SMTP protocol 587 does not work correctly

Question

Hallo!

After my manipulations with re-issuing the certificate, I encountered a problem connecting Outlook clients.

When connecting to the mail server, I specify the following parameters:

POP3 protocol port 995 + SSL/TLS encryption.

SMTP protocol port 587 + SSL/TLS encryption.

When testing I get the error:

Then I change the encryption settings to STARTTLS

I test again and again I get the error.

I turn off encryption:

After which the testing was successful:

Could you tell me please, how to make an SMTP connection with encryption only?

Thank you very much!

Answer 1

Hi @Александр Сергеевич,

What Exchange server and Windows server versions are you running?

The cause of this error may possibly be the client doesn't support the available TLS protocols on the Exchange server.

For example, you are running Outlook on Windows 7, which by default only supports TLS 1.0 and TLS 1.1,

while your Exchange server is running on Windows Server 2019, which by default only supports TLS 1.2.

Thus the TLS negotiation failed.

Besides, if the issue occurs after the certificate renew, please make sure the client devices trust this certificate and the root CA (from your former post this certificate seems to be issued by ADCS rather than a commercial certificate issued by a third-party CA).

---

If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment". 

Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

Answer 2

I managed to solve this problem.

I noticed that the WMSVC-SHA2 certificate has the SMTP service assigned to it. Unfortunately, I haven’t found a good way to disable this service from this certificate. Due to this I had to remove it. Hopefully deleting this certificate will not lead to any critical consequences.