Hello,
I have this error on all my Exchange 2013 SP1 mailbox servers:
"Microsoft Exchange could not find a certificate that contains the domain name "Chicago CAS FQDN" in the personal store on the local computer (looking at this error on LA MBX01). Therefore, it is unable to support the STARTTLS SMTP verb for
the connector "OUTBOUNDTOIRONPORT" with a FQDN parameter of "Chicago CAS FQDN". If the connector's FQDN is not specified, the computer's FQDN is used. Verify the connector configuration and the installed certificates to make sure that there
is a certficate with a domain name for that FQDN. If this certificate exists, run Enable-ExchangeCertificate - Services SMTP to make sure that the Microsoft Exchange Transport service has access to the certificate key."
I have 6 Exchange 2013 SP1 servers - all with CU6 (build 995.29).
I have intersite DAG across two sites - LA & Chicago.
SITES
LA:
LA CAS - Windows 2012
LA MBX01 - Windows 2012
LA MBX02 - Windows 2012
Chicago:
CH CAS - Windows 2012 R2
CH MBX01 - Windows 2012
CH MBX02 - Windows 2012
1 DAG:
Members - LA MBX01, LA MBX02, CH MBX01, CH MBX02.
The certificate installed on both LA and Chicago CAS is an external certificate from DigiCert. All mail routing goes out via IronPort located in Chicago site. The SEND connector "OUTBOUNDTOIRONPORT" has the Chicago IronPort appliance is smarthost.
All of the mailbox servers (DAG members) are added as SOURCE SERVERS in the connector. At some point, I'll be configuring a new SEND connector and enable SCOPED SEND Connectors. We also have another IronPort ready in LA site.
So, this error is confusing to me because the external certificate from DigiCert has SMTP services tied to it and outbound email is flowing from MBX servers to Chicago IronPort and out. As I understand, mailbox servers do not require external certificates only
CAS because all connectivity is proxied through CAS servers.
What do I need to do to get rid of that error? Thanks!