Administrator role

2. Exchange server Administrator and the user can access Local Administrator Group for the Target server.

3. Know how to run following cmdlet or how to troubleshoot starttls certificate error 12014 using EMS.

Get-ExchangeCertificate: Get details of Exchange certification required

New-ExchangeCertificate: Create New Exchange certificate

Enable-ExchangeCertificate: Enable SMTP/POP/IMAP Protocol services for required certification

4. Edge Transport server role is enabled and setup is installed on the system.

Note: You Must Log on by using an account that is a member of Local Administrator group.

Steps To Solve the Error 12014 Exchange 2007 Warning Event

Step 1: To Perform this procedure you need to check the configuration of all installed Receive and Send connectors. To do so follow following cmdlet

Get-ExchangeCertificate | FL *
Get-ReceiveConnector | FL name, fqdn, objectClass
Get-SendConnector | FL name, fqdn, objectClass

Note: The asterisk(*) is used with FL to display services that are enabled while using Get-ExchangeCertificate cmdlet.

Step 2: Now, Check FQDN of Error 12014 in Exchange 2007 with FQDN with each connector value. Also, check the CertificateDomains value of each certificate.

Note: The CertificateDomains value is a combination of Subject + Subject Alternative Name fields.

Step 3: The CertificateDomains values of the certificate matches with FQDN of each connector enabled using TLS in CertificateDomains category. Then Check the Services value in certificate section. The value must be enabled, if you are using a certificate enabled using TLS.

Step 4: If the FQDN value in a CertificateDomains section of Certificate is not listed or match with an FQDN value of connectors or Error 12014 warning. Then, create a new certificate request using New-ExchangeCertificate cmdlet. Use Get-ExchangeCertificate to get certificate details. To install certificate issued from certificate request Import-ExchangeCertificate

Step 5: Once the certificate is created. Use Enable-ExchangeCertificate to make certificate enable.

Enable-ExchangeCertificate -Thumbprint -Services [-Confirm []] [-DomainController ] [-Force ] [-WhatIf []]

Conclusion

The above information describes that how a user can get details of certificate and its corresponding receiver and connector FQDN information. If certificate FQDN information doesn’t match then the user need to Create ( New-ExchangeCertificate ), Import ( Import-ExchangeCertificate ) and Enable ( Enable-ExchangeCertificate ) certificate using above cmdlet. In other scenario, data may be corrupted or EDB file is damaged when this error doesn’t solve after performing above operations. To repair EDB files you can use Exchange Recovery Software that allows a user with multiple file format options after conversion.