Avatar of dances1960
 asked on

webmail not working externaly

Exchange 2013 on server 2012

webmail has been working fine for years until this week, now internal webmail works without problem but external webmail is giving a incorrect cert, and the cert that is incorrect is from a Vigor router/ draytek
we do use a draytek router in the office just as a Wi-Fi point,
How can exchange suddenly start to use a cert from the router and how do I fix it please, The correct cert is still in place and is in date and hasn't been changed in anyway
Microsoft OfficeExchange

Avatar of undefined
Last Comment

8/22/2022 - Mon

have you checked the settings on the firewall ?
Rodney Barnhardt

It may not see the router as a legit connection. For example, I have seen errors on both my OWA and Outlook Anywhere when my ISP is having a problem. I have also seen it at hotels where you register on their network for Internet access and it’s only valid for 24 hours. The error comes up until you reauthenticate. The following is provided by MS to test connections. You could try it an maybe get more answers.


If it is working from inside it is an issue with firewall.
Please revert the changes you did if any.

Experts Exchange is like having an extremely knowledgeable team sitting and waiting for your call. Couldn't do my job half as well as I do without it!
James Murphy
David Favor

Start at the beginning. Either publish the URL your connecting too so it can be checked, or check the URL yourself.

Use SSL Labs Tester to check Cert correctness, if same cert is used for a Website.

Then attempt connecting to your mail server using the openssl client.

This will tell you if external SSL cert + config are correct.

You internal Webmail likely works, because your setup bypasses SSL for local connections... so if your SSL cert has expired or somehow your SSL config has become munged, this is the likely explanation.

Tip: Keep in mind some clients (browsers + mail) have recently banned the use of TLSv1.0 + TLSv1.1 only allowing support of TLSv1.2 + TLSv1.3 protocol versions.

If your client requires TLSv1.2 + TLSv1.3 + your mail server is advertising TLSv1.0 + TLSv1.1 then this may be the problem.

This is very common, as these new requirements have only started going into force July 2018, so very recent requirement change.

If all this makes your head spin, might be useful to hire someone to help you fix this.

Hi thank you all for your help, it ended when I found out that the ISP had gave someone else our static IP address in error. All is now working as normal.
Wish I had checked that first, embarrassing.
David Favor

Might be time to work with a new ISP.
Get an unlimited membership to EE for less than $4 a week.
Unlimited question asking, solutions, articles and more.

Log in or sign up to see answer
Become an EE member today7-DAY FREE TRIAL
Members can start a 7-Day Free trial then enjoy unlimited access to the platform
Sign up - Free for 7 days
Learn why we charge membership fees
We get it - no one likes a content blocker. Take one extra minute and find out why we block content.
Not exactly the question you had in mind?
Sign up for an EE membership and get your own personalized solution. With an EE membership, you can ask unlimited troubleshooting, research, or opinion questions.
ask a question