November 20, 2007
@ 04:23 PM
Comments [0]
Exchange 2007 Error "A direct trust certificate will expire soon" Event ID 12017

The error message:

Event Type:        Warning
Event Source:    MSExchangeTransport
Event Category:                TransportService
Event ID:              12017
Description:
A direct trust certificate will expire soon. Thumbprint:<thumbprint>, hours remaining: <some number>

Summary Solution:

  1. Make a new Exchange certificate, and enable it for SMTP transport.
    1. If the error is logged on the hub transport server:
      1. Create the cert on the HT where the warning occurred - http://technet.microsoft.com/en-ca/library/aa998327.aspx
      2. Restart the EdgeSync service to update certificate information on the edge transport servers which are subscribed to the organization
      3. Run Start-EdgeSynchronization
    2. If the error is logged on the edge transport server:
      1. Create the certificate on the ET server - http://technet.microsoft.com/en-ca/library/aa998327.aspx
      2. Resubscribe the ET server to the Exchange organization - see http://blog.justinho.com/2008/01/20/SubscribingResubscribingMicrosoftExchange2007EdgeTransportServersToAnExchangeOrganization.aspx
    3. If you're not using the EdgeSync service, and you have things configured manually: http://technet.microsoft.com/en-ca/library/bb232082.aspx

More information: http://technet.microsoft.com/en-us/library/bb217963.aspx

More information:

To resolve this warning, you must use the New-ExchangeCertificate cmdlet to create a new internal transport certificate (also referred to as a direct trust certificate) on the computer that returned this Warning event. Running the New-ExchangeCertificate cmdlet with no arguments creates an SMTP-enabled internal transport certificate for direct trust. For more information, see New-ExchangeCertificate.

If this warning occurred on a Hub Transport server, you must create the internal transport certificate on the Hub Transport server where the warning occurred. After you have created the certificate, restart the Microsoft Exchange EdgeSync service to update the certificate information on the Edge Transport servers that are subscribed to the organization.  (I also ran Start-EdgeSynchronization on my hub server to be safe.)

If this warning occurred on an Edge Transport server, you must create the internal transport certificate on the Edge Transport server where the warning occurred. After you have created the certificate, resubscribe the Edge Transport server to the Exchange organization to update the certificate information in Active Directory.


 
Categories: Exchange 2007 | IT

« Software vulnerabilities | Home | SVCHOST.exe sucking/consuming 100% CPU »