Self-Issued Security Certificate has expired on Windows SBS 2008

I came across this issue today with a client where all their Outlook clients were reporting that the server security certificate had expired.

Outlook errors with a notice of two out of three ticks like this image:

As mentioned, I found this to be the case with all clients in the organisation. Looking on the server it was all reporting the same thing (SBS Console > Network > Connectivity > Certificate > Properties )

To fix this issue:

  1. Logon on to your SBS Server.
  2. Open the SBS Console
  3. Go to Network > Connectivity tab
  4. On the right-hand side, click on "Fix My Network"
  5. Run through the wizard, and it will detect the expired certificate and issue a new one.

The Official SBS Blog - TechNet Blogs


  1. This worked perfect! Thanks so much...I have been trying to figure out how to fix this for the past few days.


  2. It works! Thank you so much.

  3. Thanks this worked for me. I had to do this remotely and was unsure if I was going to lose connection.

    All went well.

  4. Simple to do, fast, and it worked, thank you very much !

  5. Great stuff!!! This really worked well. Thank you very much for sharing !!

  6. Great TID... thanx for sharing the easy solution

  7. Brilliant Daniel!...thanks so much for sharing you saved my headache!
    All the best

  8. Thank You for posting this solution. Why can't Microsoft publish something that is as clear and simple? And solves the problem straight away. A few years ago I spent hours involved with reissuing a certificate - and this was all I needed - so thanks again.

  9. thanx for the tip that really helped.

    here's something i noticed afterwards. i went through the event logs and found event 12016 generated by MSExchangeTransport that states:

    There is no valid SMTP Transport Layer Security (TLS) certificate for the FQDN example.dom. The exisiting certificate for that FQDN has expired. The continued use of that FQDN will cause mail flow problems. A new certificate that contains the FQDN of example.dom should be installed in this server as soon as possible. You can create a new certificate by using New-Exchange Certificate task.


    1. You can use the IIS method to also generate the new SSL, however on the SBS wizards have been developed to make sure that all relevant sections are updated as necessary.

      Thanks for the comment.

  10. Thank you. This is a quick and fast solution. I asked some friend and noone could tell me what to do except.... oh... difficoult... have to look into that and would take some time ....
    Could have had the idea using the wizard by myself ;)
    Thanks again :)

  11. do i just delete expired certificates still in list in exchange 2010 after i run fix my network

  12. do i just delete expired certificates still in list in exchange 2010 after i run fix my network

    1. This is not necessary. Once the new certificate is in place and working, the old certificates are right to remain there.

  13. Great job! i read this blog, this blog is very helpful for me... i like this post and i feel very happy to read this article...
    More info:- Windows Live Mail Technical Support

  14. Thanks for this. It worked without a hitch and has just saved me hours of hassle.


Post a Comment

Popular posts from this blog

Office 365 ScanPST to fix corrupted Outlook files

Deleting Office 365 Tenant

PowerShell: Download and Install Java 8 JRE