We help IT Professionals succeed at work.

Check out our new AWS podcast with Certified Expert, Phil Phillips! Listen to "How to Execute a Seamless AWS Migration" on EE or on your favorite podcast platform. Listen Now

x

Mail submission failed: Error message: Server does not support secure connections..

Medium Priority
2,548 Views
Last Modified: 2012-06-27
After uninstalling exchange on sbs 2003, i get the following error when i perform test
"Mail submission failed: Error message: Server does not support secure connections.."
That means that there is no inbound messages hitting my server.
Comment
Watch Question

CERTIFIED EXPERT
Distinguished Expert 2019

Commented:
You uninstalled exchange (Mail server). You do not have a mail server local on the server to accept connections secure/insecure.
What are you testing?

Author

Commented:
I have exchange 2007, this is after migration from sbs 2003. When I demoted my sbs 2003 I couldn't recieve mail anymore.
CERTIFIED EXPERT
Distinguished Expert 2018

Commented:
Sounds like you didn't update your firewall NAT rule to point to the new server. The firewall is receiving traffic on port 25, doing a rule lookup, finding the internal IP of your old SBS server, and forwarding the traffic there....a dead end.

 Update your firewall, reboot it, and retest.

-Cliff

Author

Commented:
Where do I get this NAT rule on sbs 2008 firewall?
Thanks, will try out this tomorrow morning.

JK
CERTIFIED EXPERT
Distinguished Expert 2019

Commented:
Do you have a router/firewall where your ISP is connected?  This is where you would make the change (T1/Frame relay router) DSL adpter/modem with NAT?
Firewall ?
To what is your SBS connected? To what is that device Connected?
Eventually you should end up at one device where this change needs to happen.
CERTIFIED EXPERT
Distinguished Expert 2018

Commented:
SBS 2008 doesn't do NAT. I was referring to a hardware router/firewall/appliance that would be located (logically, not necessarily physically) between your internal network and your ISP. All traffic is flowing through such a device and it needs to know where to forward mail traffic. Chances are it is still configured to forward to the now missing SBS 2003 server.

-Cliff

Author

Commented:
We have a router we don't have NAT. My sbs 2003 was configured with ISA as a gateway.
My sbs 2008 has a public IP and a private IP, just like the sbs 2003. Ports are open, I can telnet to it from anywhere.
CERTIFIED EXPERT
Distinguished Expert 2019

Commented:
Make sure than to have your MX pointed in the right way
nslookup -q=mx yourdomainname.com

Does it point to the public IP that your windows 2008 system has.
Your internal DNS configuration might be the issue if it is pointing to the wrong internal IP (i.e. to the internal IP of your SBS2003).

Author

Commented:
I have checked and the DNs records are what are on my card.
How do I confirm that internal dns is still pointed at the old sbs2003?
CERTIFIED EXPERT
Distinguished Expert 2019

Commented:
look at the configuration of the email client and see what it has for the server incoming/outgoing.
run the following locally:
nslookup -q=mx yourdomain.com

Then use http://www.dnsstuff.com/ and lookup the same information for your domain and see whether they match.
CERTIFIED EXPERT
Distinguished Expert 2018

Commented:
SBS 2008 does not support the 2-NIC configuration that 2003 did. Many of the sanity checks that the services and wizards do will fail or reconfigure your system in unexpected ways if you attempt to force it. Put simply, your server will not work properly until you put it into a supported configuration.

-Cliff

Author

Commented:
I have had to return my sbs 2003 for the time being as I work on your suggestions. Meanwhile it is working.
I will remove the sbs2003 from the network this weekend.
Thanks Cliff, Arnold

Author

Commented:
Hi Guys, I still don't understand why this relationship has to exist for my exchange server 2007 to work..
Checked on my sbs 2003 and the group connector is still there..I am still skeptical of removing sbs 2003 from the picture, please help!
CERTIFIED EXPERT
Distinguished Expert 2018

Commented:
Right now your 2003 server is forwarding mail to the internal NIC of your 2008 server, which is what SBS expects, so things work.

If you disable the external NIC on your 2008 server and run the wizards, you will then be in a supported and working 2008 configuration, and mail will still flow since 2003 is in place. Minor change, easy to test.

You can then add a NAT capable firewall to your network to do what your 2003 server us apparently doing now and proxy all traffic. Update DHCP so clients use the new firewall as a default gateway, test.

Finally, create NAT rules to forward mail, OWA, RWW to the SBS server, test.

At this point you can retire 2003 with no I'll effects, and mail is still being forwarded to the 2008 server like it is now. OnlyvWHAT is forwarding the mail has changed. The above process is the only way to get you into a properly configured state.

-Cliff

Author

Commented:
Cliff, this is the scenario I want to configure, tell me if this will work.
Our organization will need a public IP on sbs 2008 for external access (owa) and remote management; is there a way this can be negated?
1. Have a winsvr 2003 running ISA with 2 cards with NAT enabled (I need a firewall after all)
2. Disable my external card on my sbs 2008, and route traffic thro ISA, which will be my new gateway
3. Run the wizards again to reconfigure mail flow.

What our ISP has done is that we have 1 router for the building, which may require cascading and that's why we use ISA to route all clients behind the firewall to the internet
CERTIFIED EXPERT
Distinguished Expert 2018

Commented:
You don't need a public IP on SBS to enable external access. 1 NIC, one internal IP, and appropriate NAT forwarding rules on your ISA server to route external traffic for specified protocols and services to the internal address of the SBS 2008 server. This puts you in a fully supported state, provides external access to SBS, and does not have SBS configured with 2 NICs.

-Cliff
CERTIFIED EXPERT
Distinguished Expert 2018

Commented:
Also note that if your ISA server is your SBS 2003 server, you will be looking at more work. The two SBS servers cannot co-exist, so you'll be looking at building a standard server with ISA and getting it appropriately licensed, as your SBS 2003 license can no longer be applied. If you  don't have a standard 2003 server license and a standalone ISA license, you may want to look at moving to an appliance firewall/UTM device or moving to 2008 R2 and TMG 2010 (if you like ISA). But the above advice still stands, you'll be creating forwarding NAT rules to route traffic to your SBS 2008 server regardless of what firewall (ISA/TMG/appliance) you use.

-Cliff

Author

Commented:
I have licenses for both the OS and ISA, TMG.
What's your view on having ISA sitting on a virtual winsvr 2003? We looking at minimizing hardware costs, rack space.
CERTIFIED EXPERT
Distinguished Expert 2018
Commented:
Unlock this solution and get a sample of our free trial.
(No credit card required)
UNLOCK SOLUTION

Author

Commented:
Will keep you updated, we've got a huge time difference between us..

Author

Commented:
I finally cracked it; my ISP points all mail toward my external/public IP so i had to change and add the public IP in the list of local IPs on the receive connector..
Unlock the solution to this question.
Thanks for using Experts Exchange.

Please provide your email to receive a sample view!

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

OR

Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.