查看完整版本: [-- Exchange 2007 边缘出现证书错误 ID 12014 12015 --]

Exchange技术论坛 -> Exchange Server 2007 -> Exchange 2007 边缘出现证书错误 ID 12014 12015 [打印本页]

登录 -> 注册 -> 回复主题 -> 发表主题

达佰仕

2013-08-14 17:42

Exchange 2007 边缘出现证书错误 ID 12014 12015

边缘的错误
ID12014 提示
Microsoft Exchange couldn't find a certificate that contains the domain name S08602.test.com in the personal store on the local computer. Therefore, it is unable to support the STARTTLS SMTP verb for the connector edgesync - default-first-site-name to internet with a FQDN parameter of S08602.test.cn. If the connector's FQDN is not specified, the computer's FQDN is used. Verify the connector configuration and the installed certificates to make sure that there is a certificate with a domain name for that FQDN. If this certificate exists, run Enable-ExchangeCertificate -Services SMTP to make sure that the Microsoft Exchange Transport service has access to the certificate key.

ID12015提示
An internal transport certificate expired. Thumbprint:4AF4E76CBBBF025B227E94237982B51931FE8E6A

下面这条是邮件服务器的错误
The remote internal transport certificate expired. Certificate subject: CN=S08602.

邮件有时候收发不正常，请教各位高手！

opop	2013-08-15 16:22
这个报错应该是边缘服务器上的SMTP服务上绑定的证书过期了导致的。执行下列命令并将结果贴出来看看： Get-ExchangeCertificate \|fl

达佰仕	2013-08-16 09:19
运行命令后结果如下： [attachment=1994]

opop	2013-08-19 14:26
达佰仕:运行命令后结果如下： [图片](2013-08-16 09:19)嬀/color] 这说明edge上没有证书。建议到HUB和Mailbox服务器上分别执行该命令，并将结果贴出来看看。主要是找到Thumbprint为4AF4E76CBBBF025B227E94237982B51931FE8E6A的证书是哪一张。

达佰仕	2013-08-22 10:58
是哪条命令呢？

opop	2013-08-22 13:51
达佰仕:是哪条命令呢？(2013-08-22 10:58)嬀/color] Get-ExchangeCertificate \|fl

达佰仕

2013-08-31 14:59

执行后出现的错误提示：
[PS] C:\Windows\system32>Get-ExchangeCertificate |fl
Get-ExchangeCertificate : Unable to create Internet Information Services (IIS)
directory entry. Error message is: Access is denied.
. HResult = -2147024891.
At line:1 char:24
+ Get-ExchangeCertificate <<<<  |fl
    + CategoryInfo          : NotSpecified: (0:Int32) [Get-ExchangeCertificate
   ], IISGeneralCOMException
    + FullyQualifiedErrorId : DDE7F5A4,Microsoft.Exchange.Management.SystemCon
   figurationTasks.GetExchangeCertificate

opop

2013-09-02 16:09

达佰仕:执行后出现的错误提示：
[PS] C:\Windows\system32>Get-ExchangeCertificate |fl
Get-ExchangeCertificate : Unable to create Internet Information Services (IIS)
directory entry. Error message is: Access is denied.
. HResult = -2147024891.
.......(2013-08-31 14:59)嬀/color]

账号权限不对。建议打开Exchange命令行管理工具的时候，右键点击，然后选择Run as Administrator，然后再次尝试。

达佰仕

2013-09-09 15:34

运行的结果如下：
[PS] C:\Windows\system32>Get-ExchangeCertificate |fl

AccessRules        : {System.Security.AccessControl.CryptoKeyAccessRule, System
                     .Security.AccessControl.CryptoKeyAccessRule, System.Securi
                     ty.AccessControl.CryptoKeyAccessRule}
CertificateDomains : {webmail.jpe.cc, S08622.jinnpina.com.cn, S08622, autodisco
                     ver.jinnpina.com.cn}
HasPrivateKey      : True
IsSelfSigned       : False
Issuer             : CN=jinnpina-S08603-CA, DC=jinnpina, DC=com, DC=cn
NotAfter           : 4/30/2014 11:33:24 AM
NotBefore          : 4/30/2012 11:33:24 AM
PublicKeySize      : 2048
RootCAType         : Enterprise
SerialNumber       : 53780A82000000000010
Services           : IMAP, POP, UM, IIS, SMTP
Status             : Valid
Subject            : CN=webmail.jpe.cc, O=JPE, L=Zhuhai, S=Zhuhai, C=CN
Thumbprint         : FAEDA25541860CB25EACDF5A4F3A049C0FEE2CF6

