Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
?
Solved

Mail submission failed: Error message: Server does not support secure connections..

Posted on 2011-04-25
21
Medium Priority
?
2,347 Views
Last Modified: 2012-06-27
After uninstalling exchange on sbs 2003, i get the following error when i perform test
"Mail submission failed: Error message: Server does not support secure connections.."
That means that there is no inbound messages hitting my server.
0
Comment
Question by:Jkipkangor
  • 10
  • 7
  • 4
21 Comments
 
LVL 81

Expert Comment

by:arnold
ID: 35462945
You uninstalled exchange (Mail server). You do not have a mail server local on the server to accept connections secure/insecure.
What are you testing?
0
 

Author Comment

by:Jkipkangor
ID: 35463040
I have exchange 2007, this is after migration from sbs 2003. When I demoted my sbs 2003 I couldn't recieve mail anymore.
0
 
LVL 60

Expert Comment

by:Cliff Galiher
ID: 35463125
Sounds like you didn't update your firewall NAT rule to point to the new server. The firewall is receiving traffic on port 25, doing a rule lookup, finding the internal IP of your old SBS server, and forwarding the traffic there....a dead end.

 Update your firewall, reboot it, and retest.

-Cliff
0
NEW Veeam Agent for Microsoft Windows

Backup and recover physical and cloud-based servers and workstations, as well as endpoint devices that belong to remote users. Avoid downtime and data loss quickly and easily for Windows-based physical or public cloud-based workloads!

 

Author Comment

by:Jkipkangor
ID: 35463190
Where do I get this NAT rule on sbs 2008 firewall?
Thanks, will try out this tomorrow morning.

JK
0
 
LVL 81

Expert Comment

by:arnold
ID: 35463245
Do you have a router/firewall where your ISP is connected?  This is where you would make the change (T1/Frame relay router) DSL adpter/modem with NAT?
Firewall ?
To what is your SBS connected? To what is that device Connected?
Eventually you should end up at one device where this change needs to happen.
0
 
LVL 60

Expert Comment

by:Cliff Galiher
ID: 35463295
SBS 2008 doesn't do NAT. I was referring to a hardware router/firewall/appliance that would be located (logically, not necessarily physically) between your internal network and your ISP. All traffic is flowing through such a device and it needs to know where to forward mail traffic. Chances are it is still configured to forward to the now missing SBS 2003 server.

-Cliff
0
 

Author Comment

by:Jkipkangor
ID: 35464222
We have a router we don't have NAT. My sbs 2003 was configured with ISA as a gateway.
My sbs 2008 has a public IP and a private IP, just like the sbs 2003. Ports are open, I can telnet to it from anywhere.
0
 
LVL 81

Expert Comment

by:arnold
ID: 35464229
Make sure than to have your MX pointed in the right way
nslookup -q=mx yourdomainname.com

Does it point to the public IP that your windows 2008 system has.
Your internal DNS configuration might be the issue if it is pointing to the wrong internal IP (i.e. to the internal IP of your SBS2003).
0
 

Author Comment

by:Jkipkangor
ID: 35464445
I have checked and the DNs records are what are on my card.
How do I confirm that internal dns is still pointed at the old sbs2003?
0
 
LVL 81

Expert Comment

by:arnold
ID: 35464547
look at the configuration of the email client and see what it has for the server incoming/outgoing.
run the following locally:
nslookup -q=mx yourdomain.com

Then use http://www.dnsstuff.com/ and lookup the same information for your domain and see whether they match.
0
 
LVL 60

Expert Comment

by:Cliff Galiher
ID: 35464681
SBS 2008 does not support the 2-NIC configuration that 2003 did. Many of the sanity checks that the services and wizards do will fail or reconfigure your system in unexpected ways if you attempt to force it. Put simply, your server will not work properly until you put it into a supported configuration.

-Cliff
0
 

Author Comment

by:Jkipkangor
ID: 35466507
I have had to return my sbs 2003 for the time being as I work on your suggestions. Meanwhile it is working.
I will remove the sbs2003 from the network this weekend.
Thanks Cliff, Arnold
0
 

Author Comment

by:Jkipkangor
ID: 35470398
Hi Guys, I still don't understand why this relationship has to exist for my exchange server 2007 to work..
Checked on my sbs 2003 and the group connector is still there..I am still skeptical of removing sbs 2003 from the picture, please help!
0
 
LVL 60

Expert Comment

by:Cliff Galiher
ID: 35470499
Right now your 2003 server is forwarding mail to the internal NIC of your 2008 server, which is what SBS expects, so things work.

