This Error event indicates that the certificate that is used for direct trust authentication with other Microsoft Exchange servers on this computer cannot be found. Direct trust means that Microsoft Exchange Server 2010 uses a trusted store, such as Active Directory or Active Directory Lightweight Directory Services (AD LDS) directory service. Direct trust also means that the presence of the certificate in the store validates the certificate. When you subscribe an Edge Transport server to the Exchange organization, the Edge Subscription publishes the Edge Transport server certificate in Active Directory for the Hub Transport servers to validate. The Microsoft Exchange EdgeSync service updates AD LDS with the set of Hub Transport server certificates for the Edge Transport server to validate.

The transport server that returned this error is configured to use a specific certificate, which is identified by the Thumbprint field on the certificate. The certificate that has been configured for this server no longer exists in the computer personal certificate store, or if it does exist, it is not enabled for SMTP.

To resolve this error, you must search the computer's personal certificate store to determine whether the certificate exists. Open the computer's personal certificate store, open each certificate, and compare the Thumbprint value on each certificate to the Thumbprint value that was returned with this error.

For more information about how to use the Microsoft Management Console (MMC) to open and view certificates in the computer's personal certificate store, see "Step 1: Add Certificate Manager to the Microsoft Management Console" in Test PKI and Proxy Configuration.

• If the certificate exists, you must enable the certificate for SMTP by running the Enable-ExchangeCertificate cmdlet. For more information about how to enable the certificate for SMTP, see Enable-ExchangeCertificate.
  
  
• If the certificate does not exist, you must use the New-ExchangeCertificate cmdlet to create a new internal transport certificate on the computer that returned this Error event. Running the New-ExchangeCertificate cmdlet with no parameters creates an SMTP-enabled internal transport certificate for direct trust. For more information, see New-ExchangeCertificate.
  
  
• If this error occurred on a Hub Transport server, you must create the internal transport certificate on the Hub Transport server where the error occurred. After you have created the certificate, restart the Microsoft Exchange EdgeSync service to update the certificate information on the Edge servers that are subscribed to the organization.
  
  
• If this error occurred on an Edge Transport server, you must create the internal transport certificate on the Edge Transport server where the error occurred. After you have created the certificate, re-subscribe the Edge Transport server to the Exchange organization to update the certificate information in Active Directory.
  
  
• If you are not running the Microsoft Exchange EdgeSync service, you must manually update the certificate. For more information, see Configure Mail Flow Between an Edge Transport Server and Hub Transport Servers Without Using EdgeSync.
  
  

If you are not already doing so, consider running the Exchange tools created to help you analyze and troubleshoot your Exchange environment. These tools can help make sure that your configuration aligns with Microsoft best practices. They can also help you identify and resolve performance issues, improve mail flow, and better manage disaster recovery scenarios. To run these tools, go to the Toolbox node of the Exchange Management Console. To learn more about these tools, see Managing Tools in the Toolbox.