Forum Discussion
Microsoft Exchange refers to an older certificate that no longer exists, ID 12023.
We have one Microsoft Exchange 2013 server. The Windows Application log periodically displays the ID 12023 entry, which states that Microsoft Exchange could not load the certificate with the thumbprint 3E8XXXXXXXXXXXXXXXXXXXXXXXXXXXX from the local computer's personal certificate store. This certificate was deleted because it expired, and a new self-signed Auth certificate was created. Now, when running the Get-AuthConfig | Format-List CurrentCertificateThumbprint, PreviousCertificateThumbprint, NextCertificateThumbprint command, only the current certificate is displayed. The Microsoft Exchange 2013 server is running. The question is, what should I do to remove the ID 12023 entry from the Windows Application log?
1 Reply
Hi Olex123411, it sounds like you have an orphaned certificate in the server's certificate store. You can check this by running the following PowerShell command on the server:
Get-ChildItem Cert:\LocalMachine\Root\* | ft -AutoSizeIf you see a certificate with the matching thumbprint, that is your culprit. You can then open certmgr.msc and remove the certificate from the server, which will correct the issue and stop the events from being logged.
That said, Exchange Server 2013 has been out of support for quite some time, and it is now persistently vulnerable, representing a significant security risk to your organization and its data. I strongly recommend moving to a newer platform (e.g., Exchange Online or Exchange Server SE) and decommissioning the Exchange Server 2013 system ASAP.
Hope this helps!
