Exchange 07 One Year after Install
(Event ID: 12018 or 12016)

If your Exchange 2007 Server is approaching or past its one year anniversary you may start seeing the following errors in the Application Event Log

Event Source: MSExchangeTransport
Event Category: TransportService
Event ID: 12018
Description: The STARTTLS certificate will expire soon…

or

Event Source: MSExchangeTransport
Event Category: TransportService
Event ID: 12016
Description: There is no valid SMTP Transport Layer Security (TLS) certificate…

Solving the problem is simple.

To begin let see the currently installed certificate by running:
Get-ExchangeCertificate | List

NotAfter – shows the certificate expiry date

Services – shows that the certificate applies to IMAP, POP, IIS and SMTP

Thumbprint – will use this to identify and make changes to this certificate

Creating a new certificate is just a matter of running the cmdlet:
New-ExchangeCertificate

Rerun Get-ExchangeCertificate
If any Services are missing from the new Certificate
Ex.  Services           : IMAP, POP, SMTP   (IIS is missing)
Run:
Enable-ExchangeCertificate -Thumbprint  xxxxxxx -Service IIS

To remove the old Certificate:

Remove-ExchangeCertificate -Thumbprint xxxxxxx


Leave a Reply