Event-ID 12014 “…could not find a certificate that contains the domain name ….”

Hari ini beberapa user komplainkalo outlook nya muncul pop up terkait certificate, setelah croscek di sisi event viewer exchange, ternyata ada beberapa log yang bisa di curigai sebagai penyebab muncul nya pop up di outlook client.

Log Name: Application
Source: MSExchangeTransport
Date: 4/2/2018 4:01:19 PM
Event ID: 12014
Task Category: TransportService
Level: Error
Keywords: Classic
User: N/A
Computer: EXCHANGE2010.mramedia-emd.net
Description:
Microsoft Exchange could not find a certificate that contains the domain name EXCHANGE2010.mramedia-emd.net in the personal store on the local computer. Therefore, it is unable to support the STARTTLS SMTP verb for the connector Default EXCHANGE2010 with a FQDN parameter of EXCHANGE2010.mramedia-emd.net. If the connector’s FQDN is not specified, the computer’s FQDN is used. Verify the connector configuration and the installed certificates to make sure that there is a certificate with a domain name for that FQDN. If this certificate exists, run Enable-ExchangeCertificate -Services SMTP to make sure that the Microsoft Exchange Transport service has access to the certificate key.
Event Xml:
<Event xmlns=”http://schemas.microsoft.com/win/2004/08/events/event”>
<System>
<Provider Name=”MSExchangeTransport” />
<EventID Qualifiers=”49156″>12014</EventID>
<Level>2</Level>
<Task>12</Task>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime=”2018-04-02T09:01:19.000000000Z” />
<EventRecordID>1607403</EventRecordID>
<Channel>Application</Channel>
<Computer>EXCHANGE2010.mramedia-emd.net</Computer>
<Security />
</System>
<EventData>
<Data>EXCHANGE2010.mramedia-emd.net</Data>
<Data>Default EXCHANGE2010</Data>
</EventData>
</Event>

 

Dari event viewer di atas, terlihat jelas problem di certifcate EXCHANGE2010.mramedia-emd.net, jadi Exchange tidak bisa menemukan certificate untuk EXCHANGE2010.mramedia-emd.net.

Croscek di PowerShell, dengan perintah Get-ExchangeCertificate | FL * muncul informasi sebagai berikut :

Windows PowerShell
Copyright (C) 2009 Microsoft Corporation. All rights reserved.

PS C:\Users\administrator.MRAMEDIA-EMD> Get-ExchangeCertificate | FL *

AccessRules : {System.Security.AccessControl.CryptoKeyAccessRule, System.Security.AccessControl.CryptoKeyAcces
sRule, System.Security.AccessControl.CryptoKeyAccessRule, System.Security.AccessControl.CryptoKe
yAccessRule}
CertificateDomains : {EXCHANGE2010, EXCHANGE2010.mramedia-emd.net}
CertificateRequest :
IisServices : {IIS://EXCHANGE2010/W3SVC/1}
IsSelfSigned : True
KeyIdentifier : 3B5739CAE5E2A5A4A65FC5114F8EC9BC1324E72B
RootCAType : Unknown
Services : IMAP, POP, IIS, SMTP
Status : Invalid
SubjectKeyIdentifier :
PrivateKeyExportable : False
PublicKeySize : 2048
ServicesStringForm : IP.WS.
Archived : False
Extensions : {System.Security.Cryptography.Oid, System.Security.Cryptography.Oid, System.Security.Cryptograph
y.Oid, System.Security.Cryptography.Oid}
FriendlyName : Microsoft Exchange
IssuerName : System.Security.Cryptography.X509Certificates.X500DistinguishedName
NotAfter : 3/30/2018 1:35:26 AM
NotBefore : 3/30/2013 1:35:26 AM
HasPrivateKey : True
PrivateKey : System.Security.Cryptography.RSACryptoServiceProvider
PublicKey : System.Security.Cryptography.X509Certificates.PublicKey
RawData : {48, 130, 3, 37…}
SerialNumber : 75D6F5360786E2AF4911EEA2F09B2356
SubjectName : System.Security.Cryptography.X509Certificates.X500DistinguishedName
SignatureAlgorithm : System.Security.Cryptography.Oid
Thumbprint : DE5D3C9198FB47B7BF87FB1F638526E7B1A45B96
Version : 3
Handle : 551615056
Issuer : CN=EXCHANGE2010
Subject : CN=EXCHANGE2010

PS C:\Users\administrator.MRAMEDIA-EMD>

Dari hasil di atas, Fix kalo problem terjadi karena certificate harus di gunakan NotAfter : 3/30/2018 1:35:26 AM

Solusinya yaitu bikin certificate baru dengan cara

New-exchangecertificate -domainName EXCHANGE2010, EXCHANGE2010.mramedia-emd.net

Kemudian restart system transport Exchange nya..