An internal transport certificate expired. Thumbprint:%1

Details
Product: Exchange
Event ID: 12015
Source: MSExchangeTransport
Version: 8.0
Symbolic Name: InternalTransportCertificateExpired
Message: An internal transport certificate expired. Thumbprint:%1
Explanation
This Warning event indicates that the certificate that was used for internal trust on this computer has expired. Internal trust means that Microsoft Exchange Server 2007 uses a self-signed certificate for encryption. Internal refers to the fact that the data paths are between Exchange 2007 servers and within the corporate network that is defined by Active Directory.

When you subscribe an Edge Transport server to the Exchange organization, the subscription publishes the Edge Transport server certificate in Active Directory for the Hub Transport servers to validate. The Microsoft Exchange EdgeSync service updates ADAM with the set of Hub Transport server certificates for the Edge Transport server to validate.

User Action
To resolve this warning, you must use the New-ExchangeCertificate cmdlet to create a new internal transport certificate (also referred to as a direct trust certificate) on the computer that returned this Warning event. Running the New-ExchangeCertificate cmdlet with no arguments creates a Simple Mail Transfer Protocol (SMTP)-enabled certificate for direct trust. For more information, see New-ExchangeCertificate.

If this warning occurred on a Hub Transport server, you must create the internal transport certificate on the Hub Transport server where the warning occurred. After you have created the certificate, restart the Microsoft Exchange EdgeSync service to update the certificate information on the Edge Transport servers that are subscribed to the organization.

If this warning occurred on an Edge Transport server, you must create the internal transport certificate on the Edge Transport server where the warning occurred. After you have created the certificate, resubscribe the Edge Transport server to the Exchange organization to update the certificate information in Active Directory.

If you are not running the Microsoft Exchange EdgeSync service, you must manually update the certificate. For more information, see Configuring Mail Flow Between an Edge Transport Server and Hub Transport Servers Without Using EdgeSync.

If you are not already doing so, consider running the tools that Microsoft Exchange offers to help administrators analyze and troubleshoot their Exchange environment. These tools can help you make sure that your configuration is in line with Microsoft best practices. They can also help you identify and resolve performance issues, improve mail flow, and better manage disaster recovery scenarios. Go to the Toolbox node of the Exchange Management Console to run these tools now. For more information about these tools, see Toolbox in the Exchange Server 2007 Help.

Related:

Leave a Reply