'The Server does not support a SSL conncetion' Mail client with Exchange 2010

Status
Not open for further replies.
G

Gagwithgaffer

Gents, I have a UC Cert installed into exchange 2010, I have also double checked that SMTP as well as IMAP services are assigned to the certificate. For some reason if I enable the tick box 'This server requires a secure connection (SSL)' for my outgoing mail within the mail client, then the mail client fails to connect to my Exchange Server.

Could someone possibly tell me why this is? I have now tried this with two seperate UC Certs.

The SSL connection ticked for my incoming mail on IMAP port 993 works ok.
 
S

Sembee [MVP]

Ensure that the host name that you are using for the server matches the common name on the SSL certificate, not one of the additional names. Although if possible, use Outlook and Outlook Anywhere. All other clients should only be used if Outlook is not available (Linux for example).

Simon.

Simon Butler, Exchange MVP
Blog | Exchange Resources
 
G

Gagwithgaffer

I tried to create a new receive connector in Exchange GUI for port 465 (SMTP SSL) on all available IPv4. Then set the authentication allowed for all methods and permisssion groups. This time if I try and send mail, i get the task message window come up saying it is connecting, no error is reported but it still never connetcs and the progress bar never moves. I can confirm the outgoing server address field (in mail client settings) is the same as the primary domain name on my UC Cert.

Can you add other ISP mail accounts to outlook anywhere?

Thanks
 
S

Sembee [MVP]

You shouldn't need to create a new Receive Connector, unless you have removed the ones creates by setup. Exchange 2010 creates two connectors - a default one (for external email) and a client one (designed for sending email via SMTP over SSL, aka TLS).

You can add other ISP accounts with Outlook Anywhere, you would have to create the Exchange account first. However do be aware that will store the other ISP email in with your Exchange email by default. In networks that I manage, adding personal accounts to Outlook is not allowed. If you want to use a personal account then you use a web mail service, Outlook Express or Windows Live Mail.

Simon.

Simon Butler, Exchange MVP
Blog | Exchange Resources
 
G

Gagwithgaffer

Hi

I can confirm i have not removed the 'default' or 'client' receive connectors that came as default. I have tried further testing between the mail client and exchange.

Within mail client account settings, I have assigned my outgoing mail server as port 587 and selected 'my outgoing server requires authentication' using 'same settings as my incoming mail server' which is basically using 'log on using secure password authentication' That works fine but again i find that as soon as i tick the box 'this server requires a secure connection - SSL) then i get the error message saying my server does not accept a SSL connection. I have no idea why this won't work. I have obviously ensured that within the receive connector authentication settings that 'Transport Layer Security TLS' is enabled in addition to 'integrated windows authentication'

Ol
 
S

Sembee [MVP]

Why did you change the Client Receive Connector configuration? That isn't necessary. The client configuration is suitable for most deployments without any changes. Remember if you do make changes you should also restart Transport Service for them to take effect.

You cannot use Integrated Windows Authentication for TLS because that is a Windows only protocol, so that should not be enabled. SMTP is a basic (plain text) protocol, which SSL simply secures, in much the same way that HTTP and HTTPS works. Therefore the default settings would be fine.

The most common reason why it doesn't work is something getting in the way. Firewall or file based AV that is intercepting the SMTP traffic.

Simon.

Simon Butler, Exchange MVP
Blog | Exchange Resources
 
G

Gagwithgaffer

It's not my firewall, prooved that already, i tried reinstalling a default client receive connector with default settings but still no joy.

I come to the conclusion that exchange simply isn't registering the fact i have enabled TLS despite restarting the transport service several times. I dont know what you mean by a file based AV. I think if something was getting in the way would i not receive a different kind of error message rather than it just saying the server wont support a ssl connection? I have been testing this all on the same LAN or live mail client on the same machine as exchange, surely that isn't anything to do with it. Just to note I am using live mail for this as I want sync with my other accounts including hotmail. All my other machines are windows 7 so dont have a choice of client either way. Perhaps i need to try and reinstall the hub transport role in case something is corrupt, i'd rather not if can avoid it though.
 
S

Sembee [MVP]

File level AV is software that scans the file system, which you would have on all servers, workstations etc. Many of them will try to scan SMTP traffic.

You can verify if the server will accept secure connections via telnet.

telnet server 587

(where server is the name of your server).
Then type

ehlo

A list of commands will be returned. One of them should be starttls:

220 host.domain.local Microsoft ESMTP MAIL Service ready at Mon, 20 Dec 2010 22:49:19 +0000
ehlo
250-wrks.domain.local Hello [192.168.3.11]
250-SIZE 10485760
250-PIPELINING
250-DSN
250-ENHANCEDSTATUSCODES
250-STARTTLS
250-AUTH GSSAPI NTLM
250-8BITMIME
250-BINARYMIME
250 CHUNKING

If you get anything else then something is inteferring.

Simon.

Simon Butler, Exchange MVP
Blog | Exchange Resources
 
G

Gagwithgaffer

Hi,

I opened up the client telnet app on an adj machine, typed in 'telnet server 587' (server is actually the name of my server machine) and then i hit enter.

Telnet line then comes up saying 'Invalid Command. type ?/help for help'
 
S

Sembee [MVP]

If you started telnet, then you just enter

open servername 587

If you are starting telnet from a command prompt (I never start telnet first) then I just enter telnet servername 587

Simon.

Simon Butler, Exchange MVP
Blog | Exchange Resources
 
Status
Not open for further replies.
Top