SBS 2008 Exchange won't send

I had this thing all setup and working fine until I changed the IP addresses due to moving it to a different network.  It receives email ok, but when I try to send out it hangs in the queue.  After running the Exchange Mail Flow Troubleshooter, it give me the following error:

Error submitting mail: Mail submission failed: Error message: Server does not support secure connections..

All other tests pass fine.  I can telnet out to the mail server I'm trying to send to.  I'm guessing it has to do with the certificate, but I only set this up a few months back so it shouldn't be expired.  In fact it is a trial version that appears to have expired and says it's not genuine but still works fine otherwise.

I verified the send connector exists, and is of type 'Internet' SMTP * 1.  

My server is setup on a dynamic IP, but I have verified the host and MX records are setup properly and are current.  I can't setup a reverse DNS record since it's dynamic, but doubt that is the problem, especially since I've tried sending to another outside Exchange mail server that has no spam filtering setup.  It is a different domain altogether.

I also received event ID 12023.  Type: TransportService
Microsoft Exchange could not load the certificate with thumbprint of FD6C18FE7C47E51795D84E8A4441F3B045146F01 from the personal store on the local computer. This certificate was configured for authentication with other Exchange servers. Mail flow to other Exchange servers could be affected by this error. If the certificate with this thumbprint still exists in the personal store, run Enable-ExchangeCertificate FD6C18FE7C47E51795D84E8A4441F3B045146F01 -Services SMTP to resolve the issue. If the certificate does not exist in the personal store, restore it from backup by using the Import-ExchangeCertificate cmdlet, or create a new certificate for the FQDN or the server enabled for SMTP by running the following command: New-ExchangeCertificate -DomainName serverfqdn -Services SMTP. Meanwhile, the certificate with thumbprint DF4FA71547E302A3CA916207C6969A526DEDB463 is being used.

When I try to run the cmdlet as instructed above, I get:
The term 'Enable-ExchangeCertificate' is not recognized as a cmdlet, function, operable program, or script file. Verify
 the term and try again.
At line:1 char:27
+ Enable-ExchangeCertificate  <<<< FD6C18FE7C47E51795D84E8A4441F3B045146F01 -Services SMTPEnable-ExchangeCertificate FD
6C18FE7C47E51795D84E8A4441F3B045146F01 -Services SMTPEnable-ExchangeCertificate FD6C18FE7C47E51795D84E8A4441F3B045146F0
1 -Services SMTP

Also, the other cmdlet fails.  Does SBS2008 not have all the cmdlets that the full blown Exchange 2007 have?  Not sure what's going on here.

I reran the Connect to the Internet wizard, the Fix My Network wizard, and they all turn up ok.

Originally, I setup a certificate that I had purchased with the internet host name and OWA worked fine.  I can still connect fine via OWA with no cert errors, but it just won't send.

Sure it's a trial and I could wipe it and start over, but what fun would that be?
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Britt ThompsonSr. Systems EngineerCommented:
Do a Get-ExchangeCertficate to verify that the cert footprint you have in your error is the one that you've actually purchased and installed. Then, the command should be exactly as follows. It appears there may be an extra space in your command at line 27. SBS does include the standard set of the command in the power shell.

If you don't see your cert installed or you see the wrong cert installed you'll need to re-import your cert

Import-ExchangeCertificate -Path c:\yourcert.crt
Enable-ExchangeCertificate FD6C18FE7C47E51795D84E8A4441F3B045146F01 -Services "POP, IMAP, IIS, SMTP"

Next, here's a quality article that explains in detail how to configure your send connector:

Also, are you sending using a smarthost or are you sending using DNS? Try using DNS if you're not already.

B1izzardAuthor Commented:
I get the following error.  My powershell doesn't seem to have the necessary cmdlets.

PS C:\Users\Steve> Import-ExchangeCertificate -Path c:\
The term 'Import-ExchangeCertificate' is not recognized as a cmdlet, function, operable program, or script file. Verify
 the term and try again.
At line:1 char:27
+ Import-ExchangeCertificate  <<<< -Path c:\

The Get-ExchangeCertficate gives an error as well.

I am using DNS, no smart host configured.

I am reinstalling the powershell and rebooting right now.  

Britt ThompsonSr. Systems EngineerCommented:
You need to make sure you're launching the Exchange Management Shell and not just the powershell.
Creating Active Directory Users from a Text File

If your organization has a need to mass-create AD user accounts, watch this video to see how its done without the need for scripting or other unnecessary complexities.

When it comes to sending email, your certificate has nothing to do with it. It is down to the remote side to provide the certificate. Given the error that you have provided, it would seem that the Send Connector has been set to require TLS. Did you setup the Send Connector manually, or did you use the wizards?

Ensure that you are using the Exchange Management Shell and not plain PowerShell to run the enable-exchangecertificate command. The Exchange Management Shell has the additional extensions that are required.

B1izzardAuthor Commented:
I forgot that the PowerShell and Exchange Shell were separate.  Now I can run the commands.  When I ran the enable-exchangecertificate command, it was successful, but now owa is broken.  I used the thumbprint of the internet certificate when I enabled it.  Now I just get the error 'Internet Explorer cannot display the webpage'.  This certificate thing is a PITA.  Microsoft did a lousy job with something this simple IMO.   It's way too convoluted.  I'll have to troubleshoot this further tomorrow.  Thanks for the help so far.
Britt ThompsonSr. Systems EngineerCommented:
Have you tried HTTP and HTTPS to get to your OWA? You may need to go into the default Website in IIS and make sure it's using the correct certificate.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
B1izzardAuthor Commented:
I got owa working again by setting the default website binding on port 443 for the default website as recommended.  When I try to run the command

Enable-ExchangeCertificate FD6C18FE7C47E51795D84E8A4441F3B045146F01 -Services "POP, IMAP, IIS, SMTP"

I get the following error:

Enable-ExchangeCertificate : An unexpected error occurred while the forms-based
 authentication settings for path /LM/W3SVC/1 were being modified. The error re
turned was 5506.
At line:1 char:27
+ Enable-ExchangeCertificate  <<<< c2c130d3a521616e2b3ffb16761fc46202cad198 -Se
rvices "POP, IMAP, IIS, SMTP"

I tried deleting the certificate and reimporting, but I still get the above error.
Britt ThompsonSr. Systems EngineerCommented:
Sorry...try this:

Enable-ExchangeCertificate -thumbprint FD6C18FE7C47E51795D84E8A4441F3B045146F01 -Services "POP, IMAP, IIS, SMTP"
B1izzardAuthor Commented:
I got it working.  I'm not 100% sure what it was, but I went into IIS and set the SBS Web Applications site's binding on port 443 to use the certificate I purchased at Godaddy.  The Enable-ExchangeCertificate command still gives an error, but sending email works.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Email Protocols

From novice to tech pro — start learning today.