[Webinar] Streamline your web hosting managementRegister Today

x
?
Solved

SBS 2008 Exchange won't send

Posted on 2009-07-11
9
Medium Priority
?
1,817 Views
Last Modified: 2013-11-30
I had this thing all setup and working fine until I changed the IP addresses due to moving it to a different network.  It receives email ok, but when I try to send out it hangs in the queue.  After running the Exchange Mail Flow Troubleshooter, it give me the following error:

Error submitting mail: Mail submission failed: Error message: Server does not support secure connections..

All other tests pass fine.  I can telnet out to the mail server I'm trying to send to.  I'm guessing it has to do with the certificate, but I only set this up a few months back so it shouldn't be expired.  In fact it is a trial version that appears to have expired and says it's not genuine but still works fine otherwise.

I verified the send connector exists, and is of type 'Internet' SMTP * 1.  

My server is setup on a dynamic IP, but I have verified the host and MX records are setup properly and are current.  I can't setup a reverse DNS record since it's dynamic, but doubt that is the problem, especially since I've tried sending to another outside Exchange mail server that has no spam filtering setup.  It is a different domain altogether.

I also received event ID 12023.  Type: TransportService
Microsoft Exchange could not load the certificate with thumbprint of FD6C18FE7C47E51795D84E8A4441F3B045146F01 from the personal store on the local computer. This certificate was configured for authentication with other Exchange servers. Mail flow to other Exchange servers could be affected by this error. If the certificate with this thumbprint still exists in the personal store, run Enable-ExchangeCertificate FD6C18FE7C47E51795D84E8A4441F3B045146F01 -Services SMTP to resolve the issue. If the certificate does not exist in the personal store, restore it from backup by using the Import-ExchangeCertificate cmdlet, or create a new certificate for the FQDN or the server enabled for SMTP by running the following command: New-ExchangeCertificate -DomainName serverfqdn -Services SMTP. Meanwhile, the certificate with thumbprint DF4FA71547E302A3CA916207C6969A526DEDB463 is being used.

When I try to run the cmdlet as instructed above, I get:
The term 'Enable-ExchangeCertificate' is not recognized as a cmdlet, function, operable program, or script file. Verify
 the term and try again.
At line:1 char:27
+ Enable-ExchangeCertificate  <<<< FD6C18FE7C47E51795D84E8A4441F3B045146F01 -Services SMTPEnable-ExchangeCertificate FD
6C18FE7C47E51795D84E8A4441F3B045146F01 -Services SMTPEnable-ExchangeCertificate FD6C18FE7C47E51795D84E8A4441F3B045146F0
1 -Services SMTP

Also, the other cmdlet fails.  Does SBS2008 not have all the cmdlets that the full blown Exchange 2007 have?  Not sure what's going on here.

I reran the Connect to the Internet wizard, the Fix My Network wizard, and they all turn up ok.

Originally, I setup a certificate that I had purchased with the internet host name and OWA worked fine.  I can still connect fine via OWA with no cert errors, but it just won't send.

Sure it's a trial and I could wipe it and start over, but what fun would that be?
0
Comment
Question by:B1izzard
  • 4
  • 4
9 Comments
 
LVL 30

Expert Comment

by:Britt Thompson
ID: 24832487
Do a Get-ExchangeCertficate to verify that the cert footprint you have in your error is the one that you've actually purchased and installed. Then, the command should be exactly as follows. It appears there may be an extra space in your command at line 27. SBS does include the standard set of the command in the power shell.

If you don't see your cert installed or you see the wrong cert installed you'll need to re-import your cert

Import-ExchangeCertificate -Path c:\yourcert.crt
Enable-ExchangeCertificate FD6C18FE7C47E51795D84E8A4441F3B045146F01 -Services "POP, IMAP, IIS, SMTP"

Next, here's a quality article that explains in detail how to configure your send connector: http://www.petri.co.il/configuring-exchange-2007-send-external-email.htm

Also, are you sending using a smarthost or are you sending using DNS? Try using DNS if you're not already.

0
 

Author Comment

by:B1izzard
ID: 24832652
I get the following error.  My powershell doesn't seem to have the necessary cmdlets.

