Details
Product:Exchange
Event ID:12019
Source:MSExchangeTransport
Version:8.0
Symbolic Name:RemoteInternalTransportCertificateExpired
Message:The remote internal transport certificate expired. Certificate subject: %1.
   
Explanation

This Error event indicates that the certificate that is used for internal trust on the remote computer will expire soon. The fully qualified domain name (FQDN) of the remote computer is returned with this Error event (Certificate subject). Internal trust means that Microsoft Exchange Server 2007 uses a self-signed certificate for encryption. Internal refers to the fact that the data paths are between Exchange 2007 servers and within the corporate network that is defined by Active Directory.

When you subscribe an Edge Transport server to the Exchange organization, the Edge Subscription publishes the Edge Transport server certificate in Active Directory for the Hub Transport servers to validate. The Microsoft Exchange EdgeSync service updates ADAM with the set of Hub Transport server certificates for the Edge Transport server to validate.

   
User Action

To resolve this error, you must use the New-ExchangeCertificate cmdlet to create a new internal transport certificate on the remote computer. Running the New-ExchangeCertificate cmdlet with no arguments creates a Simple Mail Transfer Protocol (SMTP)-enabled certificate for direct trust. For more information, see New-ExchangeCertificate.

If the remote computer is a Hub Transport server, you must create the internal transport certificate on that Hub Transport server. After you have created the certificate, restart the Microsoft Exchange EdgeSync service to update the certificate information on the Edge Transport servers that are subscribed to the organization.

If the remote computer is an Edge Transport server, you must create the internal transport certificate on that Edge Transport server. After you have created the certificate, resubscribe the Edge Transport server to the Exchange organization to update the certificate information in Active Directory.

If you are not running the Microsoft Exchange EdgeSync service, you must manually update the certificate. For more information, see Configuring Mail Flow Between an Edge Transport Server and Hub Transport Servers Without Using EdgeSync.

If you are not already doing so, consider running the tools that Microsoft Exchange offers to help administrators analyze and troubleshoot their Exchange environment. These tools can help you make sure that your configuration is in line with Microsoft best practices. They can also help you identify and resolve performance issues, improve mail flow, and better manage disaster recovery scenarios. Go to the Toolbox node of the Exchange Management Console to run these tools now. For more information about these tools, see Toolbox in the Exchange Server 2007 Help.