This Error event occurs when Microsoft Exchange detects that the Transport Layer Security (TLS) certificate (also referred to as an internal transport certificate) that this computer uses for Exchange Server authentication is not published to Active Directory. Specifically, Exchange detected that the version of the certificate located on the server that is running Exchange is more current than the version of the certificate published to Active Directory.

This error may occur if the following conditions are true:

• The Enable-ExchangeCertificate cmdlet was not run after the new certificate was installed.
  
  
• The certificate update has not yet been replicated to the domain controller that the Exchange server uses after the Enable-ExchangeCertificate cmdlet is run.
  
  
• The Enable-ExchangeCertificate cmdlet did not update the certificate information in Active Directory.
  
  

To resolve this error, do the following:

• If you did not run the Enable-ExchangeCertificate cmdlet after you installed a certificate, run the cmdlet now.
  
  
• If you did run the Enable-ExchangeCertificate cmdlet after you installed a certificate, wait for Active Directory replication to occur. If the issue persists beyond the Active Directory replication latency configured for your organization, run the Enable-ExchangeCertificate cmdlet again.
  
  

For more information, see Create a New Exchange Certificate and Enable-ExchangeCertificate.

If you are not already doing so, consider running the Exchange tools created to help you analyze and troubleshoot your Exchange environment. These tools can help make sure that your configuration aligns with Microsoft best practices. They can also help you identify and resolve performance issues, improve mail flow, and better manage disaster recovery scenarios. To run these tools, go to the Toolbox node of the Exchange Management Console. To learn more about these tools, see Managing Tools in the Toolbox.