We've had TLS running on an Exchange 2003 server for a couple of years. They deal with the State of De and encryption is a must to remain in compliance. It's been working without issue. Starting sometime over the last few weeks, anyone hosted by Microsoft's Office 365 can no longer send them email. There's no NDR or error message, the recipients just don't get the emails. You can see the connections from the Microsoft servers stacking up in the virtual smtp server until they finally time out at 300 seconds. I've turned off all anti spam and connection filtering with no difference. They receive mail properly from seemingly all other sources.
I know it's a TLS issue because I created a temporary virtual smtp server but did NOT attach the certificate to it. That way, with encryption not being an option, the mail from Microsoft flows fine. But it stops once I bring up the actual Default SMTP server with the attached certificate. TLS is not set to be required and they constantly receive email from other servers that are not encrypted. But, I guess, the MS servers are seeing that certificate and insisting on encryption. I see the STARTTLS commands in the log, but then they time out.
I've been working with Microsoft for a few days, but they haven't been able to help. I'm far from an Exchange guru, but feel like I've had to explain what was happening to the Microsoft Engineers.
I'm not positive that this is related because I can't seem to match up the times exactly, but I'm seeing this error repeated in the event log.
Event ID: 36874
An SSL connection request was received from a remote client application, but none of the cipher suites supported by the client application are supported by the server. The SSL connection request has failed.
Any help would be greatly appreciated.