AccessRules        : {System.Security.AccessControl.CryptoKeyAccessRule, System
                     .Security.AccessControl.CryptoKeyAccessRule, System.Securi
                     ty.AccessControl.CryptoKeyAccessRule, System.Security.Acce
                     ssControl.CryptoKeyAccessRule}
CertificateDomains : {S08622, S08622.jinnpina.com.cn}
HasPrivateKey      : True
IsSelfSigned       : True
Issuer             : CN=S08622
NotAfter           : 11/23/2012 2:27:54 AM
NotBefore          : 11/23/2011 2:27:54 AM
PublicKeySize      : 2048
RootCAType         : Registry
SerialNumber       : 693F54FBE4538BA74B126459921E7766
Services           : UM, SMTP
Status             : DateInvalid
Subject            : CN=S08622
Thumbprint         : 725C0BAC45D055E87E7D54B1695C77E4E0CFE979

AccessRules        : {System.Security.AccessControl.CryptoKeyAccessRule, System
                     .Security.AccessControl.CryptoKeyAccessRule, System.Securi
                     ty.AccessControl.CryptoKeyAccessRule, System.Security.Acce
                     ssControl.CryptoKeyAccessRule}
CertificateDomains : {S08622, S08622.jinnpina.com.cn}
HasPrivateKey      : True
IsSelfSigned       : True
Issuer             : CN=S08622
NotAfter           : 11/22/2012 1:30:37 AM
NotBefore          : 11/22/2011 1:30:37 AM
PublicKeySize      : 2048
RootCAType         : Registry
SerialNumber       : 2A5A932A0B8DF180465DDE7AD9F51CA1
Services           : UM, SMTP
Status             : DateInvalid
Subject            : CN=S08622
Thumbprint         : 059A748E1A4F381BBA4AE08A4A62E546EF2DE16F

AccessRules        : {System.Security.AccessControl.CryptoKeyAccessRule, System
                     .Security.AccessControl.CryptoKeyAccessRule, System.Securi
                     ty.AccessControl.CryptoKeyAccessRule, System.Security.Acce
                     ssControl.CryptoKeyAccessRule}
CertificateDomains : {S08622, S08622.jinnpina.com.cn}
HasPrivateKey      : True
IsSelfSigned       : True
Issuer             : CN=S08622
NotAfter           : 11/19/2012 1:33:51 AM
NotBefore          : 11/19/2011 1:33:51 AM
PublicKeySize      : 2048
RootCAType         : Unknown
SerialNumber       : 3D088E4EF94CCE944868DC116F4A1B1E
Services           : UM, SMTP
Status             : Invalid
Subject            : CN=S08622
Thumbprint         : E18D507584D1BB5EB6124B23B9912801D3EAFB4E

AccessRules        : {System.Security.AccessControl.CryptoKeyAccessRule, System
                     .Security.AccessControl.CryptoKeyAccessRule, System.Securi
                     ty.AccessControl.CryptoKeyAccessRule, System.Security.Acce
                     ssControl.CryptoKeyAccessRule}
CertificateDomains : {S08622, S08622.jinnpina.com.cn}
HasPrivateKey      : True
IsSelfSigned       : True
Issuer             : CN=S08622
NotAfter           : 11/18/2012 3:20:34 AM
NotBefore          : 11/18/2011 3:20:34 AM
PublicKeySize      : 2048
RootCAType         : Registry
SerialNumber       : A7D245633412D3BE408A9DC74FE2C276
Services           : UM, SMTP
Status             : DateInvalid
Subject            : CN=S08622
Thumbprint         : F137FC3A894F5B918978D182668CD2E60DF96471

