So you are running MS Exchange and suddenly your Active Sync for your users stops working, you notice other issues are also occurring. You examine the Event Log and notice the following
Event ID 12014 Microsoft Exchange couldn’t find a certificate that contains the domain name names.domain.co.uk in the personal store on the local computer.
Before you do anything else don’t panic, You don’t need to be an expert in Windows Certificates!
Examine the event ID again, the crucial parts are in the first sentence.
Microsoft Exchange couldn’t find a certificate the contain the domain name names.domain.co.uk
So firstly we are looking for a certificate with whatever domain name is mentioned (we are using names.domain.co.uk as each persons will be different)
Secondly;
in the personal store on the local computer
So the names.domain.co.uk certificate must be in the personal store on your exchange server and it appears to no longer be there.
Panic, we no longer have that certificate. OK we said “Don’t panic”, we will simply create a new one and install it.
There are two steps to getting a certificate
Step 1: Create a Certificate request.
This is relatively easy. you just need to follow a few simple steps. We like to use the Exchange Management Shell it makes us look more professional!
So open this console and let’s create a new Certificate request
The command you want to enter is:
New-ExchangeCertificate -GenerateRequest -Path c:\names.domain.co.uk.csr -SubjectName “c=gb, c=your location, o=Your Organization, ou=Your Department, cn=Your email address” -PrivateKeyExportable $True
So this will generate a Certificate Request NOT the certifcate.
Now go to the path where you saved the request to (in the above example, we created a file called names.domain.co.uk.csr on the C:\
Open it with Notepad
Highlight the whole content starting from and including ———Begin new certificate Request— and up to and including —– End new certificate Request———-
That’s the hard bit done.
Stage 2 – Create the Certificate from the request
Open up a browser and in the Address line enter
http://localhost/certsrv
Select REQUEST CERTIFICATE
Click on ADVANCED CERTIFICATE REQUEST
Click on SUBMIT A CERTIFICATE REQUEST BY USING A BASE-64-ENCODED CMC OR PKCS……. (it’s quite a long link but you know it when you see it)
Now remember that jumble of letters and numbers we copied from notepad earlier? Just paste it in the Saved Request area you should now see.
Certificate Template keep as Web Server
Click on SUBMIT
On the next page keep it DER ENCODED and click on DOWNLOAD CERTIFICATE and save is somewhere convenient on your server.
Final Stage
Double click on the Certificate and select INSTALL and install it to the…..??? You guessed it. the Personal Store.
That’s it. Your error will go and your Exchange will be back up and running.