Exchange 2007 12018 and 12017 Certificate errors

This can occur and a handful of these seen for a number of reasons. Some of this depending of the cert is generated from an internalCA or externally.

The Exchange generated certs last one year from creation so we are seeing a few people hitting this around now.  

Obviously the first step should be to run "New-ExchangeCertificate" to renew the nearly expired cert.

(https://technet.microsoft.com/en-us/library/aa998327(EXCHG.80).aspx) and https://technet.microsoft.com/en-us/library/bb851554(EXCHG.80).aspx talk about this in excellent detail with the syntax for doing this.

NOTE:

When running New-ExchangeCertificate you may find that if you are renewing a cert with IIS, POP,IMAP and SMTP that IIS doesnt renew.

To get around this you will need to use the  -services switch with New-ExchangeCertificate to add IIS. 

 

Another occurence we have seen of this is if the cert isn't enabled for SMTP.

Doing a "Get-ExchangeCertificate |fl" and look for the relevant Thumbprint referred to in the event. Then if we look at Services we can see if SMTP is in there...