This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
Hallo!
After my manipulations with re-issuing the certificate, I encountered a problem connecting Outlook clients.
When connecting to the mail server, I specify the following parameters:
POP3 protocol port 995 + SSL/TLS encryption.
SMTP protocol port 587 + SSL/TLS encryption.
When testing I get the error:
Then I change the encryption settings to STARTTLS
I test again and again I get the error.
I turn off encryption:
After which the testing was successful:
Could you tell me please, how to make an SMTP connection with encryption only?
Thank you very much!
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(246.4, 22%, 33%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EKY%3C/text%3E%3C/svg%3E)
Hi @Александр Сергеевич,
What Exchange server and Windows server versions are you running?
The cause of this error may possibly be the client doesn't support the available TLS protocols on the Exchange server.
For example, you are running Outlook on Windows 7, which by default only supports TLS 1.0 and TLS 1.1,
while your Exchange server is running on Windows Server 2019, which by default only supports TLS 1.2.
Thus the TLS negotiation failed.
Besides, if the issue occurs after the certificate renew, please make sure the client devices trust this certificate and the root CA (from your former post this certificate seems to be issued by ADCS rather than a commercial certificate issued by a third-party CA).
If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.
Hi @Kai Yao
Exchange server 2019 cumulative update 5 product version 15.2.595.3
Windows server 2019
on the client I use Windows 11 Outlook 21
I'll try to download the certificate from the server and place it in the trusted ones on the client
I exported the certificate to the client, installed it, the error remained the same.
What confuses me is that the error says that the server does not support this type of encryption. Apparently there is definitely something in the server settings.
I exported the certificate to the client, installed it, the error remained the same.
Do you still get the same error if you configure encryption type as STARTTLS instead of SSL/TLS?
Do you still get the same error if you configure encryption type as STARTTLS instead of SSL/TLS?
Yes
Please re-configure the mailbox in Outlook (reproduce this issue) and check if there are more information about the SMTP session in the protocol log (search for the Client Frontend server connector and the ip address of the Outlook client).
Default Path: C:\Program Files\Microsoft\Exchange Server\V15\TransportRoles\Logs\FrontEnd\ProtocolLog\SmtpReceive
Example:
Thank you very much for your answer.
When connecting from an external client, I receive the following log:
as you can see there is no Client Frontend entry in the log
I managed to solve this problem.
I noticed that the WMSVC-SHA2 certificate has the SMTP service assigned to it. Unfortunately, I haven’t found a good way to disable this service from this certificate. Due to this I had to remove it. Hopefully deleting this certificate will not lead to any critical consequences.