I am in the final stages of a 2007->2013 migration that has gone very well. I was just about to move my Send Connector over to the Exchange 2013 side when my monitors alarmed that "Transport.ServerCertMismatch.Monitor" had gone unhealthy.
There is not a whole lot of information out there, but I did find this in each of the MBX logs:
Microsoft Exchange could not find a certificate that contains the domain name mail.domain.com in the personal store on the local computer. Therefore, it is unable to support
the STARTTLS SMTP verb for the connector Internet e-mail with a FQDN parameter of mail.domain.com. If the connector's FQDN is not specified, the computer's FQDN is used. Verify the connector configuration and the installed certificates to make sure that there
is a certificate with a domain name for that FQDN. If this certificate exists, run Enable-ExchangeCertificate -Services SMTP to make sure that the Microsoft Exchange Transport service has access to the certificate key.
I checked my SAN and I do have mail.domain.com in it. I also confirmed that the Send Connector was using mail.domain.com as its HELO/EHLO reply. I have cycled the service and that did not seem to help either. Mail will still flow in my testing, but I do not like unhealthy statuses so I would prefer to fix it.
Thoughts?
