Solved

Exchange 2013 multiple certificates assigned to SMTP

Posted on 2016-11-09
3
69 Views
Last Modified: 2016-11-10
I have a GoDaddy SAN cert for my Exchange 2013 servers with a number of Subject Alternative Names. I installed this cert and assigned it to use it for IMAP, POP, SMTP, and IIS. It is the certificate assigned in bindings to the Default Web Site.

All my Exchange 2013 servers are multi-role with the Mailbox and FrontEnd functions covered on the each server.

My issue is that I have two additional certificates, "Microsoft Exchange Server Auth Certificate" assigned to SMTP,  and "Microsoft Exchange" assigned to SMTP and IIS. When I attempt to edit the services assigned to either of these latter two certs, I find the SMTP option checked but grayed out so that I cannot uncheck it.

I'm see issues where some SMTP requests are picking up these self-signed certs and breaking some scanners, printers, and send-as options for Gmail users.

Is this the way this is supposed to work? It seems amiss but i'm not sure how best to resolve. Any help greatly appreciated.
0
Comment
Question by:hcca
  • 2
3 Comments
 
LVL 14

Accepted Solution

by:
Todd Nelson earned 500 total points
ID: 41880981
Yes, this is the way it is supposed to work.

Have you created custom receive connectors specifically for your scanners and printers? ...

http://exchangeserverpro.com/exchange-2013-configure-smtp-relay-connector/
0
 

Author Comment

by:hcca
ID: 41881045
All of the users sending and receiving content from these devices use AD/Exchange accounts in the same AD Domain. As such, I don't think an external relay is needed.

In fact, my tests with an anonymous account from an appliance works. Perhaps, this only applies to authenticated accounts where TLS is used.

This was working until last week. Many of these devices are using authentication to make their connections. The only changes made were last week I installed Windows Server updates. That seems to be what broke things. Last night I upgraded all servers to CU13 hoping that would resolve it, but it did not.

The problem manifests itself in a few ways:
  1. SMTP connections fail to send
  2. Messages sent by users who use Gmail's ability to "Send-As" with an authenticated account receive an NDR after 24-28 hours.
  3. Also seeing difficulty in completing auto discovery profile creation with users in a domain with whom we have a trust relationship.

I'm not sure the last issue is related however.

I can provide some related log entries from the TransportRoles\Logs\FrontEnd\ProtocolLog\SmtpSend, TransportRoles\Logs\FrontEnd\ProtocolLog\SmtpReceive,  and TransportRoles\Logs\FrontEnd\Connectivity if it would help.
0
 

Author Closing Comment

by:hcca
ID: 41882846
Creating a dedicated receive connector resolved my problems. I still do not understand why it was necessary. The process had been working for two years using the Default Frontend connector. Not sure why. The good news is that things are working properly again.
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Utilizing an array to gracefully append to a list of EmailAddresses
MS Outlook is a world-class email client application that is mainly used for e-communication globally.  In this article, we will discuss the basic idea about MS Outlook, its advanced features, and types of MS Outlook File formats.
In this video we show how to create a Distribution Group in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Recipients >>…
In this video we show how to create a mailbox database in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Servers >> Data…

932 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now