This error is quite common and is generally ignored by administrators because it doesn’t usually cause any problems but we’ll look at how to fix it in this post. The full error is below:
Microsoft Exchange could not find a certificate that contains the domain name litex01.litwareinc.com in the personal store on the local computer. Therefore, it is unable to support the STARTTLS SMTP verb for the connector Intra-Organization SMTP Send Connector with a FQDN parameter of litex01.litwareinc.com. If the connector’s FQDN is not specified, the computer’s FQDN is used. Verify the connector configuration and the installed certificates to make sure that there is a certificate with a domain name for that FQDN. If this certificate exists, run Enable-ExchangeCertificate -Services SMTP to make sure that the Microsoft Exchange Transport service has access to the certificate key.
Event ID 12014 Explanation
When Exchange needs to send an email using TLS, such as internal emails between Exchange servers, it requires a certificate that can is enabled for SMTP and has a name that matches the FQDN on the send connectors and receive connectors.
The problem here is that Exchange cannot find a certificate which has the required name. In my example above, my server FQDN is litex01.litwareinc.com and we can confirm that no certificates have this name by running the below command:
Get-ExchangeCertificate | fl Thumbprint,CertificateDomains,IsSelfSigned,Services
How to fix Event ID 12014
When Exchange is first installed, this error is not logged. The reason is that Exchange installs a self-signed certificate with the hostname and FQDN of the server, i.e. litex01 and litex01.litwareinc.com in our case.
To recreate the self-signed certificate and assign it to the SMTP service, run the command below:
New-ExchangeCertificate -Force
We can now confirm that the certificate has the correct names and is assigned to the SMTP service:
Get-ExchangeCertificate | fl Thumbprint,CertificateDomains,IsSelfSigned,Services
This should now stop event ID 12014 being logged.