Solved

SSL on virtual smtp server

Posted on 2009-03-31
7
1,347 Views
Last Modified: 2012-05-06
I have one front end exchange 2003 server with 2 virtual smtp servers, virtual smtp server "A" and "B", all on the same frontend server. Both virtual smtp servers are running normally and event logs are clear of warnings or errors. (thank god)
A: virtual smtp server running on port 25
B: (NEW) virtual smtp server running with a new godaddy SSL certificate on port 465.
Everything is working normally on "A", the issue I have it's with "B". I'm using outlook to test this newly created virtual smtp server, and I'm getting this error
your outgoing smtp server does not support SSL secure connections 0X8000ccc7d. I have gone over the settings on virtual server B many times.
I have checked the box for require secure channel and require 128bit encryption and restarted smtp server service, is there anything else I'm missing, I thought this would be straigh forward. Any help is appreciated

Question:

Do I need to create a new virtual smtp server on my exchange backend server on port 465? so that the frontend server can communicate with the backend?

Thank you,
Delmiro
0
Comment
Question by:Delmiroc
  • 5
  • 2
7 Comments
 
LVL 65

Accepted Solution

by:
Mestha earned 500 total points
ID: 24039374
You don't need to enable the option to require SSL channel or 128bit. The fact that the certificate is there at all is enough.

If you telnet to that port and then type ehlo, is StartTLS in the command list?

Simon.

0
 
LVL 1

Author Comment

by:Delmiroc
ID: 24039736
I'm using the telnet command from internet into the exchange server and get this.

220 mail.gainesville.infiniteenergy.com Microsoft ESMTP MAIL Service, Version: 6.0.3790.3959 ready at  Wed, 1 Apr 2009 10:40:11 -0400
starttls
503 5.5.2 Send hello first

Should I not have these boxes checked ? for require secure channel and 128-bit encryption?  


SMTPSSLServer.JPG
0
 
LVL 65

Expert Comment

by:Mestha
ID: 24039765
You have to do exactly as I stated.

so telnet host.example.com 25
Then type

ehlo

and you get a list of commands that the server will accept.

The two options do not have to be enabled to use SSL. All they do is REQUIRE SSL.

Simon.
0
PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

 
LVL 1

Author Comment

by:Delmiroc
ID: 24039860
my virtual SSL smtp server "B" is set to on port 465, I thought we would do
telnet exchange.mydomain.com 465 ? right? anyhow I get the same results on port 25 and 465

220 myexchange.mydomain.com Microsoft ESMTP MAIL Service, Version: 6
.0.3790.3959 ready at  Wed, 1 Apr 2009 10:54:25 -0400
ehlo
250-myexchange.mydomain.com Hello []
250-TURN
250-SIZE
250-ETRN
250-PIPELINING
250-DSN
250-ENHANCEDSTATUSCODES
250-8bitmime
250-BINARYMIME
250-CHUNKING
250-VRFY
250-TLS
250-STARTTLS
250-X-EXPS GSSAPI NTLM LOGIN
250-X-EXPS=LOGIN
250-AUTH GSSAPI NTLM LOGIN
250-AUTH=LOGIN
250-X-LINK2STATE
250-XEXCH50
250 OK

what else should I check? let me know


Thank you Simon,
Delmiro
0
 
LVL 1

Author Comment

by:Delmiroc
ID: 24040042
I do not know how, but I sent another test through outlook just know and it worked! I will tested again from another machine on the internet just to make sure. I have not changed any settings yet, I'm not sure why it was not working at the begining. I want to test it some more before I give it the clear.

I will let you know after I test it again.

Thank you Simon for helping.
0
 
LVL 1

Author Closing Comment

by:Delmiroc
ID: 31565118
When I unselected these boxes, I got no error messages on any of the machines I tested this with. Thank you for pointing this out.

Delmiro
0
 
LVL 1

Author Comment

by:Delmiroc
ID: 24107006
When I unchecked the require secure channel and 128bit encryption, i stopped getting the error message about SSL certificate 0X8000ccc7d. We are all up and running.


Thank you,
Delmiro
0

Featured Post

Does Powershell have you tied up in knots?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Read this checklist to learn more about the 15 things you should never include in an email signature.
This article aims to explain the working of CircularLogArchiver. This tool was designed to solve the buildup of log file in cases where systems do not support circular logging or where circular logging is not enabled
To show how to create a transport rule in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Mail Flow >> Rules tab.:  To cr…
This video demonstrates how to sync Microsoft Exchange Public Folders with smartphones using CodeTwo Exchange Sync and Exchange ActiveSync. To learn more about CodeTwo Exchange Sync and download the free trial, go to: http://www.codetwo.com/excha…

773 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question