Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

SBS 2008 Exchange won't send

Posted on 2009-07-11
9
Medium Priority
?
1,813 Views
Last Modified: 2013-11-30
I had this thing all setup and working fine until I changed the IP addresses due to moving it to a different network.  It receives email ok, but when I try to send out it hangs in the queue.  After running the Exchange Mail Flow Troubleshooter, it give me the following error:

Error submitting mail: Mail submission failed: Error message: Server does not support secure connections..

All other tests pass fine.  I can telnet out to the mail server I'm trying to send to.  I'm guessing it has to do with the certificate, but I only set this up a few months back so it shouldn't be expired.  In fact it is a trial version that appears to have expired and says it's not genuine but still works fine otherwise.

I verified the send connector exists, and is of type 'Internet' SMTP * 1.  

My server is setup on a dynamic IP, but I have verified the host and MX records are setup properly and are current.  I can't setup a reverse DNS record since it's dynamic, but doubt that is the problem, especially since I've tried sending to another outside Exchange mail server that has no spam filtering setup.  It is a different domain altogether.

I also received event ID 12023.  Type: TransportService
Microsoft Exchange could not load the certificate with thumbprint of FD6C18FE7C47E51795D84E8A4441F3B045146F01 from the personal store on the local computer. This certificate was configured for authentication with other Exchange servers. Mail flow to other Exchange servers could be affected by this error. If the certificate with this thumbprint still exists in the personal store, run Enable-ExchangeCertificate FD6C18FE7C47E51795D84E8A4441F3B045146F01 -Services SMTP to resolve the issue. If the certificate does not exist in the personal store, restore it from backup by using the Import-ExchangeCertificate cmdlet, or create a new certificate for the FQDN or the server enabled for SMTP by running the following command: New-ExchangeCertificate -DomainName serverfqdn -Services SMTP. Meanwhile, the certificate with thumbprint DF4FA71547E302A3CA916207C6969A526DEDB463 is being used.

When I try to run the cmdlet as instructed above, I get:
The term 'Enable-ExchangeCertificate' is not recognized as a cmdlet, function, operable program, or script file. Verify
 the term and try again.
At line:1 char:27
+ Enable-ExchangeCertificate  <<<< FD6C18FE7C47E51795D84E8A4441F3B045146F01 -Services SMTPEnable-ExchangeCertificate FD
6C18FE7C47E51795D84E8A4441F3B045146F01 -Services SMTPEnable-ExchangeCertificate FD6C18FE7C47E51795D84E8A4441F3B045146F0
1 -Services SMTP

Also, the other cmdlet fails.  Does SBS2008 not have all the cmdlets that the full blown Exchange 2007 have?  Not sure what's going on here.

I reran the Connect to the Internet wizard, the Fix My Network wizard, and they all turn up ok.

Originally, I setup a certificate that I had purchased with the internet host name and OWA worked fine.  I can still connect fine via OWA with no cert errors, but it just won't send.

Sure it's a trial and I could wipe it and start over, but what fun would that be?
0
Comment
Question by:B1izzard
  • 4
  • 4
9 Comments
 
LVL 30

Expert Comment

by:Britt Thompson
ID: 24832487
Do a Get-ExchangeCertficate to verify that the cert footprint you have in your error is the one that you've actually purchased and installed. Then, the command should be exactly as follows. It appears there may be an extra space in your command at line 27. SBS does include the standard set of the command in the power shell.

If you don't see your cert installed or you see the wrong cert installed you'll need to re-import your cert

Import-ExchangeCertificate -Path c:\yourcert.crt
Enable-ExchangeCertificate FD6C18FE7C47E51795D84E8A4441F3B045146F01 -Services "POP, IMAP, IIS, SMTP"

Next, here's a quality article that explains in detail how to configure your send connector: http://www.petri.co.il/configuring-exchange-2007-send-external-email.htm

Also, are you sending using a smarthost or are you sending using DNS? Try using DNS if you're not already.

0
 

Author Comment

by:B1izzard
ID: 24832652
I get the following error.  My powershell doesn't seem to have the necessary cmdlets.

