Solved

Cant Send External Emails after SSL Certificate Update (Receive is fine)

Posted on 2006-10-27
13
290 Views
Last Modified: 2010-08-05
Can't send emails from exchange.  We just changed our SSL certificate.  Does anyone know if this would effect send emails?

We can send and receive internally.  We can receive from the outside. Internet access is fine.

Event log is not showing any obvious errors.
0
Comment
Question by:Dennis_Atkins
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 7
  • 6
13 Comments
 
LVL 104

Expert Comment

by:Sembee
ID: 17819751
Did you attempt to put the certificate on to the SMTP virtual server? An SSL certificate should have nothing to do with email delivery - they are on separate virtual servers.

Simon.
0
 

Author Comment

by:Dennis_Atkins
ID: 17819823
Certificate was only applied to the Default Web Site under IIS.  I have contacted our provider to check.

Also getting a token 80090308 error on the Public Folders directory in ESM.  Is this related?

Dennis
0
 
LVL 104

Expert Comment

by:Sembee
ID: 17819866
Public Folders access through ESM is done through ESM, so that could be causing a problem.
Ensure that REQUIRE SSL is not enabled on /exchange, /exadmin, /exchweb and /public virtual directories in IIS Admin. If it is enabled, disable it and then close the IIS manager. Drop in to a command prompt and type

iisreset

That ensures the change is written to the IIS metabase.

When you try to send email what happens?

Simon.
0
Get your Conversational Ransomware Defense e‑book

This e-book gives you an insight into the ransomware threat and reviews the fundamentals of top-notch ransomware preparedness and recovery. To help you protect yourself and your organization. The initial infection may be inevitable, so the best protection is to be fully prepared.

 

Author Comment

by:Dennis_Atkins
ID: 17820296
Check SSL on the Virtual Directories.  All were fine.  Ran iisreset anyway.  Stop and Restart OK.

When a user sends a message it seems to go OK.  Email moves to the sent folder and no errors are reported or bounced back.  Our service provider (BellSouth) was able to test our domain and send emails from it.

It definitally seems to be our Exchange box.

How about a reboot????

Dennis
0
 
LVL 104

Expert Comment

by:Sembee
ID: 17820691
Are the messages sitting in the queues?
What does message tracking say?

Simon.
0
 

Author Comment

by:Dennis_Atkins
ID: 17826279
Did a reboot just in case - no change

Messages are sitting in the queues.  

Tracking on a sample message indicates these events:
SMTP submittal, advance queue, categorizer, queued for routing, queued for remote delivery at 12: 30pm
The whole process shows repeated again at 12:40 pm

User are now getting delayed deliver notices.
0
 

Author Comment

by:Dennis_Atkins
ID: 17826773
Also getting "smtp could not connect to any DNS server" for each queue.  Our provider did just change DNS hosts.  I corrected the DNS under the SMTP virtual directory.

Is there any place else it needs to be changed?
0
 
LVL 104

Expert Comment

by:Sembee
ID: 17826944
You shouldn't have DNS settings on the SMTP virtual server. Remove them from there.
Check the DNS settings in the DNS Server applet on your domain controllers. The best practise configuration is to use forwarders set in the DNS server applet.

Simon.
0
 

Author Comment

by:Dennis_Atkins
ID: 17833305
Forwarders are already set in the DNS Server.  I found the "old" DNS numbers hidden under the SMTP virtual server.  They have been there since the Exchange server was setup a few years ago by a contracted data company.

Since changing the numbers under the SMTP Virtual server, all is working fine.  I would like to avoid this in the future.

If I remove the DNS info from the SMTP Virtual Server will it default to using the info from our DNS server?

Dennis
0
 
LVL 104

Accepted Solution

by:
Sembee earned 500 total points
ID: 17833407
If you remove the DNS servers from the SMTP virtual server, then Exchange asks its host machine to find the DNS information that it needs...

So the DNS request will be local machine, domain controllers, forwarders, internet.

That is how Exchange is designed to work - I never configure DNS servers on the SMTP virtual server.

Simon.
0
 

Author Comment

by:Dennis_Atkins
ID: 17833555
Thanks for the info.  I will give it a try today and let you know.

Any thoughts on why Exchange would have been set this way to begin with?
0
 
LVL 104

Expert Comment

by:Sembee
ID: 17833576
No idea. However I see lots of stupid things done to Exchange that nothing surprises me any more. There are lots of people out there who think they know Exchange but don't have a clue. They can get it to work, but it comes back and bites them (or more often, their client) later on.

Simon.
0
 

Author Comment

by:Dennis_Atkins
ID: 17893467
Finally removed the embedded DNS info in Exchange.  All is working fine.  Thanks for the help!!!
0

Featured Post

Are your AD admin tools letting you down?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Find out what you should include to make the best professional email signature for your organization.
Read this checklist to learn more about the 15 things you should never include in an email signature.
This video discusses moving either the default database or any database to a new volume.
There are cases when e.g. an IT administrator wants to have full access and view into selected mailboxes on Exchange server, directly from his own email account in Outlook or Outlook Web Access. This proves useful when for example administrator want…
Suggested Courses

636 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question