TLS not working on Exchange relay connectors

Kenny Stern 121 Reputation points

We recently migrated our on-prem Exchange servers from 2013 to 2019. The servers are only used for SMTP relay as our mailboxes have all been migrated to 365. On the receive connectors we created for relay we did not assign a certificate but when connecting with telnet and entering the Ehlo command we do see STARTTLS advertised. However, some our printer/scanners are no longer able to send email and are getting "SMTP over SSL failed".

My questions is, do we need to assign a certificate to the receive connectors? We have a cert installed on the server that is assigned to SMTP but not to the relay connectors specifically so just wondering if that is recommended or required.

Thank you

Exchange Server
Exchange Server
A family of Microsoft client/server messaging and collaboration software.
956 questions
Exchange Server Management
Exchange Server Management
Exchange Server: A family of Microsoft client/server messaging and collaboration software.Management: The act or process of organizing, handling, directing or controlling something.
7,217 questions
0 comments No comments
{count} votes

Accepted answer
  1. Andy David - MVP 137.9K Reputation points MVP

    Ok, Cool, in that case I suspect the printers are using TLS 1.0/1.1 and in Exchange 2019 that is deprecated.

    Assuming you cant upgrade those devices to 1.2, is TLS required on that receive connector?

    -RequireTLS it should be $false

    If it is set to $false, can you disable the TLS sending on one of the devices and test?

    1 person found this answer helpful.

1 additional answer

Sort by: Most helpful
  1. Andy David - MVP 137.9K Reputation points MVP

    Are the receive connectors created exactly the same as they were on the 2013 servers including Remote IP Ranges?

    What connector are the printers attempting to use? You can verify in the SMTP protocol logs

    The logs will show what connector is being used when it fails.