PS C:\Users\Steve> Import-ExchangeCertificate -Path c:\mail.mydomain.com
The term 'Import-ExchangeCertificate' is not recognized as a cmdlet, function, operable program, or script file. Verify
 the term and try again.
At line:1 char:27
+ Import-ExchangeCertificate  <<<< -Path c:\mail.mydomain.com.crt

The Get-ExchangeCertficate gives an error as well.

I am using DNS, no smart host configured.

I am reinstalling the powershell and rebooting right now.  

0
 
LVL 30

Expert Comment

by:Britt Thompson
ID: 24832657
You need to make sure you're launching the Exchange Management Shell and not just the powershell.
0
Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

 
LVL 65

Assisted Solution

by:Mestha
Mestha earned 400 total points
ID: 24832659
When it comes to sending email, your certificate has nothing to do with it. It is down to the remote side to provide the certificate. Given the error that you have provided, it would seem that the Send Connector has been set to require TLS. Did you setup the Send Connector manually, or did you use the wizards?

Ensure that you are using the Exchange Management Shell and not plain PowerShell to run the enable-exchangecertificate command. The Exchange Management Shell has the additional extensions that are required.

Simon.
0
 

Author Comment

by:B1izzard
ID: 24833483
I forgot that the PowerShell and Exchange Shell were separate.  Now I can run the commands.  When I ran the enable-exchangecertificate command, it was successful, but now owa is broken.  I used the thumbprint of the internet certificate when I enabled it.  Now I just get the error 'Internet Explorer cannot display the webpage'.  This certificate thing is a PITA.  Microsoft did a lousy job with something this simple IMO.   It's way too convoluted.  I'll have to troubleshoot this further tomorrow.  Thanks for the help so far.
0
 
LVL 30

Accepted Solution

by:
Britt Thompson earned 1600 total points
ID: 24834220
Have you tried HTTP and HTTPS to get to your OWA? You may need to go into the default Website in IIS and make sure it's using the correct certificate.
0
 

Author Comment

by:B1izzard
ID: 24834972
I got owa working again by setting the default website binding on port 443 for the default website as recommended.  When I try to run the command

Enable-ExchangeCertificate FD6C18FE7C47E51795D84E8A4441F3B045146F01 -Services "POP, IMAP, IIS, SMTP"

I get the following error:

Enable-ExchangeCertificate : An unexpected error occurred while the forms-based
 authentication settings for path /LM/W3SVC/1 were being modified. The error re
turned was 5506.
At line:1 char:27
+ Enable-ExchangeCertificate  <<<< c2c130d3a521616e2b3ffb16761fc46202cad198 -Se
rvices "POP, IMAP, IIS, SMTP"

I tried deleting the certificate and reimporting, but I still get the above error.
0
 
LVL 30

Expert Comment

by:Britt Thompson
ID: 24835050
Sorry...try this:

Enable-ExchangeCertificate -thumbprint FD6C18FE7C47E51795D84E8A4441F3B045146F01 -Services "POP, IMAP, IIS, SMTP"
0
 

Author Comment

by:B1izzard
ID: 24910843
I got it working.  I'm not 100% sure what it was, but I went into IIS and set the SBS Web Applications site's binding on port 443 to use the certificate I purchased at Godaddy.  The Enable-ExchangeCertificate command still gives an error, but sending email works.
0

Featured Post

Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

On September 18, Experts Exchange launched the first installment of the Help Bell, a new feature for Premium Members, Team Accounts, and Qualified Experts. The Help Bell will serve as an additional tool to help teams increase question visibility.
Stellar Exchange Toolkit: this 5 in 1 toolkit comes loaded with mega-software tool. Here’s an introduction to tools’ usage and advantages:
how to add IIS SMTP to handle application/Scanner relays into office 365.
This video shows how to quickly and easily add an email signature for all users on Exchange 2016. The resulting signature is applied on a server level by Exchange Online. The email signature template has been downloaded from: www.mail-signatures…
Suggested Courses

772 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question