Exchange 2013 IMAP with SSL

Hi Experts,

My exchange has been migrated from 2010 to 2013, so far all the users can send and receive emails via OWA, both via webmail and MS Outlook.

Today, I want to configure IMAP but for some reason I have not managed to make this through, therefore please give me a hand. So far, these step below that I have done

- Port 143 and 993 (SSL) are opened to outside from company FW, Exchange it self has FW shutdown.
- 2 Services MS Exchange Service IMAP4 and MS Exchange Service IMAP4 Backend has been turned on, running and set automatic start.
- In ECP 2013 > Servers > Servers > IMAP4 > Logon method = Secure TLS connection
- In ECP 2013 > Servers > Certificate > I checked in my certificate's services (in my case is owa.mydomain.com) has SMTP, IMAP,POP,IIS checked.
- In ECP 2013 > recipients > mailboxes > all users have IMAP Enabled


When adding IMAP account, I have set
-Account type: IMAP
-Incoming mail server: owa.mydomain.com
-Out going mail server (SMTP): owa.mydomain.com

In mail client, advance, I have set
- Incoming Server (IMAP): 993, Encrypted connection: SSL
- Outgoing Server (SMTP): 25, Encrypted connection: TLS (also tried SSL)
With this client setting, when I clicked Test Account Setting, I got this error
Log onto mail incoming mail server (IMAP): A Secure to the connection server can not be established
Send test e-mail message: The server responded 421 4.3.2 Service not ava


What I am missing here? Please help me, thank you.

Regards,
phucdk
phucdkAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Simon Butler (Sembee)ConsultantCommented:
"Exchange it self has FW shutdown."

How exactly have you done that? There should be no need to do that - I don't think any of the implementations I have done every have the Windows firewall disabled.

Service Not Available usually means the client is being rejected for some reason - often that the IP address isn't allow or something like that.

Simon.
0
phucdkAuthor Commented:
Hi Simon,

I have just tried to set incoming server IMAP: 993 (SSL)
And out going SMTP server: 465 (TLS)

When I hit test connection, seem like I got outgoing through (I received an email inform) but I got the error below

Logon incoming mail server(IMAP): A secure connection to the server can not be established

So that say I got incoming connection problem.

Could you please advise me where should I look to trouble shoot this? Thank you.

Regards,
Phucdk
0
phucdkAuthor Commented:
Hi Simon,

I understand that I have not solved this case yet but I would like to ask if you can help me look at my other ticket
http://www.experts-exchange.com/Software/Server_Software/Email_Servers/Exchange/Q_28266111.html

Thank you very much in advance.

Regards,
phucdk
0
Making Bulk Changes to Active Directory

Watch this video to see how easy it is to make mass changes to Active Directory from an external text file without using complicated scripts.

Simon Butler (Sembee)ConsultantCommented:
Have you set the X.509 properties on the IMAP Server to match the common name on your SSL certificate?

Not a fan of IMAP personally, try to avoid it where possible.

Simon.
0
phucdkAuthor Commented:
Could you please advise me where should I look in ECP 2013 to set X.509 properties? Thank you.
0
Simon Butler (Sembee)ConsultantCommented:
You cannot do anything with IMAP through ECP - it is all done through EMS.

Therefore you will need to use get-imapsettings to view the configuration and set-imapsettings to adjust them.

Simon.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
phucdkAuthor Commented:
I have run the command you advised, and I got the return like this. So, as I understand, the X.509 certificate is piped to correct SSL ?

UnencryptedOrTLSBindings     SSLBindings                 LoginType            
{[::]:143, 0.0.0.0:143}              {[::]:993, 0.0.0.0:993}       SecureLogin                      

X509CertificateName
owa.mydomain.com (this is the trusted CERT)
0
Simon Butler (Sembee)ConsultantCommented:
I presume that you are putting the same host name in to the client for IMAP server?
When you authenticate, how do you enter the credentials?

domain\username
username@domain
username

Something else?

Simon.
0
phucdkAuthor Commented:
I presume that you are putting the same host name in to the client for IMAP server?

I am putting in Incoming mail and Outgoing mail server as : owa.mydomain.com

When you authenticate, how do you enter the credentials?
I have tried all of the options that you described. All have the same error and after all tries, I have received bunch of email with contain below. I guess the outgoing is ok.

This is an e-mail message sent automatically by Microsoft Outlook while testing the settings for your account.
0
phucdkAuthor Commented:
But before we continue troubleshooting, I would like to say in ECP 2013, in servers/ certificates tab, I can see the status of owa.mydomain.com shown as "invalid". I don't know if this is the root of the problem?

Like I said a few thread above to ask your help to look at this ticket as well
http://www.experts-exchange.com/Software/Server_Software/Email_Servers/Exchange/Q_28266111.html
0
Simon Butler (Sembee)ConsultantCommented:
If the certificate is invalid then that could stop the client from establishing a secure session correctly. However I am not familiar with the certificates that you are using.

You could check the method listed in the link below to see if the certificate has the valid private key:
http://howdouc.blogspot.co.uk/2010/12/repairing-invalid-certificate-for.html

Otherwise getting the certificate reissued is probably the next step.

Simon.
0
Dimitris_vCommented:
Hello to everyone.
I am issuing the same problem. The chain of my wildcard certificate is correct but the certificate is invalid on the ecp certificates. I have deleted the rest certificates according to the mentions on thread http://www.experts-exchange.com/Software/Server_Software/Email_Servers/Exchange/Q_28308863.html and I have also tried to repair it by the serial number. Still there as "invalid". Do you have any ideas on how to fix it? I am struggling on that for many hours...
Thank you.



invalid certificate exchange 2013
0
Simon Butler (Sembee)ConsultantCommented:
This is an old question which has been closed.
You need to ask your question fresh so that it is seen by everyone else.
Unlike a forum, no one other than those who participated in the question originally will see it.

Simon.
0
Dimitris_vCommented:
Hey Simon, Ok I ll post a new thread.
Thanks.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Exchange

From novice to tech pro — start learning today.