AccessRules        : {System.Security.AccessControl.CryptoKeyAccessRule, System
                     .Security.AccessControl.CryptoKeyAccessRule, System.Securi
                     ty.AccessControl.CryptoKeyAccessRule}
CertificateDomains : {s08612.jinnpina.com.cn}
HasPrivateKey      : True
IsSelfSigned       : False
Issuer             : CN=jinnpina-S08603-CA, DC=jinnpina, DC=com, DC=cn
NotAfter           : 11/4/2013 7:07:08 PM
NotBefore          : 11/5/2011 7:07:08 PM
PublicKeySize      : 1024
RootCAType         : Enterprise
SerialNumber       : 4E8F335B000000000005
Services           : None
Status             : Valid
Subject            : CN=s08612.jinnpina.com.cn, OU=jpe, O=jpe, L=zh, S=gd, C=CN
Thumbprint         : B2EED7A82B03C2D92105751646A7F9E0E18ED612

[PS] C:\Windows\system32>

opop

2013-09-10 11:03

达佰仕:运行的结果如下：
[PS] C:\Windows\system32>Get-ExchangeCertificate |fl
AccessRules: {System.Security.AccessControl.CryptoKeyAccessRule, System
.......(2013-09-09 15:34)嬀/color]

HUB上的证书是正常的，如果edge上Get-ExchangeCertificate |fl 还是没有返回结果的话，你需要在Edge服务器上新建一张证书，包含12014报错里面提到的S08602.test.com，并作用在SMTP服务上，然后需要重新订阅Edge服务以更新AD里面的证书信息。

参考：http://technet.microsoft.com/en-us/library/bb218165(v=exchg.80).aspx

达佰仕

2013-09-10 14:36

edge上运行的结果如下：

[PS] C:\Windows\system32>Get-ExchangeCertificate |fl

AccessRules        : {System.Security.AccessControl.CryptoKeyAccessRule, System
                     .Security.AccessControl.CryptoKeyAccessRule, System.Securi
                     ty.AccessControl.CryptoKeyAccessRule}
CertificateDomains : {webmail.jpe.cc, S08622.jinnpina.com.cn, S08622, autodisco
                     ver.jinnpina.com.cn}
HasPrivateKey      : True
IsSelfSigned       : False
Issuer             : CN=jinnpina-S08603-CA, DC=jinnpina, DC=com, DC=cn
NotAfter           : 4/30/2014 11:33:24 AM
NotBefore          : 4/30/2012 11:33:24 AM
PublicKeySize      : 2048
RootCAType         : Enterprise
SerialNumber       : 53780A82000000000010
Services           : None
Status             : Valid
Subject            : CN=webmail.jpe.cc, O=JPE, L=Zhuhai, S=Zhuhai, C=CN
Thumbprint         : FAEDA25541860CB25EACDF5A4F3A049C0FEE2CF6
AccessRules        : {System.Security.AccessControl.CryptoKeyAccessRule, System
                     .Security.AccessControl.CryptoKeyAccessRule, System.Securi
                     ty.AccessControl.CryptoKeyAccessRule, System.Security.Acce
                     ssControl.CryptoKeyAccessRule}
CertificateDomains : {S08602, S08602.jinnpina.com.cn}
HasPrivateKey      : True
IsSelfSigned       : True
Issuer             : CN=S08602
NotAfter           : 11/5/2012 1:59:48 PM
NotBefore          : 11/5/2011 1:59:48 PM
PublicKeySize      : 2048
RootCAType         : Unknown
SerialNumber       : DDD9A6071F0306BA4797AD234462CDBD
Services           : SMTP
Status             : Invalid
Subject            : CN=S08602
Thumbprint         : 4AF4E76CBBBF025B227E94237982B51931FE8E6A

