In my case it wasn't the KB article found here.
Turned out to be a certificate Service assignment that got lost.
The error in the Eventviewer was:
EventID: 12023
Level: Warning
Task Category: Transportservice
Source: MSExchangeFrontEndTransport
Source: MSExchangeFrontEndTransport
Microsoft Exchange could not load the certificate with thumbprint of BAE49XX5021785XX4433FXXA78XX434CXXBD4EXX from the personal store on the local computer. This certificate was configured for authentication with other Exchange servers. Mail flow to other Exchange servers could be affected by this error. If the certificate with this thumbprint still exists in the personal store, run Enable-ExchangeCertificate BAE49XX5021785XX4433FXXA78XX434CXXBD4EXX -Services SMTP to resolve the issue. If the certificate does not exist in the personal store, restore it from backup by using the Import-ExchangeCertificate cmdlet, or create a new certificate for the FQDN or the server enabled for SMTP by running the following command: New-ExchangeCertificate -DomainName serverfqdn -Services SMTP. Meanwhile, the certificate with thumbprint XX728XXD9AD2D55XXE9F9D4BEXX8949AE4DXXCBA is being used.
When running the command:
When running the command:
Get-ExchangeCertificate Thumbprint Services Subject ---------- -------- ------- 499A246DF957FDF438CD9C7BF5DB070E326B0AF9 ...W... CN=sr-XXXXX.domain.lan, O=Trend Micro ScanMail for Microsoft Ex... 4272892D9AD2D557DE9F9D4BEB98949AE4D8CCBA ....... CN=sr-XXXXX.domain.lan 065470FCE311211810679A92A4A2F67708E29398 ....... CN=SkypeforBusiness-OWA DA9D8609DED5198F1AEEE96E3CCE33ED7323DA5E IP.WS.. CN=service0.domain.lan ECB0F4D6FE4BCA7B6DAB79C96F491222F845B3B9 ....S.. CN=service1.domain.nl, O=domain N.V., L=City, S=State, C=NL E40C46317EE13A419C3B41334EFEA37EFC7E5813 ....S.. CN=sr-XXXXX 2B55508050B8C4269D4DA3EE5C97B346AEAFDF7C ....... CN=WMSvc-SR-XXXXX 93EEEB92883AB769FD22226B8B78DAB4C60EABD0 ....S.. CN=Microsoft Exchange Server Auth Certificate Enable-ExchangeCertificate DA9D8609DED5198F1AEEE96E3CCE33ED7323DA5E -Services SMTP Confirm Overwrite the existing default SMTP certificate? Current certificate: 'BAE49EF5021785CA4433F25A7800434CA4BD4E6E' (expires 21-11-2017 13:51:22) Replace it with certificate: 'DA9D8609DED5198F1AEEE96E3CCE33ED7323DA5E' (expires 26-9-2020 14:12:44) [Y] Yes [A] Yes to All [N] No [L] No to All [?] Help (default is "Y"): y A special Rpc error occurs on server SR-XXXXX: The internal transport certificate for the local server was damaged or m issing in Active Directory. The problem has been fixed. However, if you have existing Edge Subscriptions, you must subs cribe all Edge Transport servers again by using the New-EdgeSubscription cmdlet in the Shell. + CategoryInfo : ObjectNotFound: (:) [Enable-ExchangeCertificate], InvalidOperationException + FullyQualifiedErrorId : [Server=SR-XXXXX,RequestId=30ee7bbb-899d-4cb0-b4e2-8d7862775a41,TimeStamp=19-10-2018 10: 06:00] [FailureCategory=Cmdlet-InvalidOperationException] FD2ADDFB,Microsoft.Exchange.Management.SystemConfigurati onTasks.EnableExchangeCertificate + PSComputerName : sr-XXXXX.domain.lan
As soon as I ran this command mail flow started again.
No comments:
Post a Comment