Exchange Server is a mail server and is enable a user to send or receive e-mails through network. When you send an email exchange uses TLS (Transport Layer Security) to send that email and it requires a certificate that has domain name that matches the FQDN on the send connector and receiver connector. If any how exchange is unable to find that certificate or the certificate does not contains the particular domain name in its library.
This error occurs in Microsoft Exchange Server when exchange does not finds the registered domain name in certificate then the transport server shows exchange transport error event 12014 with description message in application event log of CAS/HUB Transport/Edge Server and then you need to resolve this error and then send email. If a server wants send email then you need to specify three condition which is given below.
If any one of the requirement will not meet the requirement then exchange will display the following error code with description message.
| Log Name | Application |
| Source | MSExchangeTransport |
| Date | 10/3/2016 2: 36: 54 PM |
| Event ID | 12014 |
| Task Category | Transport Service |
| Level | Error |
| Keywords | Classic |
| User | N/A |
| Computer | Compaq |
Description: -
"Microsoft Exchange is not able to find a certificate that contains the domain name as mail.domainname.com in the personal store on the local computer. Therefore, it is unable to offer the STARTTLS SMTP verb for any connector with a FQDN parameter of mail.domainname.com to verify the connector configuration and then installed certificates to make sure that there is a certificate with a domain name for every connector FQDN."
If you want to fix this error then you need to add domain name in the certificate then reconfigure the offending connector to use the common name alternative name used on the exchange server. Run the PowerShell command which is given below.
First check the send and receive connector FQDN using Get-SendConnector and Get-ReceiveConnector commands on cmdlet.
Get-SendConnector | fl fqdn
Then check the listed name on certificate run the commands.
Get-ExchangeCertificate | fl CertificateDomains
If the list does not contain the domain name which you want to use then you will need to either modify the FQDN Connector or Generate a New Certificate with appropriate name to resolve this issue.
There is requirement to make sure that the certificate used on your Hub or Edge transport server has the SMTP service is enabled and to check this run the command given below.
Get-ExchangeCertificate | fl thumbprint, services
If the SMTP service is not enable then run the command given below to enable SMTP service.
Enable-ExchangeCertificate -Thumbprint 87E2548BDB32D8E40D8CF552199156F3C117DCAB -Services IMAP, POP, IIS, SMTP
Then use the updated SSL certificate means which contains the domain name which you have inserted in the certificate and then check the status is valid or not by running the command given below.
Get-ExchangeCertificate | fl thumbprint, status, notafter
The output will show the status of certificate you can perform the same steps when the certificate is expired then you are suggested to renew the certificate.
Conclusion
I have tried to discuss the error Microsoft exchange could not find a certificate that contains the domain name exchange in quite simple and I hope this effort will help you to understand this error.