[PS] C:\Windows\system32>

opop	2013-09-10 15:05
达佰仕:edge上运行的结果如下： [PS] C:\Windows\system32>Get-ExchangeCertificate \|fl .......(2013-09-10 14:36)嬀/color] 从edge上的结果来看，第二张证书过期了，所以报错12014。在edge上执行下列命令即可renew该证书： Get-ExchangeCertificate -Thumbprint FAEDA25541860CB25EACDF5A4F3A049C0FEE2CF6 \| New-ExchangeCertificate

达佰仕	2013-09-13 10:57
更新证书后是即可生效还是要重启机器？谢谢！

opop	2013-09-13 16:18
达佰仕:更新证书后是即可生效还是要重启机器？谢谢！(2013-09-13 10:57)嬀/color] 重启一下传输服务

达佰仕

2013-09-13 16:27

更新证书重启mailbox 跟edgs后外网邮件收发不了，出现了以下错误提示：
错误ID：1005
The EdgeSync credential cn=ESRA.S08602.S08622.0,CN=Services,CN=Configuration,CN={104D00FF-8BD9-4AB5-A56A-A315CF554384} could not be decrypted by using the certificate with thumbprint 030F881D038B58C67ABB810B45AA5FCFA6B50020. The exception is Bad Data.
. To resolve this problem, unsubscribe and resubscribe your Edge Transport server.

The EdgeSync credential cn=ESRA.S08602.S08622.1,CN=Services,CN=Configuration,CN={104D00FF-8BD9-4AB5-A56A-A315CF554384} could not be decrypted by using the certificate with thumbprint 030F881D038B58C67ABB810B45AA5FCFA6B50020. The exception is Bad Data.
. To resolve this problem, unsubscribe and resubscribe your Edge Transport server.
错误ID12014
Microsoft Exchange couldn't find a certificate that contains the domain name S08602.jinnpina.com.cn in the personal store on the local computer. Therefore, it is unable to support the STARTTLS SMTP verb for the connector edgesync - inbound to default-first-site-name with a FQDN parameter of S08602.jinnpina.com.cn. If the connector's FQDN is not specified, the computer's FQDN is used. Verify the connector configuration and the installed certificates to make sure that there is a certificate with a domain name for that FQDN. If this certificate exists, run Enable-ExchangeCertificate -Services SMTP to make sure that the Microsoft Exchange Transport service has access to the certificate key.

达佰仕

2013-09-14 09:56

1.现在的情况是，在Edge上更新了证书Get-ExchangeCertificate -Thumbprint FAEDA25541860CB25EACDF5A4F3A049C0FEE2CF6 | New-ExchangeCertificate 后
把Edge的证书 New-EdgeSubscription生成XML文件
[attachment=2065]
2.再到mailbox上把之前的订阅删除，新建边缘订阅（然后把mailbox跟edge重启）邮箱收发属正常，但Edge上还报ID12014错误。
[attachment=2066]
3.Edge上报ID12014错误，（mailbox上已经没有报证书错误了）
Microsoft Exchange couldn't find a certificate that contains the domain name S08602.jinnpina.com.cn in the personal store on the local computer. Therefore, it is unable to support the STARTTLS SMTP verb for the connector edgesync - inbound to default-first-site-name with a FQDN parameter of S08602.jinnpina.com.cn. If the connector's FQDN is not specified, the computer's FQDN is used. Verify the connector configuration and the installed certificates to make sure that there is a certificate with a domain name for that FQDN. If this certificate exists, run Enable-ExchangeCertificate -Services SMTP to make sure that the Microsoft Exchange Transport service has access to the certificate key.
4.mailbox上新的边缘订阅状态好像一直是重试的状态
[attachment=2067]
5.现在mailbox跟edge的证书信息如下：