PS C:\Users\Steve> Import-ExchangeCertificate -Path c:\mail.mydomain.com
The term 'Import-ExchangeCertificate' is not recognized as a cmdlet, function, operable program, or script file. Verify
 the term and try again.
At line:1 char:27
+ Import-ExchangeCertificate  <<<< -Path c:\mail.mydomain.com.crt

The Get-ExchangeCertficate gives an error as well.

I am using DNS, no smart host configured.

I am reinstalling the powershell and rebooting right now.  

0
 
LVL 30

Expert Comment

by:Britt Thompson
ID: 24832657
You need to make sure you're launching the Exchange Management Shell and not just the powershell.
0
Free tool for managing users' photos in Office 365

Easily upload multiple users’ photos to Office 365. Manage them with an intuitive GUI and use handy built-in cropping and resizing options. Link photos with users based on Azure AD attributes. Free tool!

 
LVL 65

Assisted Solution

by:Mestha
Mestha earned 400 total points
ID: 24832659
When it comes to sending email, your certificate has nothing to do with it. It is down to the remote side to provide the certificate. Given the error that you have provided, it would seem that the Send Connector has been set to require TLS. Did you setup the Send Connector manually, or did you use the wizards?

Ensure that you are using the Exchange Management Shell and not plain PowerShell to run the enable-exchangecertificate command. The Exchange Management Shell has the additional extensions that are required.

Simon.
0
 

Author Comment

by:B1izzard
ID: 24833483
I forgot that the PowerShell and Exchange Shell were separate.  Now I can run the commands.  When I ran the enable-exchangecertificate command, it was successful, but now owa is broken.  I used the thumbprint of the internet certificate when I enabled it.  Now I just get the error 'Internet Explorer cannot display the webpage'.  This certificate thing is a PITA.  Microsoft did a lousy job with something this simple IMO.   It's way too convoluted.  I'll have to troubleshoot this further tomorrow.  Thanks for the help so far.
0
 
LVL 30

Accepted Solution

by:
Britt Thompson earned 1600 total points
ID: 24834220
Have you tried HTTP and HTTPS to get to your OWA? You may need to go into the default Website in IIS and make sure it's using the correct certificate.
0
 

Author Comment

by:B1izzard
ID: 24834972
I got owa working again by setting the default website binding on port 443 for the default website as recommended.  When I try to run the command

Enable-ExchangeCertificate FD6C18FE7C47E51795D84E8A4441F3B045146F01 -Services "POP, IMAP, IIS, SMTP"

I get the following error:

Enable-ExchangeCertificate : An unexpected error occurred while the forms-based
 authentication settings for path /LM/W3SVC/1 were being modified. The error re
turned was 5506.
At line:1 char:27
+ Enable-ExchangeCertificate  <<<< c2c130d3a521616e2b3ffb16761fc46202cad198 -Se
rvices "POP, IMAP, IIS, SMTP"

I tried deleting the certificate and reimporting, but I still get the above error.
0
 
LVL 30

Expert Comment

by:Britt Thompson
ID: 24835050
Sorry...try this:

Enable-ExchangeCertificate -thumbprint FD6C18FE7C47E51795D84E8A4441F3B045146F01 -Services "POP, IMAP, IIS, SMTP"
0
 

Author Comment

by:B1izzard
ID: 24910843
I got it working.  I'm not 100% sure what it was, but I went into IIS and set the SBS Web Applications site's binding on port 443 to use the certificate I purchased at Godaddy.  The Enable-ExchangeCertificate command still gives an error, but sending email works.
0

Featured Post

Easily manage email signatures in Office 365

Managing email signatures in Office 365 can be a challenging task if you don't have the right tool. CodeTwo Email Signatures for Office 365 will help you implement a unified email signature look, no matter what email client is used by users. Test it for free!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

What is the biggest problem in managing an exchange environment today? It is the lack of backups, disaster recovery (DR) plan, testing of the DR plan or believing that it won’t happen to us.
This article explains how to move an Exchange 2013/2016 mailbox database and logs to a different drive.
In this Micro Video tutorial you will learn the basics about Database Availability Groups and How to configure one using a live Exchange Server Environment. The video tutorial explains the basics of the Exchange server Database Availability grou…
This video demonstrates how to sync Microsoft Exchange Public Folders with smartphones using CodeTwo Exchange Sync and Exchange ActiveSync. To learn more about CodeTwo Exchange Sync and download the free trial, go to: http://www.codetwo.com/excha…
Suggested Courses
Course of the Month9 days, 22 hours left to enroll

591 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question