SMTP protocol 587 does not work correctly

Alexander Sergeevich 20 Reputation points
2023-09-26T13:25:24.63+00:00

Hallo!

After my manipulations with re-issuing the certificate, I encountered a problem connecting Outlook clients.

When connecting to the mail server, I specify the following parameters:

POP3 protocol port 995 + SSL/TLS encryption.

SMTP protocol port 587 + SSL/TLS encryption.

1

When testing I get the error:

2

Then I change the encryption settings to STARTTLS

3

I test again and again I get the error.

I turn off encryption:

4

After which the testing was successful:

5

Could you tell me please, how to make an SMTP connection with encryption only?

Thank you very much!

Exchange Server
Exchange Server
A family of Microsoft client/server messaging and collaboration software.
1,290 questions
Exchange Server Management
Exchange Server Management
Exchange Server: A family of Microsoft client/server messaging and collaboration software.Management: The act or process of organizing, handling, directing or controlling something.
7,624 questions
Microsoft Exchange
Microsoft Exchange
Microsoft messaging and collaboration software.
532 questions
0 comments No comments
{count} votes

2 answers

Sort by: Most helpful
  1. Kael Yao-MSFT 37,641 Reputation points Microsoft Vendor
    2023-09-27T01:53:19.9066667+00:00

    Hi @Александр Сергеевич,

    What Exchange server and Windows server versions are you running?

    The cause of this error may possibly be the client doesn't support the available TLS protocols on the Exchange server.

    For example, you are running Outlook on Windows 7, which by default only supports TLS 1.0 and TLS 1.1,

    while your Exchange server is running on Windows Server 2019, which by default only supports TLS 1.2.

    Thus the TLS negotiation failed.

    Besides, if the issue occurs after the certificate renew, please make sure the client devices trust this certificate and the root CA (from your former post this certificate seems to be issued by ADCS rather than a commercial certificate issued by a third-party CA).


    If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment". 

    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.


  2. Alexander Sergeevich 20 Reputation points
    2023-10-01T00:10:18.4633333+00:00

    I managed to solve this problem.

    I noticed that the WMSVC-SHA2 certificate has the SMTP service assigned to it. Unfortunately, I haven’t found a good way to disable this service from this certificate. Due to this I had to remove it. Hopefully deleting this certificate will not lead to any critical consequences.

    0 comments No comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.