Exchange
--
Questions
--
Followers
Top Experts
Exchange 2019 - IMAP4 - Secure TLS connection
I can not for the life of me get Secure TLS connection to work on Exchange Server 2019!
Setting IMAP up with "Basic Authentication - (Plain text)" works just fine. Can configure accounts, etc, no problem.
But switch it to TLS authentication and absolutely no dice. I get "Log onto incoming mail server (IMAP); General authentication failed. None of the Authentication methods supported by your IMAP server (if any) are supported on this computer."
I have verified the following ports ARE open: 25, 443, 80, 143, 993, 995, 110, 465
I also have a registered certificate (from Comodo) with registered services for: IMAP, POP, IIS, and SMTP
Like I said, if I use plain text, I can configure external email clients, no problem. But changing nothing other than changing it to TLS, and instantly, any configuration attempts fail.
I've been through hundreds of searches, web pages, guides, etc... I can't seem to find the needle in the haystack that I'm missing.
Any help would be GREATLY appreciated!
Setting IMAP up with "Basic Authentication - (Plain text)" works just fine. Can configure accounts, etc, no problem.
But switch it to TLS authentication and absolutely no dice. I get "Log onto incoming mail server (IMAP); General authentication failed. None of the Authentication methods supported by your IMAP server (if any) are supported on this computer."
I have verified the following ports ARE open: 25, 443, 80, 143, 993, 995, 110, 465
I also have a registered certificate (from Comodo) with registered services for: IMAP, POP, IIS, and SMTP
Like I said, if I use plain text, I can configure external email clients, no problem. But changing nothing other than changing it to TLS, and instantly, any configuration attempts fail.
I've been through hundreds of searches, web pages, guides, etc... I can't seem to find the needle in the haystack that I'm missing.
Any help would be GREATLY appreciated!
Zero AI Policy
We believe in human intelligence. Our moderation policy strictly prohibits the use of LLM content in our Q&A threads.
The way I debug this type of problem is using the openssl client.
Provide your actual hostname of your connections + people can easily test your setup + suggest refinements.
With no hostname, the list of possible problems is myriad/many.
Provide your actual hostname of your connections + people can easily test your setup + suggest refinements.
With no hostname, the list of possible problems is myriad/many.
mail.headincohio.com
Everything seems to check out with the SSL as far as I can tell. And it is the only certificate I have registered in Exchange. Everything else seems to be working fine, except for the darn TLS
Everything seems to check out with the SSL as far as I can tell. And it is the only certificate I have registered in Exchange. Everything else seems to be working fine, except for the darn TLS
Any ideas as to why TLS isn't working?
EARN REWARDS FOR ASKING, ANSWERING, AND MORE.
Earn free swag for participating on the platform.
Are you configuring your clients outgoing server using SSL/TLS?
Are you selecting incoming 995 and outgoing 465?
I have 2016 working like a charm. If you have everything good in your server then the problem lies on your client.
Also use this Microsoft tool is very effective to troubleshoot your email server
https://testconnectivity.microsoft.com/
Select IMAP or any protocol you are trying to test.
Are you selecting incoming 995 and outgoing 465?
I have 2016 working like a charm. If you have everything good in your server then the problem lies on your client.
Also use this Microsoft tool is very effective to troubleshoot your email server
https://testconnectivity.microsoft.com/
Select IMAP or any protocol you are trying to test.
Thank you for your reply Hemil,
When I use the microsoft test site, I CAN connect on port 143, via either UPN or Domain\user
However, when I try to use port 995 - it times out and fails. Which makes no sense, because port 995 IS open, ready, and forwarding to the same location as port 143.
Here is what I get when connecting to port 143
     Â
      Attempting to resolve the host name mail.headincohio.com in DNS.
      The host name resolved successfully.
     Â
      Additional Details
      Testing TCP port 143 on host mail.headincohio.com to ensure it's listening and open.
      The port was opened successfully.
     Â
      Additional Details
      The IMAP service is being tested.
      The IMAP service was tested successfully.
     Â
      Additional Details
     Â
Successfully tested the IMAP4 service
S: * OK The Microsoft Exchange IMAP4 service is ready.
C: 1 CAPABILITY
S: * CAPABILITY IMAP4 IMAP4rev1 LOGINDISABLED STARTTLS SASL-IR UIDPLUS MOVE ID UNSELECT CHILDREN IDLE NAMESPACE LITERAL+
1 OK CAPABILITY completed.
C: 2 STARTTLS
S: 2 OK Begin TLS negotiation now.