If you disable the external NIC on your 2008 server and run the wizards, you will then be in a supported and working 2008 configuration, and mail will still flow since 2003 is in place. Minor change, easy to test.

You can then add a NAT capable firewall to your network to do what your 2003 server us apparently doing now and proxy all traffic. Update DHCP so clients use the new firewall as a default gateway, test.

Finally, create NAT rules to forward mail, OWA, RWW to the SBS server, test.

At this point you can retire 2003 with no I'll effects, and mail is still being forwarded to the 2008 server like it is now. OnlyvWHAT is forwarding the mail has changed. The above process is the only way to get you into a properly configured state.

-Cliff
0
 

Author Comment

by:Jkipkangor
ID: 35471971
Cliff, this is the scenario I want to configure, tell me if this will work.
Our organization will need a public IP on sbs 2008 for external access (owa) and remote management; is there a way this can be negated?
1. Have a winsvr 2003 running ISA with 2 cards with NAT enabled (I need a firewall after all)
2. Disable my external card on my sbs 2008, and route traffic thro ISA, which will be my new gateway
3. Run the wizards again to reconfigure mail flow.

What our ISP has done is that we have 1 router for the building, which may require cascading and that's why we use ISA to route all clients behind the firewall to the internet
0
 
LVL 60

Expert Comment

by:Cliff Galiher
ID: 35471993
You don't need a public IP on SBS to enable external access. 1 NIC, one internal IP, and appropriate NAT forwarding rules on your ISA server to route external traffic for specified protocols and services to the internal address of the SBS 2008 server. This puts you in a fully supported state, provides external access to SBS, and does not have SBS configured with 2 NICs.

-Cliff
0
 
LVL 60

Expert Comment

by:Cliff Galiher
ID: 35472008
Also note that if your ISA server is your SBS 2003 server, you will be looking at more work. The two SBS servers cannot co-exist, so you'll be looking at building a standard server with ISA and getting it appropriately licensed, as your SBS 2003 license can no longer be applied. If you  don't have a standard 2003 server license and a standalone ISA license, you may want to look at moving to an appliance firewall/UTM device or moving to 2008 R2 and TMG 2010 (if you like ISA). But the above advice still stands, you'll be creating forwarding NAT rules to route traffic to your SBS 2008 server regardless of what firewall (ISA/TMG/appliance) you use.

-Cliff
0
 

Author Comment

by:Jkipkangor
ID: 35472093
I have licenses for both the OS and ISA, TMG.
What's your view on having ISA sitting on a virtual winsvr 2003? We looking at minimizing hardware costs, rack space.
0
 
LVL 60

Accepted Solution

by:
Cliff Galiher earned 2000 total points
ID: 35472100
ISA is not supported under virtualization, and as a security devie, support in my opinion actually matters. Coupel that with performance issues with 2003 under virtualizatoin and the fact that this is what all your internet traffic passes through, I personally wouldn't do it. 2008 R2 and TMG/UAG 2010 are the only OS and MS threat containment combination I'd consider virtualizing.

-Cliff
0
 

Author Comment

by:Jkipkangor
ID: 35472146
Will keep you updated, we've got a huge time difference between us..
1
 

Author Comment

by:Jkipkangor
ID: 35511591
I finally cracked it; my ISP points all mail toward my external/public IP so i had to change and add the public IP in the list of local IPs on the receive connector..
0

Featured Post

Creating Active Directory Users from a Text File

If your organization has a need to mass-create AD user accounts, watch this video to see how its done without the need for scripting or other unnecessary complexities.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Mailbox Corruption is a nightmare every Exchange DBA wishes he never has. Recovering from it can be super-hectic if not entirely futile. And though techniques like the New-MailboxRepairRequest cmdlet have been designed to help with fixing minor corr…
In my humble opinion (IMHO), TouchDown from Symantec is the best in class for this type of application, but Symantec has end-of-lifed it and although one can keep using it, it will no longer be supported or upgraded.  Time to look for alternatives t…
This video discusses moving either the default database or any database to a new volume.
This video shows how to quickly and easily deploy an email signature for all users in Office 365 and prevent it from being added to replies and forwards. (the resulting signature is applied on the server level in Exchange Online) The email signat…
Suggested Courses

581 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question