We have many servers running SBS 2011 standard. On one particular server (which just passed the three year mark this past weekend) we are seeing MSExchangeTransport Event ID 12015 and 12016, telling us that an internal transport certificate has expired.
Based upon research, using the Get-ExchangeCertificate command, I have found that there are five different thumbprints indicating certificates. We currently have a commercial 5 year cert for the web user interface and AD synchronization.
Looking at the results of Get-ExchangeCertificate | fl, I can see that the first certificate (server.domain.local) goes from 4/10/2014 to 4/10/2015, the second (remote.domainname.com) goes from 8/16/2011 to 8/16/2016 (this is the commercial cert), the third goes from 8/15/2011 to 8/12/2021, the fourth (this is the thumbprint referenced in the 12015 error) goes from 8/15/2011 to 8/14/2013 and the fifth goes from 8/15/2011 to 8/14/2013.
Reviewing the event log shows that the fifth certificate (also expired) is never referenced.
Several accepted answers on technet and other sites show that running Fix My Network will correct the problem, but running FMN on this server just shows me that my DHCP server is not running (which it is) and it wants me to create a static IPv6 address (which it did not accomplish.)
What is the best way to fix a problem where important self-signed certificates expire after only two years?
Randy
MCP SBSC
![Robert Priest - People Like You and Me (2024) [Hi-Res]](http://www.dibpic.com/uploads/posts/2025-07/1751805912_lhttl01vuwv8a_600.jpg)