Secured: CN=mail.headincohio.com, OU=PositiveSSL Multi-Domain, OU=Domain Control Validated
C: 3 CAPABILITY
S: * CAPABILITY IMAP4 IMAP4rev1 AUTH=PLAIN AUTH=NTLM AUTH=GSSAPI SASL-IR UIDPLUS MOVE ID UNSELECT CHILDREN IDLE NAMESPACE LITERAL+
3 OK CAPABILITY completed.
C: 4 LOGIN **username**@headincohio.c
S: 4 OK LOGIN completed.
C: 5 LIST ""Â *
S: * LIST (\HasChildren) "/" Calendar
* LIST (\HasNoChildren) "/" Calendar/Birthdays
* LIST (\HasChildren) "/" Contacts
* LIST (\HasNoChildren \Trash) "/" "Deleted Items"
* LIST (\HasNoChildren \Drafts) "/" Drafts
* LIST (\Marked \HasNoChildren) "/" INBOX
* LIST (\HasNoChildren) "/" Journal
* LIST (\HasNoChildren \Junk) "/" "Junk Email"
* LIST (\HasNoChildren) "/" Notes
* LIST (\HasNoChildren) "/" Outbox
* LIST (\HasNoChildren) "/" "RSS Subscriptions"
* LIST (\HasNoChildren \Sent) "/" "Sent Items"
* LIST (\HasChildren) "/" "Sync Issues"
* LIST (\HasNoChildren) "/" "Sync Issues/Conflicts"
* LIST (\HasNoChildren) "/" "Sync Issues/Local Failures"
* LIST (\HasNoChildren) "/" "Sync Issues/Server Failures"
* LIST (\HasNoChildren) "/" Tasks
5 OK LIST completed.
C: 6 LOGOUT
S: * BYE Microsoft Exchange Server 2016 IMAP4 server signing off.
6 OK LOGOUT completed.
Elapsed Time: 1229 ms.
--------------------------
However, when trying to use port 995 in the testing tool, it times out and fails. Here is what I get:
System.IO.IOException: Unable to read data from the transport connection: A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond. ---> System.Net.Sockets.SocketE
at System.Net.Sockets.Network
--- End of inner exception stack trace ---
at System.Net.Sockets.Network
at Microsoft.Exchange.Tools.E
at Microsoft.Exchange.Tools.E
at Microsoft.Exchange.Tools.E
Elapsed Time: 60605 ms.
**** And trying to set up the mail box in outlook, completely fails, regardless of using port 143 or 995.
When I use the microsoft test site, I CAN connect on port 143, via either UPN or Domain\user
However, when I try to use port 995 - it times out and fails. Which makes no sense, because port 995 IS open, ready, and forwarding to the same location as port 143.
Here is what I get when connecting to port 143
     Â
      Attempting to resolve the host name mail.headincohio.com in DNS.
      The host name resolved successfully.
     Â
      Additional Details
      Testing TCP port 143 on host mail.headincohio.com to ensure it's listening and open.
      The port was opened successfully.
     Â
      Additional Details
      The IMAP service is being tested.
      The IMAP service was tested successfully.
     Â
      Additional Details
     Â
Successfully tested the IMAP4 service
S: * OK The Microsoft Exchange IMAP4 service is ready.
C: 1 CAPABILITY
S: * CAPABILITY IMAP4 IMAP4rev1 LOGINDISABLED STARTTLS SASL-IR UIDPLUS MOVE ID UNSELECT CHILDREN IDLE NAMESPACE LITERAL+
1 OK CAPABILITY completed.
C: 2 STARTTLS
S: 2 OK Begin TLS negotiation now.
Secured: CN=mail.headincohio.com, OU=PositiveSSL Multi-Domain, OU=Domain Control Validated
C: 3 CAPABILITY
S: * CAPABILITY IMAP4 IMAP4rev1 AUTH=PLAIN AUTH=NTLM AUTH=GSSAPI SASL-IR UIDPLUS MOVE ID UNSELECT CHILDREN IDLE NAMESPACE LITERAL+
3 OK CAPABILITY completed.
C: 4 LOGIN **username**@headincohio.c
S: 4 OK LOGIN completed.
