How To Troubleshoot Starttls Certificate Error 12014

1. Open the Start menu on the Windows server running Exchange and type 'PowerShell.' Right-click 'PowerShell' and choose 'Run as Administrator.'
2. Enter your administrator password if prompted, otherwise click 'Yes' to grant administrative permissions.
3. Type 'Get-ExchangeCertificate | FL *' to retrieve the exchange certificate. Press 'Enter.'
4. Type 'Get-ReceiveConnector | FL name, fqdn, objectClass' and press 'Enter' to see the information stored in the Receive Connector.
5. Type 'Get-SendConnector | FL name, fqdn, objectClass' and press 'Enter' to see the SendConnector's configuration.
6. Review the output for the previous three commands. If the 'CertificateDomains' parameter on any command does not list a domain name, also known as an FQDN, you must generate a new certificate using Microsoft's TLS Certificate Request instructions (see Resources). If you do have a domain name in each section, proceed to the next step.
7. Look at the 'Services' value in each command's output. If the services value does not say 'SMTP,' your certificate is not activated for Exchange email and must be configured for it following Microsoft's 'Enable-ExchangeCertificate' instructions (see Resources).