Symptoms: can send E-mail internally and externally, but can not receive from External E-mail addresses. When I run the Mail Flow Troubleshooter I get: "Mail submission failed: Error message: Server does not support secure connections." I have tried creating a new certificate, since this appears to have happened at the moment the previous one expired. An employee in the office tried to resolve the issue, but doesn't know what he did. I've rebooted after adding the new self-signed cert. Any other tips?

How is the receive connector configured? How did you create and install this certificate? What do you see when you run Get-ExchangeCertificate? Ed Crowley MVP "There are seldom good technological solutions to behavioral problems."

well certificates are needed in case of OWA or Outlook anywhere. REceviing email from external is a different thing. send one email from your yahoo or live maila nd u should get the NDR , copy past it here.

We're not getting any non-delivery error messages. E-mails sent from last night through today are not delivered, but not rejected either. Below is what I receive when I do a Get-ExchangeCertificate (slightly edited all keys and servr name for security): Thumbprint Services Subject ---------- -------- ------- 55F48C4C844CA0026700624A9A1F8858B51C4 I...S CN=mail.thesamplecompany... 1E22DFAF1E3361DE890650F1143CA72617B39 .P.WS CN=sampleSERVER C99A71F00806ED6FFE61B3DF6C07E6FC0D2F3 .P..S CN=remote.thesamplecompa... 1448274DD7EDD2563BFE8A3C6655EB5BDF5B4 .P..S CN=sampleSERVER A0A834530BFC93494418D07BC5D5C4895D16B .P..S CN=sampleSERVER.sample.local EF5386E9F70EEF0DBF4AA960B7AF322D2DCBD .P..S CN=remote.thesamplecompa... 666596D6CF5203FF41A28343043B3183EDD88 .P..S CN=Sites AE5C45C6FB1FDB79786B56E944635A896A7F3 ..... CN=sample-sampleSERVER-CA 209A2EB88B4860076DDC6D82452A64D6013B2 ..... CN=WMSvc-WIN-BJ93BAWCKJE The "mail.thesamplecompany.com" entry was not showing up anymore, but that is the one that showed in logs as having expired last night. When I created the new certificate, I did it with that FQDN. Some of these certs may be duplicates. Should I delete some of them?

Man, that's a lot of certificates. You might consider whittling down the number by removing ones that don't belong, and ensuring that the valid certificates are applied to the correct services.Ed Crowley MVP "There are seldom good technological solutions to behavioral problems."

Since some of these were created by an employee when he was trying to troubleshoot, would it be hazardous to delete ALL the certificates and then re-create using new-exchangecertificate? At this point, I can't tell for sure which I should delete and which I should leave?

The one with the "W" under Services is the active one for OWA. You might consider enabling that one for all services (in effect adding IMAP. Then you might consider removing all the other certificates. Enalble-ExchangeCertificate -Thumbprint 1E22DFAF1E3361DE890650F1143CA72617B39 -Services IMAP,POP,IIS,SMTP Ed Crowley MVP "There are seldom good technological solutions to behavioral problems."

Hi, Please run get-exchangecertificate |fl certificatedomains, subject, services command in EMS, then post the information here. You can confirm whether the newly created certificate is enabled for the SMTP. Thanks AllenAllen Song

It turns out that, in addition to making some certificate changes, the office employee also changed the IP address of the server (no idea how/why). This in turn affected routing through the company firewall. Even though we ultimately had certs working OK, ports were closed to the server's new address. All better now. Thanks to all who helped or offered help. This is a great forum.