C: 5 LIST ""Â *
S: * LIST (\HasChildren) "/" Calendar
* LIST (\HasNoChildren) "/" Calendar/Birthdays
* LIST (\HasChildren) "/" Contacts
* LIST (\HasNoChildren \Trash) "/" "Deleted Items"
* LIST (\HasNoChildren \Drafts) "/" Drafts
* LIST (\Marked \HasNoChildren) "/" INBOX
* LIST (\HasNoChildren) "/" Journal
* LIST (\HasNoChildren \Junk) "/" "Junk Email"
* LIST (\HasNoChildren) "/" Notes
* LIST (\HasNoChildren) "/" Outbox
* LIST (\HasNoChildren) "/" "RSS Subscriptions"
* LIST (\HasNoChildren \Sent) "/" "Sent Items"
* LIST (\HasChildren) "/" "Sync Issues"
* LIST (\HasNoChildren) "/" "Sync Issues/Conflicts"
* LIST (\HasNoChildren) "/" "Sync Issues/Local Failures"
* LIST (\HasNoChildren) "/" "Sync Issues/Server Failures"
* LIST (\HasNoChildren) "/" Tasks
5 OK LIST completed.
C: 6 LOGOUT
S: * BYE Microsoft Exchange Server 2016 IMAP4 server signing off.
6 OK LOGOUT completed.
Elapsed Time: 1229 ms.
--------------------------
However, when trying to use port 995 in the testing tool, it times out and fails. Here is what I get:
System.IO.IOException: Unable to read data from the transport connection: A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond. ---> System.Net.Sockets.SocketE
at System.Net.Sockets.Network
--- End of inner exception stack trace ---
at System.Net.Sockets.Network
at Microsoft.Exchange.Tools.E
at Microsoft.Exchange.Tools.E
at Microsoft.Exchange.Tools.E
Elapsed Time: 60605 ms.
**** And trying to set up the mail box in outlook, completely fails, regardless of using port 143 or 995.
143 which is unsecured cannot be used worked - but 995 doesnt.
Based on your query
"A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond. ---> System.Net.Sockets.SocketE
Did not respond sounds more like a service issue, I telneted your port and is open
Try this restart your IMAP services, backend and frontend.
Based on your query
"A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond. ---> System.Net.Sockets.SocketE
Did not respond sounds more like a service issue, I telneted your port and is open
Try this restart your IMAP services, backend and frontend.
Get a FREE t-shirt when you ask your first question.
We believe in human intelligence. Our moderation policy strictly prohibits the use of LLM content in our Q&A threads.
Hamil,
Thanks again.
I restarted the IMAP services, (Both Microsoft Exchange IMAP4 and IMAP4 Backend) and tried again, still fails.
I rebooted the whole VM server, and tried again, still fails.
Thanks again.
I restarted the IMAP services, (Both Microsoft Exchange IMAP4 and IMAP4 Backend) and tried again, still fails.
I rebooted the whole VM server, and tried again, still fails.
Jeremy,
If you wish PM me a test username and password so I can test it from my end and find exactly your issue.
If you wish PM me a test username and password so I can test it from my end and find exactly your issue.
Hemil,
Sent, thank you.
Sent, thank you.
EARN REWARDS FOR ASKING, ANSWERING, AND MORE.
Earn free swag for participating on the platform.
Alright, Sorry for the delay I got a call.
On your server, it seems you did not check IMAP nor POP3 to be accepted on your certificate, hence the error on my attached file.
When you configure outlook select either SSL/TSL both do the same thing the only thing is TLS is the successor of SSL - for outgoing select port 25 or port 465 to encrypt outgoing as well.
Also, is this exchange on production or texting cause I see your ISP might be blocking your port and you might have to create another connector for incoming.
Jeremy.png
On your server, it seems you did not check IMAP nor POP3 to be accepted on your certificate, hence the error on my attached file.
When you configure outlook select either SSL/TSL both do the same thing the only thing is TLS is the successor of SSL - for outgoing select port 25 or port 465 to encrypt outgoing as well.
Also, is this exchange on production or texting cause I see your ISP might be blocking your port and you might have to create another connector for incoming.
Jeremy.png
That's what I thought may have been the case as well, but as you can see in my attachment, I have selected IMAP, POP, IIS, and SMTP in that cert. Should I be selecting that somewhere else?
Or do I need to refresh the cert somehow?
Thanks!
certs.png
Or do I need to refresh the cert somehow?
Thanks!
certs.png
To answer your other question...
Currently, this exchange is not on production, per se... it's a new server that I'm building to replace a server 2011/exchange 2010 environment. It will be going into production soon though as soon as I iron out these last few bits.
As far as the ISP blocking the ports, I wouldn't think that would be the case, as I can access the ports, and they do register as open.