mailbox 的证书信息
[PS] C:\Windows\system32>Get-ExchangeCertificate |fl

AccessRules        : {System.Security.AccessControl.CryptoKeyAccessRule, System
                     .Security.AccessControl.CryptoKeyAccessRule, System.Securi
                     ty.AccessControl.CryptoKeyAccessRule}
CertificateDomains : {webmail.jpe.cc, S08622.jinnpina.com.cn, S08622, autodisco
                     ver.jinnpina.com.cn}
HasPrivateKey      : True
IsSelfSigned       : False
Issuer             : CN=jinnpina-S08603-CA, DC=jinnpina, DC=com, DC=cn
NotAfter           : 4/30/2014 11:33:24 AM
NotBefore          : 4/30/2012 11:33:24 AM
PublicKeySize      : 2048
RootCAType         : Enterprise
SerialNumber       : 53780A82000000000010
Services           : IMAP, POP, UM, IIS, SMTP
Status             : Valid
Subject            : CN=webmail.jpe.cc, O=JPE, L=Zhuhai, S=Zhuhai, C=CN
Thumbprint         : FAEDA25541860CB25EACDF5A4F3A049C0FEE2CF6
AccessRules        : {System.Security.AccessControl.CryptoKeyAccessRule, System
                     .Security.AccessControl.CryptoKeyAccessRule, System.Securi
                     ty.AccessControl.CryptoKeyAccessRule, System.Security.Acce
                     ssControl.CryptoKeyAccessRule}
CertificateDomains : {S08622, S08622.jinnpina.com.cn}
HasPrivateKey      : True
IsSelfSigned       : True
Issuer             : CN=S08622
NotAfter           : 11/23/2012 2:27:54 AM
NotBefore          : 11/23/2011 2:27:54 AM
PublicKeySize      : 2048
RootCAType         : Registry
SerialNumber       : 693F54FBE4538BA74B126459921E7766
Services           : UM, SMTP
Status             : DateInvalid
Subject            : CN=S08622
Thumbprint         : 725C0BAC45D055E87E7D54B1695C77E4E0CFE979
AccessRules        : {System.Security.AccessControl.CryptoKeyAccessRule, System
                     .Security.AccessControl.CryptoKeyAccessRule, System.Securi
                     ty.AccessControl.CryptoKeyAccessRule, System.Security.Acce
                     ssControl.CryptoKeyAccessRule}
CertificateDomains : {S08622, S08622.jinnpina.com.cn}
HasPrivateKey      : True
IsSelfSigned       : True
Issuer             : CN=S08622
NotAfter           : 11/22/2012 1:30:37 AM
NotBefore          : 11/22/2011 1:30:37 AM
PublicKeySize      : 2048
RootCAType         : Registry
SerialNumber       : 2A5A932A0B8DF180465DDE7AD9F51CA1
Services           : UM, SMTP
Status             : DateInvalid
Subject            : CN=S08622
Thumbprint         : 059A748E1A4F381BBA4AE08A4A62E546EF2DE16F
AccessRules        : {System.Security.AccessControl.CryptoKeyAccessRule, System
                     .Security.AccessControl.CryptoKeyAccessRule, System.Securi
                     ty.AccessControl.CryptoKeyAccessRule, System.Security.Acce
                     ssControl.CryptoKeyAccessRule}
CertificateDomains : {S08622, S08622.jinnpina.com.cn}
HasPrivateKey      : True
IsSelfSigned       : True
Issuer             : CN=S08622
NotAfter           : 11/19/2012 1:33:51 AM
NotBefore          : 11/19/2011 1:33:51 AM
PublicKeySize      : 2048
RootCAType         : Unknown
SerialNumber       : 3D088E4EF94CCE944868DC116F4A1B1E
Services           : UM, SMTP
Status             : Invalid
Subject            : CN=S08622
Thumbprint         : E18D507584D1BB5EB6124B23B9912801D3EAFB4E
AccessRules        : {System.Security.AccessControl.CryptoKeyAccessRule, System
                     .Security.AccessControl.CryptoKeyAccessRule, System.Securi
                     ty.AccessControl.CryptoKeyAccessRule, System.Security.Acce
                     ssControl.CryptoKeyAccessRule}
CertificateDomains : {S08622, S08622.jinnpina.com.cn}
HasPrivateKey      : True
IsSelfSigned       : True
Issuer             : CN=S08622
NotAfter           : 11/18/2012 3:20:34 AM
NotBefore          : 11/18/2011 3:20:34 AM
PublicKeySize      : 2048
RootCAType         : Registry
SerialNumber       : A7D245633412D3BE408A9DC74FE2C276
Services           : UM, SMTP
Status             : DateInvalid
Subject            : CN=S08622
Thumbprint         : F137FC3A894F5B918978D182668CD2E60DF96471
AccessRules        : {System.Security.AccessControl.CryptoKeyAccessRule, System
                     .Security.AccessControl.CryptoKeyAccessRule, System.Securi
                     ty.AccessControl.CryptoKeyAccessRule}
CertificateDomains : {s08612.jinnpina.com.cn}
HasPrivateKey      : True
IsSelfSigned       : False
Issuer             : CN=jinnpina-S08603-CA, DC=jinnpina, DC=com, DC=cn
NotAfter           : 11/4/2013 7:07:08 PM
NotBefore          : 11/5/2011 7:07:08 PM
PublicKeySize      : 1024
RootCAType         : Enterprise
SerialNumber       : 4E8F335B000000000005
Services           : None
Status             : Valid
Subject            : CN=s08612.jinnpina.com.cn, OU=jpe, O=jpe, L=zh, S=gd, C=CN
Thumbprint         : B2EED7A82B03C2D92105751646A7F9E0E18ED612
[PS] C:\Windows\system32>

