I am configuring exchange 2007 servers in multiple 3 physical locations that are in the same active directory domain. We will call the locations as SiteA, SiteB and SiteC.Each site has a single exchange server running the Mailbox, CAS and Hub Transport roles. Only one site is allowed to send/receive internet mail (SiteA). A send connector has been configured to use the server in SiteA for outbound internet mail.
The active directory domain name is CompABC.corp.local
The SMTP domain used for emails is CompXYZ.com
This company is a subsidiary of a larger organization called CompXYZ
For legal reasons, CompABC is NOT permitted to use the name CompXYZ do we had to purchase an SSL certificate with the name CompABC as opposed to CompXYZ so now we cannot use AutoDiscover and so forth, which is not an issue.
We have reverse PTR records configured on the internet for the server but whenever it sends out emails the emails come from Hub01.CompABC.Corp.local so some organizations reject the mail. What we did was specify the FQDN of Hub01.CompXYZ.com on the send connector and mail flow is working fine but we are receiving the following error in the application log:
Event Type: Error When i use get-exchangecertificate, i get 2 certs returned. the first has the FQDN of hub01.compabc.corp.locl and the other is hub01.compabc.com
Event Source: MSExchangeTransport
Event Category: TransportService
Event ID: 12014
Microsoft Exchange couldn't find a certificate that contains the domain name mail.domain.com in the personal store on the local computer. Therefore, it is unable to offer the STARTTLS SMTP verb for any connector with a FQDN parameter of mail.yourexchange.com.au. Verify the connector configuration and the installed certificates to make sure that there is a certificate with a domain name for every connector FQDN
I understand that this error is being generated because there IS no certificate that has that name on it but my question is can I create a new self-signed certificate with the name hub02.compxyz.com using the New-ExchangeCertificate command and if so how? WIll this cause an issue with the mail flow between the Hub transport servers in the other locations?
Thank you in advance.
Ibrahim Benna - Microsoft Exchange MVP