Exchange Server Forums

Unable to Receive - TSL Auth Erros

Users viewing this topic: none

Logged in as: Guest

Printable Version

All Forums >> [Microsoft Exchange 2007] >> Message Routing >> Unable to Receive - TSL Auth Erros

Page: [1]

Message

<< Older Topic Newer Topic >>

Unable to Receive - TSL Auth Erros - 24.Oct.2007 9:08:39 PM

zolthar

Posts: 1
Joined: 24.Oct.2007
Status: offline

Having difficulty with exchange after 1 week. Was working perfectly until today.

Users are able to send out emails without any problems, and can send/receive emails from anyone internally. But cant seem to receive emails from Internet. No bounce back emails are reported to any email senders to our domain.

I have configured the HUB to receive emails directly from the Internet with Anti-SPAM configured.

EVENT LOG

MSExchangeTransport
12014
Microsoft Exchange couldn't find a certificate that contains the domain name mail.myCompany.com in the personal store on the local computer. Therefore, it is unable to offer the STARTTLS SMTP verb for any connector with a FQDN parameter of mail.myCompany.com. Verify the connector configuration and the installed certificates to make sure that there is a certificate with a domain name for every connector FQDN.

MSExchangeTransport
1032
Receive connector Wickham Receive Connector requires Transport Layer Security (TLS) before the MailFrom command can be run, but the server can't ahieve it. Check this connector's authentication setting.

I continually get the above errors.

RECEIVE CONNECTOR
In the authentication I have enabled all BUT the external secured options and allowed all permission groups.

CERTIFICATES
AccessRules        : {System.Security.AccessControl.CryptoKeyAccessRule, System
                  .Security.AccessControl.CryptoKeyAccessRule, System.Securi
                  ty.AccessControl.CryptoKeyAccessRule}
CertificateDomains : {myServer, myServer.myCompany.local}
HasPrivateKey      : True
IsSelfSigned       : True
Issuer             : CN=myServer
NotAfter           : 25/10/2008 10:38:30 AM
NotBefore          : 25/10/2007 10:38:30 AM
PublicKeySize      : 2048
SerialNumber       : 544F....187A
Status             : Valid
Subject            : CN=myServer
Thumbprint         : 8DD...AB

AccessRules        : {System.Security.AccessControl.CryptoKeyAccessRule, System
                  .Security.AccessControl.CryptoKeyAccessRule, System.Securi
                  ty.AccessControl.CryptoKeyAccessRule}
CertificateDomains : {}
HasPrivateKey      : True
IsSelfSigned       : True
Issuer             : CN=Exchange 2007, DC=myCompany, DC=local, DC=mail.
                  myCompany.com, DC=mail2.myCompany.com, DC=myServer.
                  .myCompany.local, DC=myCompany.local
NotAfter           : 25/10/2012 3:03:49 AM
NotBefore          : 25/10/2007 2:56:07 AM
PublicKeySize      : 2048
SerialNumber       : 561F7D....104B5
Status             : Valid
Subject            : CN=Exchange 2007, DC=myCompany, DC=local, DC=mail.
                  myCompany.com, DC=mail2.myCompany.com,
                  DC=myServer.myCompany.local, DC=myCompany.local
Thumbprint         : 58C9090....A87A3

AccessRules        : {System.Security.AccessControl.CryptoKeyAccessRule, System
                  .Security.AccessControl.CryptoKeyAccessRule}
CertificateDomains : {myServer.myCompany.local}
HasPrivateKey      : True
IsSelfSigned       : False
Issuer             : CN=Exchange 2007, DC=myCompany, DC=local, DC=mail.
                  myCompany.com, DC=mail2.myCompany.com, DC=myCompany
                  .com, DC=myServer, DC=myServer.myCompany.local,
                  DC=myCompany.local
NotAfter           : 24/10/2008 12:25:44 AM
NotBefore          : 25/10/2007 12:25:44 AM
PublicKeySize      : 1024
SerialNumber       : 6103E1....00002
Status             : Invalid
Subject            : CN=myServer.myCompany.local
Thumbprint         : 9FBF31BD....7A564C

AccessRules        : {System.Security.AccessControl.CryptoKeyAccessRule, System
                  .Security.AccessControl.CryptoKeyAccessRule, System.Securi
                  ty.AccessControl.CryptoKeyAccessRule}
CertificateDomains : {mail.myCompany.com}
HasPrivateKey      : True
IsSelfSigned       : True
Issuer             : CN=mail.myCompany.com
NotAfter           : 11/04/2010 11:37:26 PM
NotBefore          : 24/10/2007 11:37:26 PM
PublicKeySize      : 1024
SerialNumber       : 7C76....EA9
Status             : Invalid
Subject            : CN=mail.myCompany.com
Thumbprint         : 2C2A....D5A4

Thumbprint                                Services
----------                                --------
8DD9...87AB                         SIP..
58C9...8EA87A3                  S...W
9FBF...564C                         .IP..
2C2A...5D5A4                      S....

I have attempted to disable all but the 58C9 Thumbprint cert. But I just cannot seem to authenticate the cert correctly. The 58C9 is a self-sign cert when I installed the Microsoft Cert add-on in Add/Remove programs.

The 8DD9 is the default cert created when installing Exchange - this is not expired, but I still cant even use this cert - the only problem being that it does not have the FQDN as stated in the Event Log error.

QUESTION?
How to I use a different for my inbound SMTP on port 25 as emails can be sent, but I have no idea where it is (cyberspace, on the company server being withheld)???

How do i get emails to come through again?

Can I just disable TLS until I can get a permanent solution?

Thanks in advance, and any help will be much appreaciated.

EDIT
Removed some more company details that I missed

< Message edited by zolthar -- 24.Oct.2007 10:13:20 PM >