Currently, this exchange is not on production, per se... it's a new server that I'm building to replace a server 2011/exchange 2010 environment. It will be going into production soon though as soon as I iron out these last few bits.
As far as the ISP blocking the ports, I wouldn't think that would be the case, as I can access the ports, and they do register as open.
Get a FREE t-shirt when you ask your first question.
We believe in human intelligence. Our moderation policy strictly prohibits the use of LLM content in our Q&A threads.
ASKER CERTIFIED SOLUTION
membership
Log in or create a free account to see answer.
Signing up is free and takes 30 seconds. No credit card required.
Port 995 is filtered/blocked...
You must open the port, for connections to occur.
imac> nmap -A -T4 -Pn -p 995 mail.headincohio.com
Starting Nmap 7.70 ( https://nmap.org ) at 2019-06-14 17:22 CDT
Nmap scan report for mail.headincohio.com (71.79.238.46)
Host is up.
rDNS record for 71.79.238.46: cpe-71-79-238-46.columbus.res.rr.com
PORT STATE SERVICE VERSION
995/tcp filtered pop3s
Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 1.43 secondsYou must open the port, for connections to occur.
David,
Thank you for checking that. My guess though is that you checked it during a time that I had the server off and the ports were closed. The ports are definitely open.
Hemil Aquino was VERY helpful... As it turns out, the problem seemed to be a combination of a certificate problem in that for whatever reason, the correct cert wasn't being applied, once that was resolved, we got further... but then ran in a very strange problem where the user account we were using for some reason was what was failing. Makes no sense what-so-ever as everything in the user account was set up correctly. But I created a new user, and that with that user we were able to get imap to work.
So now, I have imap working, but only under SSL. For whatever reason I can't get it to work under TLS, even though the ports are open.
Thank you for checking that. My guess though is that you checked it during a time that I had the server off and the ports were closed. The ports are definitely open.
Hemil Aquino was VERY helpful... As it turns out, the problem seemed to be a combination of a certificate problem in that for whatever reason, the correct cert wasn't being applied, once that was resolved, we got further... but then ran in a very strange problem where the user account we were using for some reason was what was failing. Makes no sense what-so-ever as everything in the user account was set up correctly. But I created a new user, and that with that user we were able to get imap to work.
So now, I have imap working, but only under SSL. For whatever reason I can't get it to work under TLS, even though the ports are open.
@Jeremy,
Remember SSL/TLS is the same thing, it does not matter which protocol you use. TLS is the successor of SSL that's about it.
TLS uses stronger encryption algorithms and has the ability to work on different ports, for example, you can expedite a certificate adding specific ports for redirection. On SSL you cannot do that, it is made only for Socket Secure Layer/SSL, meaning web.
Protocols like SMTP/IMAP/POP3/MAPI will work as long you have listed the domains on your certificates - then you can go ahead and open the ports - 465 SMTP and 993 IMAP and configure outlook.
Look at the image attached.
Jeremy.png
Remember SSL/TLS is the same thing, it does not matter which protocol you use. TLS is the successor of SSL that's about it.
TLS uses stronger encryption algorithms and has the ability to work on different ports, for example, you can expedite a certificate adding specific ports for redirection. On SSL you cannot do that, it is made only for Socket Secure Layer/SSL, meaning web.
Protocols like SMTP/IMAP/POP3/MAPI will work as long you have listed the domains on your certificates - then you can go ahead and open the ports - 465 SMTP and 993 IMAP and configure outlook.
Look at the image attached.
Jeremy.png
EARN REWARDS FOR ASKING, ANSWERING, AND MORE.
Earn free swag for participating on the platform.
Hemil was EXTREMELY helpful to this resolution. The guy was fantastic. We spent quite a bit of time troubleshooting and resolving the issue and learning together what was going on. A+ help!
I was able to get it working in either of two configs:
1) IMAP using port 143 via encrypted TLS Â + SMTP via port 587 via encrypted TLS
2) IMAP using port 993 via encrypted SSL + SMTP via port via encrypted TLS
1) IMAP using port 143 via encrypted TLS Â + SMTP via port 587 via encrypted TLS
2) IMAP using port 993 via encrypted SSL + SMTP via port via encrypted TLS
Exchange
--
Questions
--
Followers
Top Experts
Exchange is the server side of a collaborative application product that is part of the Microsoft Server infrastructure. Exchange's major features include email, calendaring, contacts and tasks, support for mobile and web-based access to information, and support for data storage.