Edge上的证书信息
[PS] C:\Windows\system32>Get-ExchangeCertificate |fl

AccessRules        : {System.Security.AccessControl.CryptoKeyAccessRule, System
                     .Security.AccessControl.CryptoKeyAccessRule, System.Securi
                     ty.AccessControl.CryptoKeyAccessRule, System.Security.Acce
                     ssControl.CryptoKeyAccessRule}
CertificateDomains : {webmail.jpe.cc, S08622.jinnpina.com.cn, S08622, autodisco
                     ver.jinnpina.com.cn}
HasPrivateKey      : True
IsSelfSigned       : True
Issuer             : C=CN, S=Zhuhai, L=Zhuhai, O=JPE, CN=webmail.jpe.cc
NotAfter           : 9/13/2014 3:28:12 PM
NotBefore          : 9/13/2013 3:28:12 PM
PublicKeySize      : 2048
RootCAType         : None
SerialNumber       : A314B9CBC567A9AE4B85D7065B26B4A2
Services           : SMTP
Status             : Valid
Subject            : C=CN, S=Zhuhai, L=Zhuhai, O=JPE, CN=webmail.jpe.cc
Thumbprint         : 030F881D038B58C67ABB810B45AA5FCFA6B50020
AccessRules        : {System.Security.AccessControl.CryptoKeyAccessRule, System
                     .Security.AccessControl.CryptoKeyAccessRule, System.Securi
                     ty.AccessControl.CryptoKeyAccessRule}
CertificateDomains : {webmail.jpe.cc, S08622.jinnpina.com.cn, S08622, autodisco
                     ver.jinnpina.com.cn}
HasPrivateKey      : True
IsSelfSigned       : False
Issuer             : CN=jinnpina-S08603-CA, DC=jinnpina, DC=com, DC=cn
NotAfter           : 4/30/2014 11:33:24 AM
NotBefore          : 4/30/2012 11:33:24 AM
PublicKeySize      : 2048
RootCAType         : Enterprise
SerialNumber       : 53780A82000000000010
Services           : None
Status             : Valid
Subject            : CN=webmail.jpe.cc, O=JPE, L=Zhuhai, S=Zhuhai, C=CN
Thumbprint         : FAEDA25541860CB25EACDF5A4F3A049C0FEE2CF6
AccessRules        : {System.Security.AccessControl.CryptoKeyAccessRule, System
                     .Security.AccessControl.CryptoKeyAccessRule, System.Securi
                     ty.AccessControl.CryptoKeyAccessRule, System.Security.Acce
                     ssControl.CryptoKeyAccessRule}
CertificateDomains : {S08602, S08602.jinnpina.com.cn}
HasPrivateKey      : True
IsSelfSigned       : True
Issuer             : CN=S08602

