Email not flowing...
Hi,I woke up this morning to find that email flow had stopped on my Exchange 2007 SP1 system. I used the Mail Flow Troubleshooter with the "Expected messages from senders..." specifictaion and received the following error message: mail submission failed: Error message: server does not support secure connectionsI have Two CAS boxes and two Hub Transport boxes. I receive the error message on one of my hub transports but not the other. When I shut down the Hub Transport giving me the error mail flow resumes.I have done some Googling and some folks who point to a certificate problem on the Hub Transport. I have been unable to find anything on the Microsoft site. Any ideas?Thanks, Dale
March 11th, 2010 6:04pm
Did your TLS certificate expire?
-- Ed Crowley MVP"There are seldom good technological solutions to
behavioral problems.".
"Dale Santan" wrote in message news:60dec6cb-e5bc-4d49-a7a4-7c7eb220b5cc...Hi,I
woke up this morning to find that email flow had stopped on my Exchange 2007
SP1 system. I used the Mail Flow Troubleshooter with the "Expected
messages from senders..." specifictaion and received the following error
message: mail submission failed: Error message: server does not support
secure connectionsI have Two CAS boxes and two Hub Transport
boxes. I receive the error message on one of my hub transports but not
the other. When I shut down the Hub Transport giving me the error mail
flow resumes.I have done some Googling and some folks who point to a
certificate problem on the Hub Transport. I have been unable to find
anything on the Microsoft site. Any ideas?Thanks,
Dale
Ed Crowley MVP
"There are seldom good technological solutions to behavioral problems."
Free Windows Admin Tool Kit Click here and download it now
March 11th, 2010 7:27pm
I was thinking it was a certificate problem but I can find no expired certificates in IIS. Where should I look specifically for the TLS certificate?Thanks,Dale
March 11th, 2010 7:34pm
I also found the below information that seems to be saying that if these certificates are expired mail would continue to flow.
All internal SMTP and UM traffic is secured by self-signed certificates that are installed when you run Exchange 2007 Server Setup. Although you should renew these certificates yearly by using the New-ExchangeCertificate cmdlet, you do not have to have a certificate issued by a public CA to run the default internal Exchange messaging components.
Note:
Self-signed certificates that are created by Exchange expire in one year. The internal components that rely on the default self-signed certificates continue to operate even if the self-signed certificate has expired. However, when the self-signed certificate has expired, events are logged in Event Viewer. It is a best practice to renew the self-signed certificates before they expire.
Free Windows Admin Tool Kit Click here and download it now
March 11th, 2010 7:53pm
MMC > Certificates snap-in
or
Get-ExchangeCertificate-- Ed Crowley
MVP"There are seldom good technological solutions to behavioral
problems.".
"Dale Santan" wrote in message news:8ba3fc96-14a1-4ef1-803d-998ad64fcdfb...I
was thinking it was a certificate problem but I can find no expired
certificates in IIS. Where should I look specifically for the TLS
certificate?Thanks,Dale
Ed Crowley MVP
"There are seldom good technological solutions to behavioral problems."
March 11th, 2010 11:37pm
Got it! Thanks...
Free Windows Admin Tool Kit Click here and download it now
March 11th, 2010 11:39pm
Hi,
Could you please post the error message you mentioned received from hub transports here?
If the expired certificate problem still appears, please use below command and then post the information on the forum.
Get-ExchangeCertificate -DomainName CAS01.contoso.com
I suggest you renew the certificates by cloning the certificate:
Get-ExchangeCertificate -Thumbprint c4248cd7065c87cb942d60f7293feb7d533a4afc | New-ExchangeCertificate
More information:
http://technet.microsoft.com/en-us/library/bb851554(EXCHG.80).aspx
http://technet.microsoft.com/en-us/library/bb851505(EXCHG.80).aspx
I’m looking forward to your reply.
Thanks,
Richard.
March 16th, 2010 12:01pm