Exchange 2013 cu6 external incoming mails domain message like " TLS is not an option on this server)
Hello Experts,
external domains getting message like "tls is not an option on this server" if i checked in exchange 2013 server TLS is enable on send and receive connector.
external domains getting message like "tls is not an option on this server" if i checked in exchange 2013 server TLS is enable on send and receive connector.
ASKER
if i telnet my server internally, i am getting 250 starttls
220 HOCAS001.domain.com Microsoft ESMTP MAIL Service ready at Thu, 9 Apr 2015 15:18:15 +0530
ehlo
250-HOCAS001.domain.com Hello [127.0.0.1]
250-SIZE 26214400
250-PIPELINING
250-DSN
250-ENHANCEDSTATUSCODES
250-STARTTLS
250-X-ANONYMOUSTLS
250-AUTH NTLM
250-X-EXPS GSSAPI NTLM
250-8BITMIME
250-BINARYMIME
250-CHUNKING
250 XRDST
I dont have NDR, but if i test tls from thirdparty tool its showing fail. I am using cyberoam for incoming and outgoing mails
220 HOCAS001.domain.com Microsoft ESMTP MAIL Service ready at Thu, 9 Apr 2015 15:18:15 +0530
ehlo
250-HOCAS001.domain.com Hello [127.0.0.1]
250-SIZE 26214400
250-PIPELINING
250-DSN
250-ENHANCEDSTATUSCODES
250-STARTTLS
250-X-ANONYMOUSTLS
250-AUTH NTLM
250-X-EXPS GSSAPI NTLM
250-8BITMIME
250-BINARYMIME
250-CHUNKING
250 XRDST
I dont have NDR, but if i test tls from thirdparty tool its showing fail. I am using cyberoam for incoming and outgoing mails
First - CU6 is no longer supported. To remain supported you need to be on the current CU (8 at the moment) or the previous one (CU7).
If you have Cyberoam in front of the Exchange server then you need to check whether that is doing the TLS, not Exchange. An external telnet test should confirm what is answering the SMTP traffic.
If it is the Cyberoam then you will need to look at its configuration, changing Exchange isn't going to help.
Simon.
If you have Cyberoam in front of the Exchange server then you need to check whether that is doing the TLS, not Exchange. An external telnet test should confirm what is answering the SMTP traffic.
If it is the Cyberoam then you will need to look at its configuration, changing Exchange isn't going to help.
Simon.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
I appreciate your quick support. Could you please tell me what i need to change in Cyberoam to allow tls?
Hi Manoj,
Its a pleasure to help...
The above states
Do you have access to the appliance web interface?
Its a pleasure to help...
The above states
Security setting for mail servers can be done by configuring the attributes “Connection Security” and “Certificates” from Web Admin Console or using the Wizard.
..........
To configure security settings for mail server from Web Admin Console, go to System > Configuration > Notification and configure Connection Security and Certificate.
Alternately Connection Security and Certificate can be configured from Wizard page of Configure Mail Settings.
Do you have access to the appliance web interface?
ASKER
i changed the setting from cyberoam to enable starttls and apply default appliace certiifcate. but still getting same error.
mxtool.png
mxtool.png
If you telnet the Exchange server on port 25... after the 220 Banner type "EHLO" and make sure 250-STARTTLS is listed.