Exchange 2016 - Event ID 12017, MSExchangeFrontEndTransport & MSExchangeTransport
Exchange 2016 Certificate Expiry
In this article we cover the following:
- Exchange Certificate that is about to expire.
Exchange 2016 Certificate that is expiring or has expired:
On your Exchange 2016 Server, you might see the following errors say that a certificate is about to expire or has already expired. You should see Event ID 12017 Logged:
https://collaborationpro.com/wp-content/uploads/2017/07/cert-expiring1.png
https://collaborationpro.com/wp-content/uploads/2017/07/cert-expiring2.png
We can check which certificate this is in Exchange 2016 by running the following command from the Exchange Management Shell on the server that is logging this warning:
- Get-ExchangeCertificate | fl Thumbprint,Subject,Services
https://collaborationpro.com/wp-content/uploads/2017/07/cert-expiring3.png
In this case, this expiring certificate handles the following services: IIS and SMTP
Renew SSL Certificate in Exchange 2016
To renew the certificate you can use the EMC or the EMS. You can use the Exchange Management Shell and run the following command and provide the .req file to the certificate authority like DigiCert or GoDaddy:
- Get-ExchangeCertificate -Thumbprint "<ThumbPrint of expiring cert>" | New-ExchangeCertificate -GenerateRequest -RequestFile \Server\CertRenewal.req
- Once the command has run confirm that the .req file was created on the server specified.
- Once your provider generates the new certificate you can then complete the request.
Assign Services to the new Certificate
Once the new certificate installation has completed we can now assign services to it. In the same EMS window run the following command:
- Enable-ExchangeCertificate -thumbprint “<ThumbPrint of new Certificate>” -services IIS,SMTP
You can open up IIS and remove the old certificate.