The Certificate couldn't be validated because SSL negotiation wasn't successful. (Network Steve Forum)

The Certificate couldn't be validated because SSL negotiation wasn't successful.

Hello All.

I am all of a sudden experiencing an issue with Outlook 2013 being unable to connect to Exchange Server 2013 via IMAP.

The laptop is running Windows 7 Home and as such is not a domain member hence the need for IMAP.

From the Outlook side when setting up the account, it only says "A secure connection to the server cannot be established." on the incoming mail server, but the outgoing checks out OK.

I checked and re-checked all the settings several times on the server. Blogs and forums mostly cover Lync issues with other errors including this one, but nothing with the exact same description.

The setup is "Exchange Server 2013 on a Windows Server 2012 Standard" SSL 993, TLS 587.

OWA and everything else is functioning properly.

Hopes this helps.

Hoping to hear from you soon.

Thank you in advance.

Hentie Loots

Edited by EagleClaw1976 Wednesday, September 02, 2015 1:21 PM

September 2nd, 2015 1:07pm

The only odd thing I could find on the server is 2 certificates that have no names.

The main "Microsoft Exchange" certificate is the one that has been assigned to all the Services.

Edited by EagleClaw1976 Wednesday, September 02, 2015 1:33 PM

Free Windows Admin Tool Kit Click here and download it now

September 2nd, 2015 1:32pm

Hi EagleClaw,

Thank you for your question.

Please check if there are any questions when PC is in domain. By error, this issue could be caused by network issue, please contact network administrator to solve it.

If there are any questions regarding this issue, please be free to let me know.

Best Regard,

Jim

September 4th, 2015 2:30am

Everything else works 100%. This is the only issue I have. I am thinking this has something to do with IIS. Someone installed an attendance clocking system software on the server which broke everything from owa to ecp. After removing the software, all functionality restored except for this IMAP issue. I reset all the Virtual Directories from within the ECP and restarted IIS and ran the connectivity test again, with no change.

Free Windows Admin Tool Kit Click here and download it now

September 13th, 2015 5:16pm

Hello Jim.

Everything else works 100%. It is only the IMAP that does not work.

September 13th, 2015 7:40pm

Hi Eagle,

Please check if Microsoft Exchange IMAP4 is running on Exchange server. Then check if IMAP service is enabled on the Exchange certificate.

If there are any questions regarding this issue, please be free to let me know.

Best Regard,

Jim

Free Windows Admin Tool Kit Click here and download it now

September 14th, 2015 1:36am

Yes indeed. IMAP is configured and the services are running. IMAP was working until a few weeks ago. Other techs attempted to install a Attendance Door Clock-in system's software which took over all IIS functions. Everything was down. I removed their software and everything except IMAP has been running fine since. I have reset all the Exchange Virtual Directories back to default, but the connection still fails on the incoming port, but it is able to send out the test message successfully.

I enabled IMAP Logging for a few minutes and attempted the test. Here are the results:

#Fields: dateTime,sessionId,seqNumber,sIp,cIp,user,duration,rqsize,rpsize,command,parameters,context
2015-09-14T17:49:19.308Z,0000000000000001,0,127.0.0.1:993,127.0.0.1:63405,,438,0,53,OpenSession,,
2015-09-14T17:49:19.730Z,0000000000000001,1,127.0.0.1:993,127.0.0.1:63405,,186,12,140,capability,,R=ok
2015-09-14T17:49:19.761Z,0000000000000001,2,127.0.0.1:993,127.0.0.1:63405,,0,0,0,CloseSession,,
2015-09-14T17:50:18.719Z,0000000000000002,0,127.0.0.1:993,127.0.0.1:63430,,57,0,53,OpenSession,,
2015-09-14T17:50:18.719Z,0000000000000002,1,127.0.0.1:993,127.0.0.1:63430,,3,12,140,capability,,R=ok
2015-09-14T17:50:18.719Z,0000000000000002,2,127.0.0.1:993,127.0.0.1:63430,,0,0,0,CloseSession,,

The connection seems to be reaching the IMAP connector.

Looking forward to your response.

Edited by EagleClaw1976 13 hours 15 minutes ago

September 14th, 2015 2:08pm

I sorted the issue.

It seems after one of the Cumulative Updates, not all the ComponentProxies were set back to the "Active" state.

[PS] C:\Windows\system32>Get-ServerComponentState -Identity <ServerID>

Server                                  Component                               State
------                                  ---------                               -----
hcapdc.HAMILTON.LOCAL                   ServerWideOffline                       Active
hcapdc.HAMILTON.LOCAL                   HubTransport                            Active
hcapdc.HAMILTON.LOCAL                   FrontendTransport                       Active
hcapdc.HAMILTON.LOCAL                   Monitoring                              Active
hcapdc.HAMILTON.LOCAL                   RecoveryActionsEnabled                  Active
hcapdc.HAMILTON.LOCAL                   AutoDiscoverProxy                       Inactive
hcapdc.HAMILTON.LOCAL                   ActiveSyncProxy                         Inactive
hcapdc.HAMILTON.LOCAL                   EcpProxy                                Active
hcapdc.HAMILTON.LOCAL                   EwsProxy                                Inactive
hcapdc.HAMILTON.LOCAL                   ImapProxy                               Inactive
hcapdc.HAMILTON.LOCAL                   OabProxy                                Inactive
hcapdc.HAMILTON.LOCAL                   OwaProxy                                Active
hcapdc.HAMILTON.LOCAL                   PopProxy                                Active
hcapdc.HAMILTON.LOCAL                   PushNotificationsProxy                  Active
hcapdc.HAMILTON.LOCAL                   RpsProxy                                Active
hcapdc.HAMILTON.LOCAL                   RwsProxy                                Active
hcapdc.HAMILTON.LOCAL                   RpcProxy                                Inactive
hcapdc.HAMILTON.LOCAL                   UMCallRouter                            Active
hcapdc.HAMILTON.LOCAL                   XropProxy                               Active
hcapdc.HAMILTON.LOCAL                   HttpProxyAvailabilityGroup              Active
hcapdc.HAMILTON.LOCAL                   ForwardSyncDaemon                       Inactive
hcapdc.HAMILTON.LOCAL                   ProvisioningRps                         Inactive
hcapdc.HAMILTON.LOCAL                   MapiProxy                               Active
hcapdc.HAMILTON.LOCAL                   EdgeTransport                           Active
hcapdc.HAMILTON.LOCAL                   HighAvailability                        Active
hcapdc.HAMILTON.LOCAL                   SharedCache                             Active

Ran the following command to start up the Inactive Components:

Set-ServerComponentState -Identity mailserver -Component IMAPProxy -Requester HealthAPI -State Active

Confirmed all components active by rerunning the Get-ServerComponentState command and reran the Microsoft

Remote Connectivity Analyzer and the IMAP test passed.

Thank you.

Edited by EagleClaw1976 10 hours 50 minutes ago
Marked as answer by EagleClaw1976 10 hours 50 minutes ago

Free Windows Admin Tool Kit Click here and download it now

September 14th, 2015 2:25pm

This topic is archived. No further replies will be accepted.