请给出详细的操作步骤，或者加我QQ 595225937以便好处理，万分感谢！

达佰仕	2013-09-16 14:21
已经三十几个小时了，管理员人呢。继续在线等待高手出现！！！

opop

2013-09-16 14:54

达佰仕:1.现在的情况是，在Edge上更新了证书Get-ExchangeCertificate -Thumbprint FAEDA25541860CB25EACDF5A4F3A049C0FEE2CF6 | New-ExchangeCertificate 后
把Edge的证书 New-EdgeSubscription生成XML文件
[图片]
2.再到mailbox上把之前的订阅删除，新建边缘订阅（然后把m .. (2013-09-14 09:56)

抱歉上次给的命令中复制错了Thumbprint导致renew的是第一张证书而不是我们要的第二张。需要再次执行下列命令以renew那张CertificateDomains里面包含S08602的证书。

Get-ExchangeCertificate -Thumbprint 4AF4E76CBBBF025B227E94237982B51931FE8E6A | New-ExchangeCertificate

达佰仕	2013-09-16 15:36
在Edge上更新 Get-ExchangeCertificate -Thumbprint 4AF4E76CBBBF025B227E94237982B51931FE8E6A \| New-ExchangeCertificate 证书后要不要在mailbox新建边缘订阅？谢谢！

opop

2013-09-16 16:35

达佰仕:在Edge上更新 Get-ExchangeCertificate -Thumbprint 4AF4E76CBBBF025B227E94237982B51931FE8E6A | New-ExchangeCertificate证书后要不要在mailbox新建边缘订阅？谢谢！(2013-09-16 15:36)嬀/color]

更新完证书之后应该需要重新进行边缘订阅已更新AD中的证书状态。

记得更新完证书之后，执行Get-ExchangeCertificate |fl，确保新的那张证书CertificateDomains里面有S08602, S08602.jinnpina.com.cn，并且Services后面显示有SMTP。然后再重新进行边缘订阅。

参考：
http://www.msexchange.org/kbase/ExchangeServerTips/ExchangeServer2007/ManagementAdministration/HowtorenewtheExchangeEdgeServerSMTPcertificate.html

达佰仕	2013-09-16 17:01
问题已解决，在Edge上更新 Get-ExchangeCertificate -Thumbprint 4AF4E76CBBBF025B227E94237982B51931FE8E6A \| New-ExchangeCertificate 之后。在Edge跟mailbox上重启Exchange Tramsport 服务，再到mailbox新建边缘订阅，然后重启mailbox的Exchange Tramsport 跟Edge 的Exchange Tramsport ，Exhcnage ADAM服务。邮件收发正常，日志也没有报错了。谢谢管理员~~~

opop	2013-09-16 17:14
达佰仕:问题已解决，在Edge上更新 Get-ExchangeCertificate -Thumbprint 4AF4E76CBBBF025B227E94237982B51931FE8E6A \| New-ExchangeCertificate之后。在Edge跟mailbox上重启Exchange Tramsport 服务，再到mailbox新建边缘订阅，然后重启mailbox的Exchange Tramsport 跟Edge ..(2013-09-16 17:01)嬀/color] Cool~~

wenbin

2018-01-02 20:27

你好，老师

我也出现该错误日志
错误提示是
EdgeSync 无法使用默认 Exchange 证书的私钥解密边缘传输服务器 cl-mail.zh.com 的凭据，出现异常要解密的数据超过此模块的最大值 128 字节。。该证书的指纹是 5A4010DEA4430F368703594412930D67FC659CFE，主题是 CN=mail.zh.com, OU=IT, O=Cos, L=zhuhai, S=guangdong, C=CN。请使用 Enable-ExchangeCertificate 或 New-ExchangeCertificate 设置正确的 Exchange 默认证书，然后重新订阅边缘传输服务器 cl-mail.zh.com。

运行Get-ExchangeCertificate |fl 后提示。。
[attachment=3434]

查看完整版本: [-- Exchange 2007 边缘出现证书错误 ID 12014 12015 --] [-- top --]

Powered by phpwind v8.7.1 Code ©2003-2011 phpwind
Time 0.024111 second(s),query:6 Gzip enabled