The above Event ID 24 alert is generated with source as “MSExchange Web Services”. Its an error for an expired certificate in the Organization. The event wont cause any service outage, since there must be a renewed certificate in place. The article is to share on how to remove the expired certificate.
Applies to : Exchange Server 2010
In figure 1 the event says that the certificate is expired.
In Manage Federation Certificate you will see the Previous Certificate with date as Expired as shown below.
In figure 2 we can see Previous Certificate with date matches the one which is in Event ID 24. Removing the previous certificate will give you an error “Active Certificates in use by Federation cannot be removed”
Active Certificates in use by Federation cannot be removed error while trying to remove using EMC.
Now to remove the Expired certificate please follow the steps as listed here.
Open local certificate store as follow Go to Start >> Select Run >> Type MMC >> Select File and Select Add-remove snap-ins >> In available snap-ins >> Select Certificates >> Click Add >> Computer Account >> Local Computer >> Finish
Now select Personal Store and locate the expired certificate. To confirm check the thumbprint and compare it.
In figure 6 select the Expired Cert and click open to check the thumbprint. Once confirmed it is safe to delete the expired cert as shown below.
After deletion refresh EMC under Server Configuration and wait for few seconds. You will see the expired cert is now deleted. But to confirm again go to Organization Configuration and under Manage Federation select the option “Show Distribution State” as shown below.
In figure 8 Show distribution State shows the “Distribution Status” as Installed: 15: Uninstalled: 1: Unreachable: 5
Now that we had removed the cert from one server we are able to see the status as shown above.
Please Note: It may take few minutes to show the data in “Show Distribution State”.
Hope it helps to get rid of the event ID and the Expired Certs.