Saturday, November 27, 2010

Exchange 2007 Reports Application Error 12017 - Expiring Certificate

Thankfully, we proactively monitor application errors, so we caught this before caused problems. If you see this, open the Exchange PowerShell environment and run this command to see the certificate expiration dates:
get-exchangecertificate | fl
The system will respond with the names of the certificates on the system. Review each one and get the following info:
  • thumbprint of the certificate that’s about to expire
  • the services assigned
  • the certificate domains
Then, create a new certificate and disable the old one with PowerShell as follows:
new-exchangecertificate –confirm –domainname [certificate domains separated by a comma] –keysize 2048 –services [place the assigned services in quotes separated by a comma]
enable-exchangecertificate –thumbprint [thumbprint value] – services none
Want more info? Check out MS TechNet here.

1 comment:

MJ said...

Does anyone have any idea as to how early Event ID 12017 pops up before the certificate expires? All of the examples I have seen are around 300 hours. What would be the time-frame trigger?